This article can also be found in the Premium Editorial Download:

A British citizen's UK court action will test the legal right of Microsoft to disclose private data on UK citizens to the US electronic spying organisation, the National Security Agency (NSA).

The case will shine a light on the legality of top secret US court orders which require US technology companies to disclose details of foreign users’ private communications.

Kevin Cahill, a British journalist, has brought the case in the Lord Mayor’s and City of London County Court. The case centres on Cahill's belief that Microsoft breached the security of his email account.

Cahill argues that, by obeying orders that are legally binding only in the United States, Microsoft has contravened British law – the Data Protection Act in particular.

The action follows revelations by former US intelligence contractor and whistleblower, Edward Snowden. Snowden revealed that the NSA had been collecting metadata about email and other communications from Microsoft since 2007, under its controversial Prism interception programme.

The case will raise questions over the jurisdiction of secret orders made by the US Foreign Intelligence Surveillance Court against US technology companies operating in the UK.

The other service providers named in the Snowden documents as contributors to the Prism programme are Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple.

Technology companies shed light on government data requests Earlier this year, Facebook published a Global Government Requests Report that lists the number of requests made by governments for data from the company. In the first six months of this year, the US government made between 11,000 and 12,000 requests to Facebook, covering the records of between 20,000 to 21,000 users. Some 79% of requests – which relate to either criminal or national security matters – were granted. A Facebook web page titled Information for Law Enforcement Authorities states that, for international requests: “We disclose account records solely in accordance with our terms of service and applicable law.” In an official blog post dated 7 June 2013, Google denied having heard of the US Prism surveillance programme until the previous day and appealed for greater transparency. Companies are not permitted under US law to disclose details of requests made by the NSA under the Foreign Intelligence Services Act (FISA). “First, we have not joined any program that would give the U.S. government – or any other government – direct access to our servers,” the website stated. “Second, we provide user data to governments only in accordance with the law.”

Far-reaching consequences Human rights lawyer Geoffrey Robertson QC said the action could have far-reaching consequences for Microsoft and other service providers, if it succeeds. "Microsoft allegedly betrayed its customers by providing their personal information, without their consent, to the NSA," said Robertson. "This would constitute a serious breach of the British Data Protection Act, by an American company putting its allegiance to America above its legal duties to its British customers." Documents leaked by Snowden reveal that Microsoft assisted the NSA to circumvent the encryption on the Outlook.com email portal, including Microsoft’s popular Hotmail service. The company also made it easier for the NSA to monitor its cloud storage service, Skydrive, which has over 250 million users worldwide, and its Skype telephone and video service. A Microsoft spokesman told Computer Weekly: “We have been notified of an action being filed, and will be responding to it in due course. It would be inappropriate to comment further on the details of an active legal case."

Facebook and Google named Cahill is seeking damages of £1,000 under the Data Protection Act. He has requested that the county court order Microsoft to reveal the contents of the orders made under the US Foreign Intelligence Surveillance Act (FISA). He has brought additional actions against Facebook and Google in the UK and their named UK directors. Facebook and Google declined to comment on Cahill's claims brought against them.

Invasion of privacy Robertson said breaches of the Data Protection Act should be treated as seriously as the News of the Worldphone hacking case. "The invasion of privacy, by deliberately declining to obtain a customer’s consent before exposing their personal details to another, deserves to be compensated on the same basis as obtaining personal data by hacking mobile telephones,” Robertson said. John Hemming, MP for Birmingham Yardley and an IT specialist with expertise in cryptography, supports Robertson’s view. “I have looked at this issue in some depth and, notwithstanding the fact that they have avoided the question, I do think it is quite clear that US companies may well have broken UK law, and UK law does take precedence in the UK courts, so that would cost them a lot of money,” he said.

Monitoring foreign citizens In principle, the NSA has greater freedom to monitor the communications of overseas citizens than US citizens. The Foreign Intelligence Surveillance Act (FISA) court ruled that the NSA was required to separate American communications from foreign traffic – or breach the US Constitution’s fourth amendment – in October 2011. The NSA’s Special Source Operations division refunds Microsoft and other data providers’ for complying with Prism surveillance orders. Prism costs the NSA $20 million per year.