Slashdot Mirror
Obama Administration Says the World's Servers Are Ours
An anonymous reader points out this story about the U.S. Justice Department's claim that companies served with valid warrants for data must produce that data even if the data is not stored in the U.S. Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland. In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border. A magistrate judge has already sided with the government's position, ruling in April that "the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information." Microsoft appealed to a federal judge, and the case is set to be heard on July 31.
Microsoft is based in the United States, so there may be some valid argument here that as an American company, Microsoft data regardless of where "in the cloud" it is stored is subject to American legal rulings.
The *real* question is what about companies that do business here but are based in other countries?
If you want news from today, you have to come back tomorrow.
Then expect to obey the laws. Only a corporation with the mindset of a character from a Rand novel would think otherwise.
Just claim the data was lost due to a "hard drive crash." I mean, it worked for the IRS, right?
There are no countries just unruly provinces.
If this holds, US companies will have trouble competing abroad. Information belonging to a US firm's foreign customer company could be seized without possible recourse, unless the customer hires a US counsel.
Will this influence the tax gimmick where the HQ is overseas so the profits don't have to have taxes paid on them?
Why is it the money can evade the government but the data can't?
And the reaction will be that all high tech companies will just leave the USA.
We have all these "multi-national corporations", whatever that's supposed to mean. A corporation exists through the laws that allow it, but those vary from one nation to another. Can it really be said that "Microsoft" is one global entity? If so, then the administration's view is the only one that makes sense to me. If not, then Microsoft Ireland is not the same thing as Microsoft USA, and interactions between the two should be regarded as international interactions between two distinct entities.
Unfortunately, I think both Microsoft and the government will argue either side depending on the situation.
But a fixed legal precedent would be useful to have.
The best the US administration can hope for here is to shatter the US software industry into a thousand small associated companies with strict data sharing agreements to handle overseas data. Worst case they slowly succeed at destroying any ability to run a US business that handles overseas customer information. What is the goal here? There is no way that demanding that kind of access will be sustainable (short of all out secrecy which has obviously failed in this instance.)
Microsoft, Apple, and lots of companies love that there are no laws at the US border. They can accept the flood of illegals to work formerly middle class jobs for below minimum wage. It's perfect. It's just another way to save them money. Flood H-1B and "undocumented" workers into the country. Open borders. Overstay your visas. America needs to become part of the North American Union. Because it worked so well in Europe.
And those emails "hidden" in Ireland are about one thing and one thing only: tax shelters. I'm sure once those companies get on board the "amnesty" bandwagon the government will back off going after their tax havens. The government knows that flooding the country with millions of criminals is the fastest way to create the North American Union. Zuckerberg, Gates, Buffett, and company think we are underpopulated. Of course they hide their money overseas and expect the middle class to pick up the check.
A warrant should only mean that someone has been granted a legal right to search for and seize specific property. It should not mean that the owner has any obligation to do anything other than stay out of their way. In particular, if the property is not on the premises (or, as in this case, is entirely out of the court's jurisdiction), there is no reason the owner should feel obligated to say where it is or fetch it. Make them get a warrant for the correct place first—if they can. After all, a warrant is supposed to "particularly [describe] the place to be searched, and the persons or things to be seized."
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
The practical bottom line is that if you want to do business in the USA, you have to comply with US law. If you refuse, your company will be booted out of the US.
The same is true for any country: they can block whatever the heck they want at their border if one doesn't follow their laws.
Now, companies may make a legal plea otherwise, but if it doesn't fly, the door will lock behind them.
Table-ized A.I.
So what happens when a cloud provider (e.g. Microsoft) hosts customer data for a non-US customer? Does the USG actually think that it's laws take precedence over the laws of region of the owner of the data (i.e., Microsoft's non-US customer) and when the actual transactions are happening off US soil?
Of course, perhaps the best solution for companies like Microsoft is to simply spin-off the non-US data sites as separate entities, so they can't be held liable for the US company's actions. Though this is still just regression games.
Make sure everyone's vote counts: Verified Voting
No self-respecting foreign firm with any sort of confidential info is going to do any business with any US cloud or services provider. Throw in the FISA secret rubber stamp machine and who knows what other data siphoning is in place and you may as well just mail copies of everything to any three-letter agency and, most likely, their MIC bedfellows.
America's standing slips by the day. Thank you MIC and the myopic zealots that are part of das Home Security apparatus.
This should do wonders for the emerging cloud economy.
Help stamp out iliturcy.
It is no surprise that US companies would have a problem with their government's policy on this. After the negative publicity surrounding the exposure NSA spying on everyone, US companies risk losing international customers and are living with a more complicated mix of international legislation. The cost of the loss of trust continues to increase. Some countries are legislating that data must not be allowed to leave their country and are imposing legal protections on customer data that would make sharing of that data with third parties illegal.
US companies might find themselves in a position where complying with a warrant for data stored outside of the US has them breaking the laws in the country where the data is stored. Countries that specifically have laws to prevent this type of data sharing are not likely to accept complying with a warrant in another jurisdiction as a reasonable excuse.
Does this mean that the US Gov is fine with those same companies turning over all their data to China if a Chinese official decides he wants it? Wonder what other companies this fun can extend to.
