Slashdot Mirror
Obama Administration Says the World's Servers Are Ours
An anonymous reader points out this story about the U.S. Justice Department's claim that companies served with valid warrants for data must produce that data even if the data is not stored in the U.S. Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland. In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border. A magistrate judge has already sided with the government's position, ruling in April that "the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information." Microsoft appealed to a federal judge, and the case is set to be heard on July 31.
Microsoft is based in the United States, so there may be some valid argument here that as an American company, Microsoft data regardless of where "in the cloud" it is stored is subject to American legal rulings.
The *real* question is what about companies that do business here but are based in other countries?
If you want news from today, you have to come back tomorrow.
Just claim the data was lost due to a "hard drive crash." I mean, it worked for the IRS, right?
If this holds, US companies will have trouble competing abroad. Information belonging to a US firm's foreign customer company could be seized without possible recourse, unless the customer hires a US counsel.
Will this influence the tax gimmick where the HQ is overseas so the profits don't have to have taxes paid on them?
Why is it the money can evade the government but the data can't?
And the reaction will be that all high tech companies will just leave the USA.
The best the US administration can hope for here is to shatter the US software industry into a thousand small associated companies with strict data sharing agreements to handle overseas data. Worst case they slowly succeed at destroying any ability to run a US business that handles overseas customer information. What is the goal here? There is no way that demanding that kind of access will be sustainable (short of all out secrecy which has obviously failed in this instance.)
A warrant should only mean that someone has been granted a legal right to search for and seize specific property. It should not mean that the owner has any obligation to do anything other than stay out of their way. In particular, if the property is not on the premises (or, as in this case, is entirely out of the court's jurisdiction), there is no reason the owner should feel obligated to say where it is or fetch it. Make them get a warrant for the correct place first—if they can. After all, a warrant is supposed to "particularly [describe] the place to be searched, and the persons or things to be seized."
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
The practical bottom line is that if you want to do business in the USA, you have to comply with US law. If you refuse, your company will be booted out of the US.
The same is true for any country: they can block whatever the heck they want at their border if one doesn't follow their laws.
Now, companies may make a legal plea otherwise, but if it doesn't fly, the door will lock behind them.
Table-ized A.I.
So what happens when a cloud provider (e.g. Microsoft) hosts customer data for a non-US customer? Does the USG actually think that it's laws take precedence over the laws of region of the owner of the data (i.e., Microsoft's non-US customer) and when the actual transactions are happening off US soil?
Of course, perhaps the best solution for companies like Microsoft is to simply spin-off the non-US data sites as separate entities, so they can't be held liable for the US company's actions. Though this is still just regression games.
Make sure everyone's vote counts: Verified Voting
No self-respecting foreign firm with any sort of confidential info is going to do any business with any US cloud or services provider. Throw in the FISA secret rubber stamp machine and who knows what other data siphoning is in place and you may as well just mail copies of everything to any three-letter agency and, most likely, their MIC bedfellows.
America's standing slips by the day. Thank you MIC and the myopic zealots that are part of das Home Security apparatus.
This should do wonders for the emerging cloud economy.
Help stamp out iliturcy.
It is no surprise that US companies would have a problem with their government's policy on this. After the negative publicity surrounding the exposure NSA spying on everyone, US companies risk losing international customers and are living with a more complicated mix of international legislation. The cost of the loss of trust continues to increase. Some countries are legislating that data must not be allowed to leave their country and are imposing legal protections on customer data that would make sharing of that data with third parties illegal.
US companies might find themselves in a position where complying with a warrant for data stored outside of the US has them breaking the laws in the country where the data is stored. Countries that specifically have laws to prevent this type of data sharing are not likely to accept complying with a warrant in another jurisdiction as a reasonable excuse.
Does this mean that the US Gov is fine with those same companies turning over all their data to China if a Chinese official decides he wants it? Wonder what other companies this fun can extend to.
