Obama Administration Says the World's Servers Are Ours

An anonymous reader points out this story about the U.S. Justice Department's claim that companies served with valid warrants for data must produce that data even if the data is not stored in the U.S. Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland. In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border. A magistrate judge has already sided with the government's position, ruling in April that "the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information." Microsoft appealed to a federal judge, and the case is set to be heard on July 31.

Maybe, maybe not.

[Frosty+Piss]

Microsoft is based in the United States, so there may be some valid argument here that as an American company, Microsoft data regardless of where "in the cloud" it is stored is subject to American legal rulings.

The *real* question is what about companies that do business here but are based in other countries?

Re: Maybe, maybe not.

[mSparks43]

Someone pointed out that governments don't really matter anymore.

Doesn't matter how true it is. They are gonna bitch scream and stamp their feet till mommy buys them what they want.

Re: Maybe, maybe not.

[arbiter1]

Well any country you do business in you technically are subject to the laws of that country so even if they are based in china but operate a regional HQ or even a small mom and pops size store you pretty much subject to same thing. They can't go and take said servers but they can serve a warrant and make the company turn over the data.

Re:Maybe, maybe not.

[roman_mir]

The *real* question is what about companies that do business here but are based in other countries?

- what do you mean it is a 'question'? We already know the answer to this. If a business has any presence on USA soil, the oppressive dictatorial USA government feels that it has full authority to demand all information from that business about its customers and their transactions.

Re:Maybe, maybe not.

[Anonymous+Psychopath]

Microsoft is based in the United States, so there may be some valid argument here that as an American company, Microsoft data regardless of where "in the cloud" it is stored is subject to American legal rulings.

The *real* question is what about companies that do business here but are based in other countries?

There must be precedents or applicable laws for physical analogies. If a company operating in the US happens to store physical records somewhere outside the US, and those records are pertinent to the case, would those not be covered by a US subpoena? If the company has access to them and the ability to procure them, what does the physical location of the records or their headquarters matter?

Re:Maybe, maybe not.

[roman_mir]

Oh, and by the way it is not only just foreign businesses that operate on USA soil that are forced to comply with nonsensical USA demands, the foreign governments are giving in whenever presented with any demand really. USA is way out of line on all of its oppressive tactics, it will not end well.

Re: Maybe, maybe not.

[mSparks43]

You cannot serve warrents to search property in other countries.

Simple as that.

Servers and data fundamentally don't obey those rules.

The internet doesn't live in the real world. Its rediculous to try and impose real world rules on it.

But fun to watch them try.

Re:Maybe, maybe not.

[Grishnakh]

This is the case for any normal country, as well it should be. I can't believe I'm defending Obama on something, but they're right on this one: if a country's legal system has a valid case for something, and issues a court order ordering you to turn something over, you can't just avoid a court order by saying "it's in my summer home in another country!". If you refuse, they can hold you in contempt of court until you decide to produce it. Maybe the other country can't be compelled to give it up, but you're in this country, and they can keep you in jail as long as they want.

Re:Maybe, maybe not.

[bloodhawk]

The huge MASSIVE problem with that position is that many other countries have VERY specific laws about data, especially privacy data leaving the borders. This puts international companies in a hugely awkward position where they must break one law or the other, either of which potentially could result in huge fines or Jail time. The US doesn't get to determine what other countries laws are and they definitely do not get to override them.

Re: Maybe, maybe not.

Exactly. Hiding data offshore is no different than hiding funds offshore. That said, the governments rights to the data need to be examined in the first place, but if a company is legally bound to produce it, the location it's held in legally shouldn't make any difference.

Re:Maybe, maybe not.

[roman_mir]

This has nothing to do with USA citizens, this is about sovereignty of people and countries that are not USA in the first place. Swiss bank doesn't have to disclose ANYTHING to the USA regime about its account holders in Switzerland. Of-course current oppressive USA regime disagrees, apparently you are on the wrong side of the individual rights on this one as well.

By the way, any sufficiently truthful statement is indistinguishable from 'flamebait'. In other words, TRUTH HURTS, doesn't it?

Re:Maybe, maybe not.

I expect that the reverse is also true, that if I conduct business overseas that I am also subject to the laws of countries whose policies I do not agree with.

the problem is the US government does not believe that is true at all. For instance other countries have laws that make it illegal for privacy data to be sent out of the country without the users express consent, these US laws are therefore a breach of laws in other countries.