This uncertainty would be a God reason for foreign countries to boycot US IT companies. Most of our confidential data is om servers and storage managed by CSC Danmark. It would be illegal for US to hånd over much og this data to parties outside of the EU, but it could similarly be illegal for CSC to not hånd this same data over to US aithorities, in violation with Danish law. If the US insists that companies operating in Both the US and other countries are bound by US law which trumps the laws og other countries in which they operate, I van only ser this leasing to US companies Being confined to only operating in the U S.
Microsoft does business in China.
China and the US are both countries and have the same rights.
So by extension China has the right to issue a warrant to Microsoft for all data on their American servers.....to fight terrorism right?
Effectively, though perhaps not in the strict legal definition, the purpose of a corporation is to make a profit.
As we can plainly see from Microsoft's conduct over the years, they will break whatever laws they can get away with to make that profit. This lawsuit isn't about Hotmail users' e-mail messages, this is about illegal or otherwise objectionable behavior that they are trying to shield in other countries.
If you're worried about your e-mail and data stored on Microsoft's servers, then let's not mix that up with a corporation's ability to hide illegal, unethical, or immoral behavior within a more compliant state's physical borders.
If the data truly resides in or is part of a business which resides in another Country, simply refuse and if pressed, threaten to remove all assets and jobs from US soil. You don't like our answer, fine, we'll go play somewhere else and simply sell our product here like other (Chinese) companies do. No problem.
i fully agree with the troubling implications that the U.S. can subpoena any information regardless of where it physically resides in the world, but the headline is woefully inaccurate. i thought this was Slashdot, not BuzzFeed. very disappointed here.
The US gov is burning down everything that can be set on fire. Don't waste resources on putting the fire out. Just run out of there while you can.
That's not got an agenda behind it at all. what it means to say is US owns data of US companies/citizens even if they hide it outside the USA that seems some what reasonable.
Perhaps the US gov will save money buying one way tickets for their minions trying to access these foreign servers. Snooping on various kinds of information are criminal privacy invasions in some countries and need serious consequences. Something about their previous bad experience with murderous dictators. Hopefully criminals from the US won't get a free pass just because they are US gov employees.
for any country that claims to have sovereignty.
Look at what happened with those sites that did the poker online a few years back!
America has more power than you can possibly imagine!
I believe that Microsoft is right to claim the US government doesn't have jurisdiction over data stored outside of the United States. There simply MUST be a clear distinction maintained over where something is located, or country borders don't mean anything. If law enforcement in one country can force the production of evidence located in another country, then it's a free for all and borders have no meaning.
For instance... Lets say that a country (not the USA) has strict privacy laws about data collected and stored digitally and how it can be used. Lets say that they strictly forbid the sharing of specific kinds of data without written consent from the individual the data is about. If Microsoft operates in that country and collects data from it's users and then receives a court order for data from the USA for data stored in the country with strict privacy laws, what is Microsoft to do? Violate the court order and obey the laws under which the data was collected and stored OR violate the laws of another country? If borders mean ANYTHING, Microsoft must obey the local laws of the countries they operate in. So if the data is not here in the USA, the USA cannot force production of the data though the courts.
I understand that this is rife for abuse because it allows the hiding of criminal evidence overseas where it is beyond direct USA reach, but there are processes to obtain such evidence though diplomatic and international law enforcement channels in place. For Civil litigation, there are ways to work though other countries legal systems (albeit inconvenient and expensive ones). So, where I get there are problems, we really cannot just unilaterally decide we have the authority to demand a company produce data held overseas and force them hand over evidence which is not within our borders.
Finally, there is the "How would you feel if somebody did it to you?" test. Let's say the US was where the data was located and some other country was demanding that the data be sent back to them and felt they could enforce their will within the USA.... Would we not feel offended? I dare say we would.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Now that the NSA trying to back door everything is documented fact and not tin-foil hat fodder on late night AM radio every company on the planet that takes their security (note I didn't say your privacy) seriously is going to be double and triple checking everything.
Privacy, constitutional rights, jurisdictions and ethics are annoyances... so the Executive branch is going to save everyone the trouble of Congressional and Judicial oversight and just tell the world how things are supposed to be. (And I'd probably be making this exact same statement regardless of who was in the Oval Office).
Dear world, I'm sorry for how terribly the Obama administration has treated you. Please realize that all but a small minority of the American people (the legitimate ones) do not stand for these egregious acts. We simply have no channel in this vacuum of power and voice through which to enact change. In short, our hands are tied. Please do not take a sour view of Americans in light of Obama's views. PS. In case you're going to comment me back, with something with respect to Bush, piss off. Obama has had 5 years and he controlled both houses at the beginning of his term. Every problem we face today is because of, or has been made worse by, the Obama administration.
How you feeling about your savior now? Could he be more transparent about how much of a cheap street thug he really is?
The real issue at hand is the difference between a warrent and a subpoena.
The legal requirements to obtain a warrent are rather trivial and obtaining a warrent is rather easy. But a warrent doesn't extend past the boundaries on the United States. A subpoena on the other hand has far stricter oversight and requirements to obtain. But a subpoena requires the one served to provide the information requested regardless of where in the world that information resides.
What's happening is the government is attempting to get the best of both worlds. The trivial requirements of obtaining a warrent, combined with the expanse of a subpoena. And that frankly is wrong and needs to be stopped.