This uncertainty would be a God reason for foreign countries to boycot US IT companies. Most of our confidential data is om servers and storage managed by CSC Danmark. It would be illegal for US to hånd over much og this data to parties outside of the EU, but it could similarly be illegal for CSC to not hånd this same data over to US aithorities, in violation with Danish law. If the US insists that companies operating in Both the US and other countries are bound by US law which trumps the laws og other countries in which they operate, I van only ser this leasing to US companies Being confined to only operating in the U S.
Effectively, though perhaps not in the strict legal definition, the purpose of a corporation is to make a profit.
As we can plainly see from Microsoft's conduct over the years, they will break whatever laws they can get away with to make that profit. This lawsuit isn't about Hotmail users' e-mail messages, this is about illegal or otherwise objectionable behavior that they are trying to shield in other countries.
If you're worried about your e-mail and data stored on Microsoft's servers, then let's not mix that up with a corporation's ability to hide illegal, unethical, or immoral behavior within a more compliant state's physical borders.
i fully agree with the troubling implications that the U.S. can subpoena any information regardless of where it physically resides in the world, but the headline is woefully inaccurate. i thought this was Slashdot, not BuzzFeed. very disappointed here.
The data is stored in the EU and belongs to EU citizens. US law DOES NOT APPLY. It doesn't matter how much a government bureaucrat screams otherwise. Following the law where you do business goes both ways. EU citizens' data stored in the EU is protected by....wait for it.....EU LAWS!
That's not got an agenda behind it at all. what it means to say is US owns data of US companies/citizens even if they hide it outside the USA that seems some what reasonable.
Perhaps the US gov will save money buying one way tickets for their minions trying to access these foreign servers. Snooping on various kinds of information are criminal privacy invasions in some countries and need serious consequences. Something about their previous bad experience with murderous dictators. Hopefully criminals from the US won't get a free pass just because they are US gov employees.
I believe that Microsoft is right to claim the US government doesn't have jurisdiction over data stored outside of the United States. There simply MUST be a clear distinction maintained over where something is located, or country borders don't mean anything. If law enforcement in one country can force the production of evidence located in another country, then it's a free for all and borders have no meaning.
For instance... Lets say that a country (not the USA) has strict privacy laws about data collected and stored digitally and how it can be used. Lets say that they strictly forbid the sharing of specific kinds of data without written consent from the individual the data is about. If Microsoft operates in that country and collects data from it's users and then receives a court order for data from the USA for data stored in the country with strict privacy laws, what is Microsoft to do? Violate the court order and obey the laws under which the data was collected and stored OR violate the laws of another country? If borders mean ANYTHING, Microsoft must obey the local laws of the countries they operate in. So if the data is not here in the USA, the USA cannot force production of the data though the courts.
I understand that this is rife for abuse because it allows the hiding of criminal evidence overseas where it is beyond direct USA reach, but there are processes to obtain such evidence though diplomatic and international law enforcement channels in place. For Civil litigation, there are ways to work though other countries legal systems (albeit inconvenient and expensive ones). So, where I get there are problems, we really cannot just unilaterally decide we have the authority to demand a company produce data held overseas and force them hand over evidence which is not within our borders.
Finally, there is the "How would you feel if somebody did it to you?" test. Let's say the US was where the data was located and some other country was demanding that the data be sent back to them and felt they could enforce their will within the USA.... Would we not feel offended? I dare say we would.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Dear world, I'm sorry for how terribly the Obama administration has treated you. Please realize that all but a small minority of the American people (the legitimate ones) do not stand for these egregious acts. We simply have no channel in this vacuum of power and voice through which to enact change. In short, our hands are tied. Please do not take a sour view of Americans in light of Obama's views. PS. In case you're going to comment me back, with something with respect to Bush, piss off. Obama has had 5 years and he controlled both houses at the beginning of his term. Every problem we face today is because of, or has been made worse by, the Obama administration.
The real issue at hand is the difference between a warrent and a subpoena.
The legal requirements to obtain a warrent are rather trivial and obtaining a warrent is rather easy. But a warrent doesn't extend past the boundaries on the United States. A subpoena on the other hand has far stricter oversight and requirements to obtain. But a subpoena requires the one served to provide the information requested regardless of where in the world that information resides.