Re:Maybe, maybe not.

[bloodhawk]

there is a LOT to see here, this is definitely not a non-issue. This inherently makes US companies a danger to do business with many countries for hosting/cloud services where many countries have laws and/or industries with regulatory requirements that demand data cannot be taken out of the country. This ruling if upheld will make US companies like Amazon, MS, Apple, Google et al a no go when it comes to hosting, the financial ramifications are rather massive.

Re: Maybe, maybe not.

[craigminah]

If this does hold up, and Microsoft releases the data stored in another country (which is ludicrous), then how long will it take for every other country in the world to buy equipment from a non-American or solely domestic company? This may backfire...like most of our administration's policies...

Re: Maybe, maybe not.

[fustakrakich]

The internet doesn't live in the real world.

You mean there are no servers and cables? Everything is just... there?

Re:Maybe, maybe not.

[Grishnakh]

Swiss bank doesn't have to disclose ANYTHING to the USA regime about its account holders in Switzerland.

No, but when the US courts find that you, a US citizen living in the US, have monies in a foreign bank account (thanks to documents they seized by court order) which they've proven are stolen or need to be taxed or whatever, "it's not in the country" is not an excuse. You either come up with the money, or you sit in jail forever in contempt of court. You can't just hide property in a foreign country and avoid legal consequences.

Re:Maybe, maybe not.

[graphius]

This deserves mod points. This is one reason many companies are leery of storing private data in the cloud (among other reasons)

Re:Maybe, maybe not.

[roman_mir]

Again, the foreign companies are not USA citizens and foreign companies are not subject to USA law on their own land. However if you are an American then you are a SECOND CLASS CITIZEN today (or lower) because foreign banks that have any presence in the USA whatsoever DENY your request to open a bank account :)

If you think this is normal and that is how all countries operate, think again. When you are in Switzerland if you are from India or from China or from Russia or from Germany or from UK or from Brazil or from Uganda you are not going to be prevented from opening a bank account. However if you are from good old US of A you will not be able to open a bank account if you do not have another passport, that's what it is like today to be an American. USA government turned USA citizens into persona non grata for foreign businesses.

By the way, USA is the only of 2 or 3 countries in the world that tax 'world income', as in even if you are not a resident in the country, you are forced to file income taxes every year and above certain income you are forced to pay USA related income taxes :) Great success building that 'independence' and 'freedom'. USA was created to escape this type of persecution, now it is one of the worst offenders against human rights in the world and when I say human rights I am talking about the right to be an individual, the right to self determination, the right not to be a slave to a collective.

By the way, there is 0% wrong with having foreign bank accounts all over the world. AFAIC in today's society everybody needs to have more than one passport and many many many bank accounts and business investments around the world not tied to their country of residence. Of-course you don't have to do it, but then you are owned, aren't you?

Re: Maybe, maybe not.

[HornWumpus]

The problem is more basic. As a practical matter: If a company has any staff with credentials to access the data in the USA, the data is subject to American legal action. The companies IT efforts have made the data available in the jurisdiction.

Getting the subpoena to a person with credentials is problematic for the cops. That could be lawyered around I suppose. Serve the company, which includes management, who presumably know who has access.

Technical fix: Have overseas headquarters operations revoke access. Don't be the dude with a subpoena in one hand and revoked access in the other. Don't be legally based in the USA.

Re: Maybe, maybe not.

[Luckyo]

This gets more warped. It would likely be illlegal to produce certain data on EU citizens like this according to EU privacy directive. Company would be forced to choose to either follow US law or EU law, as these would be at odds with one another.

I can see policy like this bringing current globalization trend to a screeching halt as companies would split to have daughter companies incorporated and operating only in certain countries to shield them against this kind of abuse.

Re: Maybe, maybe not.

[jbolden]

You cannot serve warrents to search property in other countries.

Yes you can. If Microsoft stole an antique and shipped it to China, and then was ordered to produce it they couldn't say "well its in China so we don't have produce it".

Re:Maybe, maybe not.

[physicsphairy]

if a country's legal system has a valid case for something, and issues a court order ordering you to turn something over, you can't just avoid a court order by saying "it's in my summer home in another country!"