Imagine the outrage the US Govt would show, if say, China insisted Apple or Google share ALL the information they had stored in the US. Before you dismiss this, think about it... a Chinese Judge (lets say the Chinese equivalent of the SCOTUS) issues a warrant (which would be valid under Chinese law) demanding this...
I'm sure there would be an outrage by POTUS, Congress, and everyone else sticking up their hand.
What a nonsense. It is as dumb as trying to claim your dog carried off your homework to Mexico.
When you are obligated by law to produce the required information then this is how it is. If you have placed the information out of reach for you to get it, or only refuse to get it, then it has got a fair chance to turn into an obstruction of justice and you will find yourself in even more trouble. It is you who is the American citizen and who is standing in front of an American court and it is you who will be judged and sentenced by the court. The information however is free to travel or to stay wherever "it" wants. Only you may not like where your own ass will be travelling soon, but you are free to find out the hard way of course.
The only way to fight this is to fight the court order, which binds you to produce the information in the first place. If this has failed then try to go for an appeal or cut your losses. Of course, if you do not have a single decent bone in your body then you can certainly try to claim your homework was abducted by aliens. Who knows? Maybe you make everyone laugh and they will all forgive you for your sins ...
At most, we'll see a US version of every company with the sole objective of ensuring that the only information available is that of US citizens. That is, assuming anybody cares to do anything at all to protect the information of non-US costumers from US government.
Back on topic, yeah, this doesn't surprise me. And nobody will have the guts to say: "You know what, fuck you. We are out of here". Hell, if I were in their position, I'm not sure I would do that either.
I don't care if I'm wrong. I only care about everyone obtaining something from the discussion.
IIRC, information in the possession, custody, or control of a US party is subject to discovery in a civil suit, regardless of where it is located. The company can provide it or lose the case.
It's actually a bit of a difficult question because of the strange way US corporations have encouraged the law to treat them like people, strange but usually very much to their benefit. It backfires in situations like this.
Suppose this was a Wall Street bank being audited. Suppose they just said "We store our financial records on a server in Ireland. NA NEE NA NEE NOO NOO, YOU CAN"T CATCH ME"
So, when the USofA actually force this point...then does that mean every other government from around the world can say...OK...hand over you data local office for the servers held in the US?
Of coarse, they'll get rebuffed...and then there'll be a gaping hole that can be filled by any Non-USofA cloud provider who can go and tell the USofA to shove their grubby long arms back in their even (no shallower) pockets.
What about foreing servers running Microsoft software, that Microsoft can somewhat control like when deleted Tor from Windows machines? If have the power to (even if done via security updates) retrieve information from remote servers, even not owned by them, should comply with obama administration orders?
Really owning your data is becoming thing of the past, at least for some markets.
It will be interesting to see how the world sees creditability of a US issued "valid" warrant. There was a time when a stateside judicial order meant something. Probably before the time that habeas corpus had no exceptions, probably before the time that temporary exclusions to the bill of rights were waived.
Kinda kills credibility, doesn't it?
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
I imagine any country that google or microsoft operate in could compel them to turn over information about any of their users, across the globe?
Microsoft is saying the US has no jurisdiction over "Microsoft Ireland" not "Microsoft US" & technically they are right. It's a completely separate business entity.
You see, to avoid paying high taxes in the US. Microsoft like Apple, Google etc... create parent companies in foreign countries. To which they pay huge sums of revenue in licensing fees to lower or sometimes completely avoid paying any tax in the US. Ireland specifically up until recently was THE cornerstone for this tax scheme. It's also legal in the US btw.
Microsoft doesn't want to open itself up to tax obligations in the future by allow these types of requests.
Watch the documentary "We're Not Broke" on Netflix, about $2.4 trillion in corporate tax avoidance since 2000-2013. They explain this legal scam & Ireland is front and center in implementing it. Taxes are the reason they are fighting this.
It is very important to note that this particular stance is about evidence outside of the United States, not investigations of activities occurring outside the United States. It is routine for a court to compel people and companies to produce evidence related to an investigation. Since these companies have operations in the US, the court has the means to enforce such a compulsion; where the evidence happens to be seems irrelevant to me.
Some people seem to forget that "the cloud" and "cloud storage" are nothing more than marketing buzzwords. What they describe existed long before the terms started being used. The implication that the cloud, an abstract concept, is real and actual physical servers are not, shows a delusional mind at work and a basic failure to understand reality. They were intended to appeal to those that did not understand the existing technology, to make it more accessible and to avoid focus on the implementation.
Sadly, confusing buzzwords or other marketing material with reality is all too common. I've been caught out by company boards that forget that the marketing material will typically cover specific use cases and expect every use case to be just as perfect. The misery of a CEO reading an article and learning a new buzzword is commonly felt by professionals in industries other than IT.
This isn't a case of the U.S. reaching across a border. Microsoft is _here_. Microsoft is doing business _here_. The court _here_ is ordering microsoft _here_ do produce documents _here_. Microsoft's claims that the docuements are "in their other pants" (e.g. on a server in Ireland) is immaterial because microsoft is _here_ and _microsoft_ owns those documents.
Now _if_ this were a case where a U.S. Court was ordering a company that was not _here_, say an Irish company that was _there_ in Ierland called Irish Pizza Delivery Co. to cough up emails even though they don't do any business here... that would be a huge over-step. That over-step is because they are _there_, or more correctly _not_ _here_, and the court is _here_.