What's happening is the government is attempting to get the best of both worlds. The trivial requirements of obtaining a warrent, combined with the expanse of a subpoena. And that frankly is wrong and needs to be stopped.
Imagine the outrage the US Govt would show, if say, China insisted Apple or Google share ALL the information they had stored in the US. Before you dismiss this, think about it... a Chinese Judge (lets say the Chinese equivalent of the SCOTUS) issues a warrant (which would be valid under Chinese law) demanding this...
I'm sure there would be an outrage by POTUS, Congress, and everyone else sticking up their hand.
Yes and no.
The problem is with how much control Microsoft has over Microsoft Ireland. If they exercise exclusive control, it's the same company for most all purposes except taxes. If they allow MS Ireland independent operations, then it is a separate company all the way around.
SO basically, unless MS Ireland can set their own prices, develop and sell their own software, they are likely strictly controlled by MS.
What a nonsense. It is as dumb as trying to claim your dog carried off your homework to Mexico.
When you are obligated by law to produce the required information then this is how it is. If you have placed the information out of reach for you to get it, or only refuse to get it, then it has got a fair chance to turn into an obstruction of justice and you will find yourself in even more trouble. It is you who is the American citizen and who is standing in front of an American court and it is you who will be judged and sentenced by the court. The information however is free to travel or to stay wherever "it" wants. Only you may not like where your own ass will be travelling soon, but you are free to find out the hard way of course.
The only way to fight this is to fight the court order, which binds you to produce the information in the first place. If this has failed then try to go for an appeal or cut your losses. Of course, if you do not have a single decent bone in your body then you can certainly try to claim your homework was abducted by aliens. Who knows? Maybe you make everyone laugh and they will all forgive you for your sins ...
You can do business with Americans. You just have to make sure they come to you (outside the USA). Its done all the time. And if one can set up a foreign entity withot a clear trail of ownership back to the US company, itis legally beyond the reach of the DoJ.
So now all you have to deal with is NSA snooping and possibly a CIA assasination.
Have gnu, will travel.
At most, we'll see a US version of every company with the sole objective of ensuring that the only information available is that of US citizens. That is, assuming anybody cares to do anything at all to protect the information of non-US costumers from US government.
Back on topic, yeah, this doesn't surprise me. And nobody will have the guts to say: "You know what, fuck you. We are out of here". Hell, if I were in their position, I'm not sure I would do that either.
I don't care if I'm wrong. I only care about everyone obtaining something from the discussion.
IIRC, information in the possession, custody, or control of a US party is subject to discovery in a civil suit, regardless of where it is located. The company can provide it or lose the case.
Too bad you didn't have a sufficiently compelling retort.
Requiem for the American Dream
It's actually a bit of a difficult question because of the strange way US corporations have encouraged the law to treat them like people, strange but usually very much to their benefit. It backfires in situations like this.
Suppose this was a Wall Street bank being audited. Suppose they just said "We store our financial records on a server in Ireland. NA NEE NA NEE NOO NOO, YOU CAN"T CATCH ME"
What about foreing servers running Microsoft software, that Microsoft can somewhat control like when deleted Tor from Windows machines? If have the power to (even if done via security updates) retrieve information from remote servers, even not owned by them, should comply with obama administration orders?
Really owning your data is becoming thing of the past, at least for some markets.
It will be interesting to see how the world sees creditability of a US issued "valid" warrant. There was a time when a stateside judicial order meant something. Probably before the time that habeas corpus had no exceptions, probably before the time that temporary exclusions to the bill of rights were waived.
Kinda kills credibility, doesn't it?
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Does someone personally standing in front of an American judge have credentials to copy the data before anybody in Europe knows a thing?
Your credentials should be suspended if you have access to such data and are going to be subject to a foreign court.
In your example; non EU IP addresses could be blacklisted. But that's almost useless against the likes of the US Feds/Chinese/Malaysians etc and liable to screw-over citizens travelling.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
I imagine any country that google or microsoft operate in could compel them to turn over information about any of their users, across the globe?
Microsoft is saying the US has no jurisdiction over "Microsoft Ireland" not "Microsoft US" & technically they are right. It's a completely separate business entity.