That's fine. I'm perfectly okay with saying Microsoft has to produce all of their financial information, legal analysis, etc., when required, no matter where it is stored, as a provision of being legally incorporated in the United States.

Where this gets pernicious is that the data they are being required to present is *not* their data. They are a third party holding the data on someone else's behalf. Note the courts specifically say that this would not be okay if it was a physical document, their reasoning for being allowed to subpoena an electronic document is essentially that it's trivial for them to get away with it.

From the article:

The e-mail the US authorities are seeking from Microsoft concerns a drug-trafficking investigation. Microsoft often stores e-mail on servers closest to the account holder.

So presumably this data belongs to someone in Ireland. It's data which was created in Ireland. It may be data which has never left Ireland. But because they made the mistake of dealing with a US company, the data of an Irish citizen sitting in a room in Ireland where Irish law prevails is now being exported to America without Irish courts having any say in the matter.

Re:Maybe, maybe not.

[Curunir_wolf]

You don't understaaaaaaand! We signed away our Constitutional rights because the Republicans promised this would only be used against drug lords and pedophiles! It's not fair!

But, they claim that's what they're doing:

US says global reach needed to gut "fraudsters," "hackers," and "drug dealers."

... so they need access to your hotmail account. You'll feel safer then, won't you?

Re: Maybe, maybe not.

Its worse than that, much like the NSA's over reach scaring off other countries from American tech products, this kind of ruling encourages multinationals to never set up business in the USA. The USA is a big market worth a lot of money, but if they keep piling up reasons why a multinational would want to stay the hell away, eventually companies will stop bothering.

Re: Maybe, maybe not.

[HornWumpus]

It's all sorts of things. But only people outside the jurisdiction of the courts are obstructing American justice. Where it's called 'being in compliance with local data privacy laws'.

Did the subpoena prevent you from informing your foreign employer of what was happening? More practically did it prevent corporate legal from informing their foreign bosses. What if the data is protected by their data privacy laws? What if you don't 'know that for sure'. What if your local lawyer 'was certainly unaware of that' (once made aware, he will be dirty and have to move on.)

Re: Maybe, maybe not.

[Vitriol+Angst]

On the other hand, we have corporations playing the same "tricks" with finance. They show little profits in countries with taxes and shockingly, pay extra for some service or other and reap loads of profits in Dublin Ireland or some other tax haven.

If someone has an email in the USA and it ends up on an offshore server, I think it's no different than a dollar that ends up in an offshore account; it's province is in the USA regardless of digital shenanigans.

Now the DEBATABLE point is if the USA government security state should have the right to any and all data - and I'd say such a position does NOT serve the greater good.

But let's separate this nonsense of moving a digit offshore from what actually affects our lives. Our robber barons are living offshore and hiding their ill gotten gains -- and that means nothing to the people that they effect.

Re:Maybe, maybe not.

[physicsphairy]

If the company has access to them and the ability to procure them, what does the physical location of the records or their headquarters matter?

Because they are storing someone else's data. That someone else (and their locally stored property) should receive the full protection of their local laws when dealing with a local subsidiary of an international company. This is not an embassy, it is not considered a territorial extension of the United States. The server is owned and taxed as Irish property. It should require an Irish court order to forcibly extract data off of it, same as it would taking letters out of an Irish safety deposit box (even if the bank had an American presence).

Would we be comfortable with courts in China being able to subpoena any US held data from companies with a Chinese presence? "Sorry Yahoo but as part of your incorporation in China we need you to produce any emails from the personal accounts of Boeing employees held on your US owned servers."

Re:Maybe, maybe not.

[DamnOregonian]

This is why the data should never have been in Microsoft's possession to begin with, and why it matters what companies you do business with, and what countries they operate in/what laws they are subject to in the various jurisdictions they're incorporated in.

Re:Maybe, maybe not.

[DamnOregonian]

Google is an incorporated entity in the United States of America.
The IRS most certainly *can* bring suit against them in a US court, and demand that they turn over records for their tax-haven bank accounts.
The jurisdiction applies between the plaintiff and the defendant, borders matter not.

Where jurisdiction comes in, is we can't fly a team of cops over to the Bahamas and raid the offices of the bank to produce the data, the worst we can do is levy sanctions against the defendant.