This is _exactly_ the same reason that the U.S. Tobacco companies and Asbestos companies could not dodge legal responsibility by just shipping their money and internal paperwork to south america as soon as people started coughing.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
...we are losing control of the net. Sure we have most of the world's fiber running through NSA, but eventually other connections will be made.
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
Careful what you wish for. If the administration succeeds you'll quickly see the mass exodus of pretty much the entire tech sector of this country that's capable of leaving.
What will you do now you puny international community?
So long as Obama is perfectly content with US companies operating in, say, China being forced to hand over information stored on US servers, then I see no hypocrisy here.
Of course, if he's not entirely happy with that...
When I play a board game like Monopoly do I have to pay taxes on that also. Do I need an imaginary accountant?
And who do I send the play money to ? I tried to look at the website for the imaginary IRS and Google had a problem, is that my problem ?
My imaginary Dr. and healthcare, paid for by my imaginary wealth, can't find my real world illness.
My real-world of doctor can't find it either. I imagine that one day I will get a disability or job I can handle with my problems.
So I imagine that a better education system, teaching people how to think, not todays (made up PC facts) would lead to better future.
American soldiers walked over a lot of the world's land, Does someone owe back property taxes?
Our judges are as big a dumb azzes as our elected officials !
The world's servers.
Microsoft.
Seems legit
Microsoft is trying the "you can't hold me responsible for yesterday's shooting because the gun is in my other pants" defense.
The law has _always_ held that if you are before the court, everything relevant to the case is before the court.
If this were not the case then the Tobacco and Asbestos companies could have just said "all those meeting minutes and research records are stored in our warehouse in mexico so ha ha, you all lose." Any company or person, on any issue, could just mail the evidence out of state or out of country and get off scott free.
That just never happened.
Just because the evidence is "on a computer" instead of "printed on paper" doesn't make the "other pants" defense viable.
The court is not reaching across a border. Microsoft is _here_. Microsoft does business _here_. The complaint is _here_, and the court is _here_. The proper legal response to "the other pants" gambit is to tell the guy in his shorts to send someone to go get whatever it is from those pants and bring it back.
Criminals don't just "move" their assets to other countries, they "hide" them because if it can be found it's on the table.
Every court. Every country. Every topic. From the beginning of time.
This is no different.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
Say it is so. If you have a presence in the US, then you have to hand over data that is on foreign soil.
I find that fine, as long as tax loop holes also are subject to the same provisions. Maybe congress critters will see the problem.
So basically to be utterly immune to any one country's laws, all you have to do is store your shit in another country. No wonder crime pays so well.
The technicalities of a hundred years ago have become today's trivialities. In the 1800's you could store your incriminating evidence across the ocean and it would take over half a year to go find it, if you could find it at all. Now you can store that same information halfway across the world, and still have it accessible within SECONDS digitally, or a few HOURS physically.
Is the US over reaching its boundaries by trying to reach evidence that clearly connects criminals to cases at home? Absolutely. But then again, this evidence is outside of EVERYONE's reach. An rule of law impotent against the most trivial of technicalities is arguably worse than none at all.
This is Bush's fault. He ordered this to happen and wrote his edict in such a way that it can't be undone. There is nothing Obama can do to undo what the Republicans have done to us.
Why not just Department of Justice, or DOJ? What was the point of singling out Obama?
"The *real* question is what about companies that do business here but are based in other countries?"
No, this is not the right question.
It does not matter where you do business or where you are based at. What matters is what your offence or crime is! Meaning, the reason why you are in court.
Depending on what you did can your status have all different kinds of influence on the outcome or none at all.
Of course, you also have to define what you understand by "being based at" and "doing business in". It often will make little difference. For example when you have to pay your taxes then the difference may only make a difference in which taxes you have to pay, but you will have to pay one or the other tax for sure.
Thank goodness we dodged that car elevator guy, and got the smartest, fairest, most "progressive", most open and honest president ever!
Oh, that's right, I forgot. He's not responsible for anything that happens under him.
Orbital data centers. Problem solved. Solves lots of problems, actually, full time solar energy, easier cooling. What a good idea! And it's under no government's jurisdiction.
Probably not BO or his nigmerc Holder
Microsoft Dublin is an Irish company subject to Irish and EU law not American law.
Will we be able to find Lois Lerner's emails on these foreign servers?
By this are you edging the US government as a Facist government.
It's more like the "You're a Texas policeman, and we're in Nebraska, so you personally can't arrest me here" defense. Sure, the law enforcement of the two states can and should work together to do what's legal, but it still doesn't mean the Texas lawman has legal jurisdiction in Nebraska (or whatever two states you want to make it).
Microsoft's defense should be "Fine, physically go to the data center in country X, serve them the warrant, and if they recognize your jurisdiction to do so, then be our guest. Otherwise you're acting outside your jurisdiction."
I mean put an end to offshoring Jobs, Income and Production.
If anyone ever bothered to check the dictionary definition they would have to agree with you. The US has fit the definition of a fascist state for a century now.
This has nothing to do with USA citizens, this is about sovereignty of people and countries that are not USA in the first place. Swiss bank doesn't have to disclose ANYTHING to the USA regime about its account holders in Switzerland. Of-course current oppressive USA regime disagrees, apparently you are on the wrong side of the individual rights on this one as well.