You see, to avoid paying high taxes in the US. Microsoft like Apple, Google etc... create parent companies in foreign countries. To which they pay huge sums of revenue in licensing fees to lower or sometimes completely avoid paying any tax in the US. Ireland specifically up until recently was THE cornerstone for this tax scheme. It's also legal in the US btw.
Microsoft doesn't want to open itself up to tax obligations in the future by allow these types of requests.
Watch the documentary "We're Not Broke" on Netflix, about $2.4 trillion in corporate tax avoidance since 2000-2013. They explain this legal scam & Ireland is front and center in implementing it. Taxes are the reason they are fighting this.
It is very important to note that this particular stance is about evidence outside of the United States, not investigations of activities occurring outside the United States. It is routine for a court to compel people and companies to produce evidence related to an investigation. Since these companies have operations in the US, the court has the means to enforce such a compulsion; where the evidence happens to be seems irrelevant to me.
Some people seem to forget that "the cloud" and "cloud storage" are nothing more than marketing buzzwords. What they describe existed long before the terms started being used. The implication that the cloud, an abstract concept, is real and actual physical servers are not, shows a delusional mind at work and a basic failure to understand reality. They were intended to appeal to those that did not understand the existing technology, to make it more accessible and to avoid focus on the implementation.
Sadly, confusing buzzwords or other marketing material with reality is all too common. I've been caught out by company boards that forget that the marketing material will typically cover specific use cases and expect every use case to be just as perfect. The misery of a CEO reading an article and learning a new buzzword is commonly felt by professionals in industries other than IT.
Nope. USA corporations are USA legal persons. Their first obligation is to USA law. Same as Twenga's first obligation is to French law.
...we are losing control of the net. Sure we have most of the world's fiber running through NSA, but eventually other connections will be made.
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
Careful what you wish for. If the administration succeeds you'll quickly see the mass exodus of pretty much the entire tech sector of this country that's capable of leaving.
What will you do now you puny international community?
Microsoft is trying the "you can't hold me responsible for yesterday's shooting because the gun is in my other pants" defense.
The law has _always_ held that if you are before the court, everything relevant to the case is before the court.
If this were not the case then the Tobacco and Asbestos companies could have just said "all those meeting minutes and research records are stored in our warehouse in mexico so ha ha, you all lose." Any company or person, on any issue, could just mail the evidence out of state or out of country and get off scott free.
That just never happened.
Just because the evidence is "on a computer" instead of "printed on paper" doesn't make the "other pants" defense viable.
The court is not reaching across a border. Microsoft is _here_. Microsoft does business _here_. The complaint is _here_, and the court is _here_. The proper legal response to "the other pants" gambit is to tell the guy in his shorts to send someone to go get whatever it is from those pants and bring it back.
Criminals don't just "move" their assets to other countries, they "hide" them because if it can be found it's on the table.
Every court. Every country. Every topic. From the beginning of time.
This is no different.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
This isn't a case of the U.S. reaching across a border. Microsoft is _here_. Microsoft is doing business _here_. The court _here_ is ordering microsoft _here_ do produce documents _here_. Microsoft's claims that the docuements are "in their other pants" (e.g. on a server in Ireland) is immaterial because microsoft is _here_ and _microsoft_ owns those documents.
But what if, under Irish law, that data cannot leave Ireland without Ireland's say-so. Then it becomes a case of the court _here_ is ordering microsoft _here_ do produce documents _that-are-not-here_.
When our name is on the back of your car, we're behind you all the way!
"The *real* question is what about companies that do business here but are based in other countries?"
No, this is not the right question.
It does not matter where you do business or where you are based at. What matters is what your offence or crime is! Meaning, the reason why you are in court.
Depending on what you did can your status have all different kinds of influence on the outcome or none at all.
Of course, you also have to define what you understand by "being based at" and "doing business in". It often will make little difference. For example when you have to pay your taxes then the difference may only make a difference in which taxes you have to pay, but you will have to pay one or the other tax for sure.