This is *completely normal*, all over the goddamn world.

Re: Maybe, maybe not.

[I'm+New+Around+Here]

Nonsense. A company is a totally fictitious entity. The government created it and the government can make it do whatever they want.

(As it turns out, the corporation is also able to control the government, but that's another topic.)

Well, the government is also a totally fictitious entity itself. So, it's not surprising that fictitious entities are controlling each other.

Re: Maybe, maybe not.

[jhol13]

Suppose that the data resides in Swizerland (Swiss privacy laws prohibit moving data overseas - don't know exact details, but the idea should be obvious). Suppose the credentials to give the data is only on the hands of a swiss administrator - no american has access to the data/server/credentials in Swizerland. In this case no matter who in the company orders to give him the credentials, the administrator in Swizerland cannot give them or he would be breaking the Swiss law.

Re:Maybe, maybe not.

[Grishnakh]

Exactly. You can't assume every government is going to behave justly at all times. Some governments are just plain bad. Do business with companies in those countries at your peril.

Re:Maybe, maybe not.

[Curunir_wolf]

The IRS most certainly *can* bring suit against them in a US court, and demand that they turn over records for their tax-haven bank accounts.

But they aren't asking for *records*. They are demanding the actual artifacts stored in that foreign country, which they CANNOT do.

we can't fly a team of cops over to the Bahamas and raid the offices of the bank to produce the data

Why not? Might makes right, doesn't it? That seems to be what you're implying.

This is *completely normal*, all over the goddamn world.

No, it's not.

Re: Maybe, maybe not.

[countach]

"if they have the authority to change the policy regarding who has credential to get the data they must do so"

How do you define "has the authority" though? If exercising that authority contravened the laws of a foreign power, does it constitute having authority? What if it contravenes a foreign religious system? What if it contravened the laws of a foreign power that the US doesn't recognise, or in a territory which is under dispute? (Palestine? Crimea? Taiwan? Sealand?).

The end game of this is that tech companies will set up the head of the pyramid of the company in some obscure jurisdiction who will do what they are told, and they'll set up their servers in countries with strong privacy laws, and the US will be left out of the loop.

Re:Maybe, maybe not.

[jbolden]

What can they be extradited for? You can only be extradited for something that's a crime in both jurisdictions.

Re: Maybe, maybe not.

[jbolden]

Absolutely. If we signed a treaty with the EU countries involving data privacy that would be USA law. We haven't.

Re:Maybe, maybe not.

[davecb]

The criteria is "the company that has the power to demand the data, has to do so if ordered by their country's courts". This probably dates back to the 16th century or earlier. Some time around the Hanseatic League...

A Canadian company with data in Outer Mongolia has to produce the data if it can. If the Outer Mongols prohibit the Canadian company from demanding it normally, the Canadians can't be ordered to produce it, because the data isn't in the Canadian company's control. If they allow it to be demanded normally, a Canadian court can get it. They have to do it via the Mongolian branch, they can't just issue court orders in Mongolia.

Your suspicion is correct: a Canadian company that controls data in the U.S. can indeed be ordered by a Canadian court to produce it .

--dave

Re:Maybe, maybe not.

[countach]

I guess they can ask a US company to violate foreign law, but they can't ask foreign employees of said company to carry out those orders. And without that vital piece of the puzzle, its kind of silly, right?

Re: Maybe, maybe not.

[Applehu+Akbar]

This situation already arose in Swiss banking: the IRS tried to assert jurisdiction over American accounts held in Switzerland. Switzerland 's response was, Screw you. All American accounts there were closed down and the US has been totally spliced out of dealings with this major world financial center. They found they could get along perfectly well without us.

My impression (I have in-laws there) is that same thing is about to happen in Swiss IT. Swiss companies will buy their equipment directly from China and close any operations in the US. As the Obama Dark Age rolls on, we become a tech as well as a financial backwater.

Re:Maybe, maybe not.

[nomadic]

Not really relevant. Microsoft has control over the data and can produce it if it wishes. It can't hide behind corporate forms.

Re: Maybe, maybe not.

Servers do not make there own rules.

They do have rules to protect and segregate data if they're set up properly, but we already know Microsoft's servers are compromised, and any data on them already available to the US government via the NSA.