By the way, any sufficiently truthful statement is indistinguishable from 'flamebait'. In other words, TRUTH HURTS, doesn't it?
The truth is not what you think it is. Swiss banks do in fact give up information on the accounts of US citizens to the US government. Its simply a matter of the Swiss banks wanting to continue to do business in the US.
The other poster is correct. Your presence in another country is in fact subject to that country's judicial decrees. If you wish to not comply then you need to remove your presence from the country. This does not nullify the original judicial decree, it merely renders it unenforcible unless your country wishes for it to be enforced.
All Your Base Are Belong to Us?
There may be no "I" in team, but there's also no "F" in way.
A few minutes after the next President (a real President) is sworn-in to Office, the President will void ALL executive orders issued by Barak "Saddam" Hussein Obama within his first hour in Office.
Problems, including the "Border Crises" will be solved.
Case closed.
You cannot serve warrents to search property in other countries. Simple as that.
A person in one country can certainly be served with a judicial order to turn over something in another country. They can refuse and risk sanctions or they can arrange to have the other country's court issue a judicial order to the counterparts in the other country, who would fulfill such a request, not to turn over something to you. So you complied by asking your counterparts to send something, but your counterparts failed to do so because of a conflicting judicial order in their country. Both judicial orders are valid, the first is just rendered unenforcible in practice. Maybe the conflict now becomes a diplomatic issue.
Servers and data fundamentally don't obey those rules. The internet doesn't live in the real world.
Wait, you just said in the real world warrants to search property in other countries are not valid. By not obeying this "rule" servers and data are searchable in other countries. I don't think you meant that position. :-)
Its rediculous to try and impose real world rules on it. But fun to watch them try.
Actually governments successfully impose their rules. Swiss banks caved to the US and provided info on US citizens. Google caved to China and ceased some operations in China, they could not just ignore Chinese judicial decrees because it conflicted with the laws of their home country.
Is that if you do renounce your citizenship, the US gets all spiteful and will blacklist you from coming back.
Obviously you have to evaluate your situation, but just make sure you factor that in. You wouldn't want to say "Ya, don't really need that citizenship anymore," only to find you can't come back and visit family because the government got pissey about it.
Slashdot loves to get inaccurate and inflammatory.
...then the IRS should be able to find all of those missing emails.
All Your Server Are Belong To Us
Makes for some interesting thoughts about power. The government doesn't give a rip if some rich boy wants to 'hide' some money overseas. If they want your money, they can take your damn money. Start trying to communicate in private though? Apparently that's worth worrying about.
> We really can't tell the difference between Democrats and Republicans.... This sounds so Bush-like...
So you can know the difference on this issue, the Republicans voted to repeal the law. The law generates negative net revenue, costing more to administer and enforce than it brings in. Generally speaking, Republicans are against burdensome taxes, taxes that only cost money and don't increase revenue. That's more of a Democrat thing.
The act was passed in 2010. I'm pretty sure Reagan wasn't president in 2010. In fact, he'd been dead for six years.
http://en.m.wikipedia.org/wiki...
Earlier this year, the Republicans voted to repeal it.
It will take a long time for those that have linked their personal identity to the man to admit this point... but he always has been a fool.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
What if Microsoft kept all its internal emails on servers outside the US. Should the Federal Government not be allow to serve a subpoena? Microsoft could even move it around from country to country effective hiding it from all governments.
I got two threads mixed up. You're right, the Stored Communications Act was indeed sponsored by a Democrat and passed by the Democrat-controlled house in 1986.
They have done so in the past and succeeded.
If a company does business in the USA, they can force them to comply or they will lose their business in the USA. If a company has even a single USA employee, they will force the employee or the employee will lose citizenship and/or risk detainment when entering USA territory. They will even arrest and detain foreign employees of companies not complying if they set foot on USA territory for this.
There are actual companies in the EU that will take great care to not have any USA customers or employees or be dependent on USA vendors for their IT infrastructure just because of this. Plenty of EU organizations and companies have chosen or are legally mandated not to use USA vendors for products and services and to not employ USA citizens because of this. If anything the USA is biting themselves in the ankles with this sort of legislation.
I was promised a flying car. Where is my flying car?
Stored overseas. Duh.
Microsoft is barred from exposing EU citizen's data to anyone, up to and including God himself, this also includes Obama and his fascist treasonous thugs in the Attorney General's office.
It's not Microsoft's data to give, it belongs to an EU citizen, end of story.
They have to submit a request to the European courts and wait for them to give the okay.
End of Line
This will enure that software run in governents in the EU will be required NOT to use US cloud providers and only use cloud providers that are active in the EU.
If it was data about a U.S. citizen that is one thing.
When it's data about a foreign national, and the data resides on servers in a foreign country, then attempting to pull the data back to the United States breaks European Union laws about citizen's data crossing the boundaries of the countries, and Microsoft would lose all of their assets.
It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border.
Get a clue, you incorporated within the United States! If you don't want to follow US law then move your ass to the other side of the border.
RTFA
"The senior counsel for the Irish Supreme Court wrote in a recent filing that a US-Ireland "Mutual Legal Assistance Treaty" was the "efficient" avenue for the US government to obtain the e-mail held on Microsoft's external servers." "
But the US guberment does not like treaties "US should seek cooperation with foreign nations via treaties, a position the US said is not practical."