I'm going to start linking to this comment. I've been struggling to say exactly this all over this goddamn commentary, but have failed to put it so clearly. You're 100% spot-on.
Then maybe you should do a better job voting. You liberals voted for Obama, and he's now your figurehead, and he flatly disagrees with you; he thinks the government IS entitled to all the irrelevant data it wants. Most other liberal politicians agree with Obama, and they make the laws. Good job.
The DoI is not a legal document, and has zero legal weight. The Southern states tried something like what you suggest and it didn't turn out well for them. I do believe it's possible the US might break apart eventually, but due to the whole "united we stand, divided we fall" mentality plus the principles established by Lincoln concerning secession, the only way it'll happen is when things are SO bad the Federal government is simply powerless to prevent the states from leaving.
Thank goodness we dodged that car elevator guy, and got the smartest, fairest, most "progressive", most open and honest president ever!
Oh, that's right, I forgot. He's not responsible for anything that happens under him.
Orbital data centers. Problem solved. Solves lots of problems, actually, full time solar energy, easier cooling. What a good idea! And it's under no government's jurisdiction.
Microsoft Dublin is an Irish company subject to Irish and EU law not American law.
By this are you edging the US government as a Facist government.
If anyone ever bothered to check the dictionary definition they would have to agree with you. The US has fit the definition of a fascist state for a century now.
This has nothing to do with USA citizens, this is about sovereignty of people and countries that are not USA in the first place. Swiss bank doesn't have to disclose ANYTHING to the USA regime about its account holders in Switzerland. Of-course current oppressive USA regime disagrees, apparently you are on the wrong side of the individual rights on this one as well.
By the way, any sufficiently truthful statement is indistinguishable from 'flamebait'. In other words, TRUTH HURTS, doesn't it?
The truth is not what you think it is. Swiss banks do in fact give up information on the accounts of US citizens to the US government. Its simply a matter of the Swiss banks wanting to continue to do business in the US.
The other poster is correct. Your presence in another country is in fact subject to that country's judicial decrees. If you wish to not comply then you need to remove your presence from the country. This does not nullify the original judicial decree, it merely renders it unenforcible unless your country wishes for it to be enforced.
All Your Base Are Belong to Us?
There may be no "I" in team, but there's also no "F" in way.
And the government's answer is "no, bring us your data or we freeze your assets and hold your US-based management in jail until you produce it."
Then Microsoft is screwed. In the meantime, Microsoft has access to the data and must provide it. They don't get get to pretend their subsidiary is not under their control.
Is that if you do renounce your citizenship, the US gets all spiteful and will blacklist you from coming back.
Obviously you have to evaluate your situation, but just make sure you factor that in. You wouldn't want to say "Ya, don't really need that citizenship anymore," only to find you can't come back and visit family because the government got pissey about it.
Slashdot loves to get inaccurate and inflammatory.
Well most of your liberal buddies voted for him. He certainly wasn't elected by conservatives. Not every single conservative voted for Bush either, but they still collectively bear the blame for his disastrous tenure.
> We really can't tell the difference between Democrats and Republicans.... This sounds so Bush-like...
So you can know the difference on this issue, the Republicans voted to repeal the law. The law generates negative net revenue, costing more to administer and enforce than it brings in. Generally speaking, Republicans are against burdensome taxes, taxes that only cost money and don't increase revenue. That's more of a Democrat thing.
The act was passed in 2010. I'm pretty sure Reagan wasn't president in 2010. In fact, he'd been dead for six years.
http://en.m.wikipedia.org/wiki...
Earlier this year, the Republicans voted to repeal it.
It will take a long time for those that have linked their personal identity to the man to admit this point... but he always has been a fool.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
What if Microsoft kept all its internal emails on servers outside the US. Should the Federal Government not be allow to serve a subpoena? Microsoft could even move it around from country to country effective hiding it from all governments.
I got two threads mixed up. You're right, the Stored Communications Act was indeed sponsored by a Democrat and passed by the Democrat-controlled house in 1986.
They have done so in the past and succeeded.