I've seen a lot of pissing and moaning about this already, and it's always "Ooooh, look! The Americans think all the world's servers belong to them!" (Which for some reason I imagine in a British accent...I don't know what that's about.)
I'd really like to know why a sizable portion of the world seems to think a company should be able to do something meriting investigation, and when law enforcement comes in with a valid warrant for their electronic data, go "GUESS WHAT?! THE SERVER'S IN URUGUAY! SUCK DEZE NUTZ!"
It's a bullshit legal dodge. As far as I know, someone in the same situation wouldn't be able to move money to another country to keep it out of the hands of the law (At least not without laundering it, which is in itself a crime), this is just bringing how we handle digital information up to the same standards.
Besides, what does everyone else care? It's American companies that this affects. It just makes data belonging to THOSE companies that resides on servers in other countries accessible to US law enforcement. I seriously doubt the FBI is going to show up at a server farm in Finland and demand to cart away the whole rack. (Though they might try that on US soil.)
Friend: "The NIC is misconfigured..." Me: "No prob, I'll just telnet in and fix it." *Silence*
This will go all the way up.
The answer is simple - DON'T USE MICROSOFT PRODUCTS OR ANY "CLOUD" STUFF FROM MICROSOFT!!!!
Also - don't use any Google or Apple Store or mail. Just go back to local storage and local mail servers and be safe again!
Lucky enough there are alternatives, and everyone (especially company's not operating on American soil) are strongly encouraged to switch to those alternatives.
I work for a EU it consulting and hosting company. This stuff has been getting us more and more business over the last months.
We get EU customers that in particular *do not want* to do business with US cloud/hosting companies and want their data to stay in their own country.
Because nobody can tell what the US can order some US based/related company do with their custormers data it becomes a risc for perfectly legit companies over here. Some of our business partners want or have to uphold strong privacy guarantees for their customers that are not possible anymore if they do business with US companies. So thanks for fucking up your business !
The US government laws end at the border. FULL STOP! They don't have jurisdiction in any other country. They might have bilateral treaties, and that might get extra reach, provided reach is granted others (and half a heartbeat after reciprocity is lost by one side, its lost all around). US jurisdiction stops at the border. There is no negotiation.
This a perfect argument for NOT storing the data. ANYWHERE. You're too addicted to it anyway. At least anonymize it as soon as possible, or distill it down to something useless for anything but your intended usage (such as product preferences or ad targeting info). Sure, they'll try to force you to keep it but they can't always and not indefinitely, in any case. Can they really keep you from deleting data that you have once you've no longer any need for it? And without paying for the storage? How can a long-lived company remain economically viable in face of short lived competitors who don't yet have the same data storage requirements? Can they keep grandma from deleting her own old data from her personal hard drive? If not, then how can they legitimately force intermediaries to do it? The real addictive habit that needs to be broken here is the government's insatiable desire to preserve all possible surveillance information, forever. Just because Google offers a free email service shouldn't mean they can just give copies of all your messages to anyone and everyone, or save them forever and risk hackers getting ahold of them. And while you may have signed that right over to Google when you signed up, would you have if you were first told your emails would all be archived for posterity whether you like it or not? Welcome to the US, where you have freedom of speech but everything you say will be recorded and there are no private conversations. In fact, they encourage you to speak freely so that they can get it all down and save it in order to keep track of all you miscreants.
The government is actually right. Without a ruling into this direction, corporations can easily hide any and all data they own from any and all legal consequences.
Firstly, they could simply keep it somewhere with almost no laws and compute it on-demand. Secondly, it is easy to split it up into chunks so that each individual chunk contains no data. Again, re-combine only when needed. Thirdly, in the near future (today it's too computationally expensive) it will be possible to do computations without actually assembling the data. We already know how to do computation with encrypted data without decrypting it (and without knowing its content even during computation).
Irrespective of this particular case, unless we really want to live in a cyperpunk world, there has to be a point where a multinational corporation answers to the law, its guilt or innocence determined in a court, without playing tricks like this.
Assorted stuff I do sometimes: Lemuria.org
The real question is: How will the US government enforce this decision? They can't send the FBI to another country to kick the doors down. I doubt another country will do it for them like the 'DotCom NZ' case. So will the FBI extradite any employee who obeys local laws? Theoretically that will put a lot of foreigners in US jails, since extradition treaties are unilateral. But it still won't get them data.
Or will Microsoft sack any CEO who refuses to break local laws? Or will the local subsidiary hand the CEO title to some bum off the street before the police arrive?
The 'Corporation as a person' rule makes it difficult to throw a real person in jail, let alone a law-abiding person in another country. The FBI/NSA/CIA and even the IR$ don't want to lose the global monopoly that Microsoft provides. So when Microsoft aided by foreign governments, digs their heels in, the DOJ and white house will be left pissing in their shoes.
"United States Administration"...
This is the worst decision ever in a long time. Cloud services is taking off for real and are the next big boom in computing, and with this decision it becomes impossible to lawfully use American companies services in Europe and most of the rest of the world.
This is not just about American citizens but also any citizen abroad with an account at a US service provider. Anyone litigating in the US can get a warrant like this issued, from any country.
Talk about stabbing your own industry in the back. This is giving the protectionists a free reason to only keep services inside their borders all over the world, in local companies :D
HTTP/1.1 400
>I believe that Microsoft is right to claim the US government doesn't have jurisdiction over data stored outside of the United States. There simply MUST be a clear distinction maintained over where something is located, or country borders don't mean anything.
The US government's position is that they have jurisdiction over everything within Earth's gravity well, up to and including the moon.
If you see that European banks get fined big time for doing business with Iran, while also doing business in America, than I guess there is your answer.
If it counts for these kind of things, it will count for data as well. The US thinks they do rule the world...
Microsoft's corporate data would be an entirely different beast than this. Are there differences between the banks books and correspondence between its officers and the pieces of paper the bank is storing for customers in its vaults (safe deposit boxes)?
yeah, it's trivial.. As an european I can imagine something like that even though I'm quite opposed to it. But if the warant wouldn't be valid, all US companies would store their information abroad and nothing can be searched..
But I can imagine a way around this problem.. For instance, just let an irish person setup a blank corporation which 'owns' the serverpark and rents the servers back to Microsoft. This way the servers aren't owned by the US company and therefore cannot fall under the warrant..
Pray that the data isn't stored in a country that has oil!
if the data is available in the USA then it can be produced for a warrant, regardless of where the data is stored.
There was an unknown error in the submission.
That means that the EU can order all secret services worldwide to hand over all the data they have on the EU and its citizens. Same goes for China etc.
This is not the sig you're looking for.
Yeah, so first they do it for servers, next for financial speculation, right? Hahahahahaha... sniff, sniff...
I'm pretty sure this is itself a fallacy. You can't just assume every country operates identically, given the same opportunity. That's just like saying every man would rape a woman given a good opportunity, just because one guy did so.
Iceland hasn't done anything to earn a bad reputation. The US government has.
Well said. The "I'm sure everybody else is just as bad" defence of the USA is annoyingly common on Slashdot, but there are no reasons to expect them to be the same. They differ in how healthy their democracies are (USA has a relatively large distance from the wishes of the individual citizen to the actions of the government (this depends on size of the population, the implementation of democracy and the laws regulating the influence of money)), how much resources they can allocate (if Iceland spent the same fraction of their money on surveilance, they would have about 50 NSA/CIA equivalent employees and store much less than 1% of the world's data for 0.1 years. But there are economics of scale that would lower this further), and how powerful they are internationally (and hence to which degree they can bully other countries into cooperating).
I think the main reason why your data might not be safe in Iceland is that Iceland would bow to pressure from the USA, not that Iceland would covert it itself.
(By the way, EU != Europe. Iceland is not in the EU)
If US laws were suddenly to start applying in my country, I'd be furious. Most Europeans don't want a totalitarian Stasi state here, thank you very much.
US laws certainly do not apply elsewhere. If the US junta wants to search and seize information in other countries, they will most certainly have to comply with the law there. Handing over information from Europe would be a breach of European law. If the US regime enforces such laws, companies will have no choice but to leave US jurisdiction, since they will otherwise not be able to operate legally in countries that are not ruled by the US empire.
And reincorporate overseas. Thanks, Obama.
"The cloud", just went up in smoke.
Amazing that the Obama administration and Juctice Department can make a claim like this, then they can't even find the balls to go after the IRS for intentionally deleting information and destroying equipment to hide corruption. If I was CEO of a coropration, I would tell the Justice Departement "as soon as you recover Ms. Lerner's emails, come see me for mine".
Microsoft has control over the data in question. The USA has jurisdiction over Microsoft.
If you sue Microsoft in your state (let's say Mississippi), should Microsoft be able to ignore discovery orders for evidence held on servers in California? If you sue them in California, should they be able to withhold documents that are stored on a server in Wisconsin?
They serve you papers, you say the data is not here.
They put you in jail for contempt of court. You wait until the data shows up.
Unless you are a member of the Obama admin or work for the IRS.
Then you just say the computer broke and the data is gone.
"My PCs hard drive crashed." - problem solved, IRS precedent.
Two consequences follow:
A: Companies will ensure that their headquarters are outside the US
B: Companies will cease to do business with the US
Maybe not today, but the trend begins about now, and will continue so long as US law continues to be capricious and arbitrary.
all your servers are belong to us
If my company has a shoe store in the US.. does that mean that now they can get our emails in , say, France, to do with a house building division based there? Where is the line? And why should they even be authorized to serve warrants for email unless it's an international incident? Where the hell is Interpol in all of this? Sounds heavy handed to me. THey're saying that the minute we send any email to anyone even if it never is written or read by any american thay have access to it.
Companies will simply always store data for a country in another country. Voila. Warrents no long work for data. Where the data comes from should matter more than where it is stored.
Will make the nasty regulations go away.
In space no-one can hear your vuvuzela.
Within the past year, I've been subpoenaed indirectly through wordpress.com, by a court in uk. The data was stored in california. Subpoena was rejected three times. data still protected to this day. The long and short of the story is the laws and legal procedures of the land where the data is stored trumphs any other.
All your servers are belong to us!
...are belong to U.S.?
With the current situation concerning Privacy Law, being that it is becoming quite complex, what we need is a "Data Extradition Treaty"
If your Courts want some Data which is related to an ongoing investigation, you trundle over the Country that is holding it, and ask for permission to get it.