If a company does business in the USA, they can force them to comply or they will lose their business in the USA. If a company has even a single USA employee, they will force the employee or the employee will lose citizenship and/or risk detainment when entering USA territory. They will even arrest and detain foreign employees of companies not complying if they set foot on USA territory for this.
There are actual companies in the EU that will take great care to not have any USA customers or employees or be dependent on USA vendors for their IT infrastructure just because of this. Plenty of EU organizations and companies have chosen or are legally mandated not to use USA vendors for products and services and to not employ USA citizens because of this. If anything the USA is biting themselves in the ankles with this sort of legislation.
I was promised a flying car. Where is my flying car?
This will enure that software run in governents in the EU will be required NOT to use US cloud providers and only use cloud providers that are active in the EU.
It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border.
Get a clue, you incorporated within the United States! If you don't want to follow US law then move your ass to the other side of the border.
I've seen a lot of pissing and moaning about this already, and it's always "Ooooh, look! The Americans think all the world's servers belong to them!" (Which for some reason I imagine in a British accent...I don't know what that's about.)
I'd really like to know why a sizable portion of the world seems to think a company should be able to do something meriting investigation, and when law enforcement comes in with a valid warrant for their electronic data, go "GUESS WHAT?! THE SERVER'S IN URUGUAY! SUCK DEZE NUTZ!"
It's a bullshit legal dodge. As far as I know, someone in the same situation wouldn't be able to move money to another country to keep it out of the hands of the law (At least not without laundering it, which is in itself a crime), this is just bringing how we handle digital information up to the same standards.
Besides, what does everyone else care? It's American companies that this affects. It just makes data belonging to THOSE companies that resides on servers in other countries accessible to US law enforcement. I seriously doubt the FBI is going to show up at a server farm in Finland and demand to cart away the whole rack. (Though they might try that on US soil.)
Friend: "The NIC is misconfigured..." Me: "No prob, I'll just telnet in and fix it." *Silence*
This a perfect argument for NOT storing the data. ANYWHERE. You're too addicted to it anyway. At least anonymize it as soon as possible, or distill it down to something useless for anything but your intended usage (such as product preferences or ad targeting info). Sure, they'll try to force you to keep it but they can't always and not indefinitely, in any case. Can they really keep you from deleting data that you have once you've no longer any need for it? And without paying for the storage? How can a long-lived company remain economically viable in face of short lived competitors who don't yet have the same data storage requirements? Can they keep grandma from deleting her own old data from her personal hard drive? If not, then how can they legitimately force intermediaries to do it? The real addictive habit that needs to be broken here is the government's insatiable desire to preserve all possible surveillance information, forever. Just because Google offers a free email service shouldn't mean they can just give copies of all your messages to anyone and everyone, or save them forever and risk hackers getting ahold of them. And while you may have signed that right over to Google when you signed up, would you have if you were first told your emails would all be archived for posterity whether you like it or not? Welcome to the US, where you have freedom of speech but everything you say will be recorded and there are no private conversations. In fact, they encourage you to speak freely so that they can get it all down and save it in order to keep track of all you miscreants.
The government is actually right. Without a ruling into this direction, corporations can easily hide any and all data they own from any and all legal consequences.
Firstly, they could simply keep it somewhere with almost no laws and compute it on-demand. Secondly, it is easy to split it up into chunks so that each individual chunk contains no data. Again, re-combine only when needed. Thirdly, in the near future (today it's too computationally expensive) it will be possible to do computations without actually assembling the data. We already know how to do computation with encrypted data without decrypting it (and without knowing its content even during computation).
Irrespective of this particular case, unless we really want to live in a cyperpunk world, there has to be a point where a multinational corporation answers to the law, its guilt or innocence determined in a court, without playing tricks like this.
Assorted stuff I do sometimes: Lemuria.org
They are following the law. You do realize that US law also demands that all employees of US based corporations follow all local laws as well as all US laws, right? This is not Microsoft's data we are talking about, this is data owned by a customer of Microsoft? The law of the locale where the data is physically located says that it cannot be handed out without a local court order. Just like US law says that a safe deposit box in a bank physically located in the US cannot be turned over to a foreign government without a US court issuing a court order demanding it happen. In other words, US law says that the government and the judge are wrong.