As long as the local Court has some sort of leverage over a company, they can make that company do their dirty work. The second they lose that leverage, they will have to do it themselves. The thing that the US Gov has to remember is how this could backfire. ITAR guidlines were designed to prevent the spread of military technology, then it was used to give US firms an advantage in foreign sales. Well, that has backfired now, as ITAR un-encumbered weapon systems are growing in popularity. Recently, Canada, a notable ally of the US encouraged the use of non-US systems in order to reduce risk and delays. This DATA situation seems likely to cause similar issues.
In the end, Countries won't really care about complying with US law, especially if the DATA concerned is personal data belonging to that Country's citizens. I see lots of stove-pipe systems cropping up in order to remove the likelihood of having a data-leak to the US justice system.
My 2 cents
This is clearly an attempt to enforce a US based copyright enforcement system worldwide.The bulk of online illicit activity are scams and copyright infringement. There's little the US government could gain from prosecution and extradition of scammers worldwide, but a great deal of revenue is lost due to copyright suits. Kim Dotcom was a heretical precedent case for this scenario. The FATCA tax act is also an attempt to gain control over foreign assets. All in the name of preempting a handful of terrorists?
This is a HUGE deal. Bigger than Snowden..
If this is enforced, it will force large corporate entities to dump all ties to online services. Google , Apple, Microsoft, and all the small start ups like DropBox will be devastated.
I have experience with being on boards for largish corporate companies, more as a necessity to look after my interests, not because I want to..
And one of the main lessons I have learnt is that company boards are all about mitigating risk. They don't really care how much it costs, its not their money. They just want to make sure they keep their big pay check and cannot be implicated in any unethical or illegal behaviour.
As such, if this did hold up, there would be a rush to abandon outsourced services on the internet, they would all have to be taken in house to ensure legal requirements.
This in some way would be good, and to a degree I hope it happens, as it would be a boom for (non US) local IT industry as companies, who have been firing all there IT staff over the last 10 years and going to outsourced services, would have to hire them all again and set up their own IT services. Would also be a boom for LINUX and open source as many companies would look to those resources to replace the current ones they are using now.
The US is no longer a bastion of moral leadership, one, especially non US, would say its completely the opposite. Large corporates are not worried about the US currently its a huge mess of encrypted data that evidently the NSA copes from them, but when it comes to legal liabilities, its a very different story.
Can you imagine, if this did happen, and the US companies had to set up local subsidiaries in every country to get around this... Imagine the Tax ramifications and how it would no longer be very easy to do all those TAX minimisations tricks.
I simply cannot see this happen, as in the US, the $ is the law.. I expect a whisper in the ear of the judge soon to make him change his mind..
But in many ways, I think it would be better for the world if this was enforced and set a precedent.
The conclusion should be that hosting your data with an US based company is risky and you should move to something national to protect your privacy. Also USA can't make a law for another country and if the company is operating in another jurisdiction should be penalized for violating local laws or leave. This is only gonna hurt US companies but then it could end up being good for the rest of the world as some development will shift in favor of national technological clones.
The US government doesn't need money from the companies... that's what printers are for.
What do you think the US government's response will be when another company, say Ireland, presents a warrant to Microsoft Ireland demanding data that's physically in a Microsoft server located in the continental US?
Where data on the internet is physically stored is almost meaningless. From a practical standpoint it doesn't matter you can access it anywhere in the world. Now its now meaningless legally too.
If it was a Mexican _partner_ you'd be right. If it's a Mexican _subsidiary_ you are wrong.
A "subsidiary" is an owned asset. If you own an asset and it was in Brunei and you are here before the court, the court can order you to surrender that asset because you onw it and you are subject to the law where you are.
I don't have to subpoena you in Brunei if I've got you here.
Your only defense is if Mexican law makes it _illegal_ for you to move or copy the asset. In that case you'd have the "the court cannot require me to break the law" defense, which is not the same as the "it's far away" defense Microsoft is attempting.
For instance, lets say Fidelity (a french company) was required, in French court, to produce my financial records for the purpose of auditing Fidelity for alleged misconduct. And let's say Fidelity didn't want to do so. They could resist the production order under various U.S. laws such as HIPPA if my records incidentally contained medical information.
Likewise, if the E.U. privacy regulations covered some or all of these documents then Microsoft _could_ _have_ argued _that_ against the production order. Same for things like Attourney Client Privilege and any number of other things. I work for a company in the U.S. that is a wholly owned subsidiary of a brittish company. But the brittish crown and court cannot successfully supponea any of our non finincial documents because we do defense work and so U.S. law would prevent the export of that material. But the money stuff is fair game.
So too for paper documents. The "that would be illegal" defense cuts very fine. If the documents were in Afghanistan, and printed on pure marijuana leaf, then you could argue against shipping the original documents here because marijuana is illegal here. But the court could then require you to photocopy or fax the documents here on a more legal paper.
Now people have been talking "warrant" vs "subpoena" and I don't actually know for sure which thing is happening. A demand for surrender (subpoena) is different than a warrant to enter and search. This sounds like a subpoena not a warrant, as a warrant woudln't be served to Microsoft here, it would be processed by the foreign government and would be served _there_ by local law enforcement.
Given all that, "the old paper courts" are no different than the current paper courts. The "on a computer" bit is immaterial.
If Microsoft controls the documents personally, or through an agent, and a "subsidiary" is a kind of agent with lots of legal precident, the documents are fair game unless an actual law in the other jurisdiction says they are not. Paper or not.
The question is one of control not format of storage.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press