How is this about Microsoft and not the EU? The data being asked for is not Microsoft's data anymore than a piece of paper you put in a safe deposit box at your hometown bank is the bank's property.
I have many problems with the EU, especially when they create laws that demand that US companies stop indexing web pages about EU citizens, regardless of where those indexes are stored. I also find it somewhat amusing that we have fellow slashdotters siding with the EU court and against the US court.
This is the worst decision ever in a long time. Cloud services is taking off for real and are the next big boom in computing, and with this decision it becomes impossible to lawfully use American companies services in Europe and most of the rest of the world.
This is not just about American citizens but also any citizen abroad with an account at a US service provider. Anyone litigating in the US can get a warrant like this issued, from any country.
Talk about stabbing your own industry in the back. This is giving the protectionists a free reason to only keep services inside their borders all over the world, in local companies :D
HTTP/1.1 400
Microsoft's corporate data would be an entirely different beast than this. Are there differences between the banks books and correspondence between its officers and the pieces of paper the bank is storing for customers in its vaults (safe deposit boxes)?
Haven't you heard, Obama is an order of magnitude or so higher than God so he may not be included.
yeah, it's trivial.. As an european I can imagine something like that even though I'm quite opposed to it. But if the warant wouldn't be valid, all US companies would store their information abroad and nothing can be searched..
But I can imagine a way around this problem.. For instance, just let an irish person setup a blank corporation which 'owns' the serverpark and rents the servers back to Microsoft. This way the servers aren't owned by the US company and therefore cannot fall under the warrant..
The US court does not care about the rules of another jurisdiction (as they should not) - they will make it quite plain that they still expect the court order to be fulfilled and its up to the party that is subject to the court order to fulfil it. The fact that the party would do something illegal in a foreign jurisdiction is something the court should not have to take into consideration because the party is in the courts jurisdiction.
Its up to the party involved to not put themselves in such a conflicting situation in the first place.
Pray that the data isn't stored in a country that has oil!
if the data is available in the USA then it can be produced for a warrant, regardless of where the data is stored.
There was an unknown error in the submission.
That means that the EU can order all secret services worldwide to hand over all the data they have on the EU and its citizens. Same goes for China etc.
This is not the sig you're looking for.
if it's evidence relating to any "regular" normal crime they should have no trouble asking Dublin coppers for assistance for obtaining it.
if they just "want to look for making sure"(ie spying/fishing).. then they might need a better explanation to the irish than what their own appointed judges need.
such evidence is not beyond reach... basically they don't need these new powers if they intend to play by the old rules.
world was created 5 seconds before this post as it is.
I'm pretty sure this is itself a fallacy. You can't just assume every country operates identically, given the same opportunity. That's just like saying every man would rape a woman given a good opportunity, just because one guy did so.
Iceland hasn't done anything to earn a bad reputation. The US government has.
Well said. The "I'm sure everybody else is just as bad" defence of the USA is annoyingly common on Slashdot, but there are no reasons to expect them to be the same. They differ in how healthy their democracies are (USA has a relatively large distance from the wishes of the individual citizen to the actions of the government (this depends on size of the population, the implementation of democracy and the laws regulating the influence of money)), how much resources they can allocate (if Iceland spent the same fraction of their money on surveilance, they would have about 50 NSA/CIA equivalent employees and store much less than 1% of the world's data for 0.1 years. But there are economics of scale that would lower this further), and how powerful they are internationally (and hence to which degree they can bully other countries into cooperating).
I think the main reason why your data might not be safe in Iceland is that Iceland would bow to pressure from the USA, not that Iceland would covert it itself.
(By the way, EU != Europe. Iceland is not in the EU)
And reincorporate overseas. Thanks, Obama.
If my company has a shoe store in the US.. does that mean that now they can get our emails in , say, France, to do with a house building division based there? Where is the line? And why should they even be authorized to serve warrants for email unless it's an international incident? Where the hell is Interpol in all of this? Sounds heavy handed to me. THey're saying that the minute we send any email to anyone even if it never is written or read by any american thay have access to it.
Will make the nasty regulations go away.
In space no-one can hear your vuvuzela.
With the current situation concerning Privacy Law, being that it is becoming quite complex, what we need is a "Data Extradition Treaty"
If your Courts want some Data which is related to an ongoing investigation, you trundle over the Country that is holding it, and ask for permission to get it.
As long as the local Court has some sort of leverage over a company, they can make that company do their dirty work. The second they lose that leverage, they will have to do it themselves. The thing that the US Gov has to remember is how this could backfire. ITAR guidlines were designed to prevent the spread of military technology, then it was used to give US firms an advantage in foreign sales. Well, that has backfired now, as ITAR un-encumbered weapon systems are growing in popularity. Recently, Canada, a notable ally of the US encouraged the use of non-US systems in order to reduce risk and delays. This DATA situation seems likely to cause similar issues.
In the end, Countries won't really care about complying with US law, especially if the DATA concerned is personal data belonging to that Country's citizens. I see lots of stove-pipe systems cropping up in order to remove the likelihood of having a data-leak to the US justice system.
My 2 cents
This is clearly an attempt to enforce a US based copyright enforcement system worldwide.The bulk of online illicit activity are scams and copyright infringement. There's little the US government could gain from prosecution and extradition of scammers worldwide, but a great deal of revenue is lost due to copyright suits. Kim Dotcom was a heretical precedent case for this scenario. The FATCA tax act is also an attempt to gain control over foreign assets. All in the name of preempting a handful of terrorists?
The US government doesn't need money from the companies... that's what printers are for.
What do you think the US government's response will be when another company, say Ireland, presents a warrant to Microsoft Ireland demanding data that's physically in a Microsoft server located in the continental US?
Where data on the internet is physically stored is almost meaningless. From a practical standpoint it doesn't matter you can access it anywhere in the world. Now its now meaningless legally too.
If it was a Mexican _partner_ you'd be right. If it's a Mexican _subsidiary_ you are wrong.
A "subsidiary" is an owned asset. If you own an asset and it was in Brunei and you are here before the court, the court can order you to surrender that asset because you onw it and you are subject to the law where you are.
I don't have to subpoena you in Brunei if I've got you here.
Your only defense is if Mexican law makes it _illegal_ for you to move or copy the asset. In that case you'd have the "the court cannot require me to break the law" defense, which is not the same as the "it's far away" defense Microsoft is attempting.
For instance, lets say Fidelity (a french company) was required, in French court, to produce my financial records for the purpose of auditing Fidelity for alleged misconduct. And let's say Fidelity didn't want to do so. They could resist the production order under various U.S. laws such as HIPPA if my records incidentally contained medical information.
Likewise, if the E.U. privacy regulations covered some or all of these documents then Microsoft _could_ _have_ argued _that_ against the production order. Same for things like Attourney Client Privilege and any number of other things. I work for a company in the U.S. that is a wholly owned subsidiary of a brittish company. But the brittish crown and court cannot successfully supponea any of our non finincial documents because we do defense work and so U.S. law would prevent the export of that material. But the money stuff is fair game.
So too for paper documents. The "that would be illegal" defense cuts very fine. If the documents were in Afghanistan, and printed on pure marijuana leaf, then you could argue against shipping the original documents here because marijuana is illegal here. But the court could then require you to photocopy or fax the documents here on a more legal paper.
Now people have been talking "warrant" vs "subpoena" and I don't actually know for sure which thing is happening. A demand for surrender (subpoena) is different than a warrant to enter and search. This sounds like a subpoena not a warrant, as a warrant woudln't be served to Microsoft here, it would be processed by the foreign government and would be served _there_ by local law enforcement.
Given all that, "the old paper courts" are no different than the current paper courts. The "on a computer" bit is immaterial.
If Microsoft controls the documents personally, or through an agent, and a "subsidiary" is a kind of agent with lots of legal precident, the documents are fair game unless an actual law in the other jurisdiction says they are not. Paper or not.
The question is one of control not format of storage.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press