This isn't about the US government getting access to the data, it's about establishing and testing legal frameworks for being able to use the data in prosecutions and court cases. That's why the US Justice Department is using a compliant corporation like Microsoft as their test case. MS will put up a token resistance, concede where the DoJ wants them to, and hand over a nicely packaged precedent for the US government to work with from then on.

We're all in dire trouble until we can unwrap these corps from the government...

Re: Maybe, maybe not.

I don't even think we make out own military ships in the USA anymore?

Nope, it's still a legal requirement that all US Navy ships be built in the US.

So with rare exception, all US Navy ships are built in the US. Newport News Shipbuilding Company handles the Aircraft Carriers (2 currently in construction) along with other ships, Ingalls Shipbuilding and Bath Iron Works do submarines, cruisers, destroyers and the amphibious assault ships (equivalent to what any other country would call Aircraft Carriers in displacement), Bollinger Shipyards which does a lot of work for the Coast Guard, Electric Boat Company builds submarines (if you can't tell from the name, though it's owned by General Dynamics now). San Diego has a shipyard, it is constructing some cargo vessels for the Navy, whether that meets your standard of a military vessel, I don't know. There is one company, Austal, which builds ships for the Navy, it is Australian owned, but they have shipyards in Alabama.

Re: Maybe, maybe not.

[Immerman]

So if I say to my foreign counterpart "give me this data that I have been subpoenaed to provide" I am obstructing justice? You could argue that the foreign branch is obstructing US justice when they implement the policy of automatic refusal unless/until a local subpoena complying with local legal requirements is received, but nobody there is personally bound by US law, so it's not particularly relevant unless they want to travel to the US in the future. Meanwhile they might very well be in violation of local law by supplying said data without the appropriate local legal authorization.

I'm not happy with this - it seems like an issue where there's no good solution: The US can't be allowed to be "world cops" to this degree - we've proven repeatedly that we've lost whatever moral superiority *might* have once entitled us to such a position - call me paranoid but handing more power to the gestapo-in-training seems to always go badly for the common man. Meanwhile *without* such authority I can easily imagine elaborate corporate data shell games where all sensitive data is inaccessible to any government. The only answer I can see is international treaties bringing corporations to heel, but I suspect those would be tricky in the extreme to get right, even if the self-same megacorps didn't already have pretty much all the relevant politicians in their pocket.

Re: Maybe, maybe not.

[Applehu+Akbar]

The agreement Switzerland signed was to disclose information about American clients who consent to the disclosure:

http://www.pwc.com/ca/en/infor...

Since banks can sidestep the agreement by just refusing to deal with Americans, that's what they do.

Re: Maybe, maybe not.

[jbolden]

So if I say to my foreign counterpart "give me this data that I have been subpoenaed to provide" I am obstructing justice?

If you did understanding that telling them there was a subpoena would make you less likely to get the data, then yes it would be. You have an obligation to the court. The court is not interested in playing word games with you. If you say anything which causes a foreigner to restrict the courts access to the data you are obstructing justice.

Even if you put a policy in place where everyday you called them up and said "I'm not under subpoena" and then when you were under subpoena you didn't call, setting up that system is still obstruction.

You could argue that the foreign branch is obstructing US justice when they implement the policy of automatic refusal unless/until a local subpoena complying with local legal requirements is received, but nobody there is personally bound by US law, so it's not particularly relevant unless they want to travel to the US in the future. Meanwhile they might very well be in violation of local law by supplying said data without the appropriate local legal authorization.

The don't go after the foreigners, they go after the locals.

The US can't be allowed to be "world cops" to this degree

This isn't about world cop. American corporations are American legal persons. They need to follow USA law.

Re:Maybe, maybe not.

[kwbauer]

And the real story on those Swiss banks is that bank officials were bringing papers in to the US to be signed and sometimes transporting goods as well. In other words, many of the banking functions they were claiming were not subject to US jurisdiction were actually being carried out on US soil and were very much subject to US banking laws. That was the real hook used to get the other data: give us all the other data that will help us build cases against US citizens and we'll be lenient on your company officials who broke our laws on our soil. I think the Swiss generally got a great deal.

Re: Maybe, maybe not.

[heypete]

Nothing unfortunate about it. That only affects the rich and powerful who for all purpose defraud american taxpayers and then shift the money offshore.

Why should any american have to suffer increased deficits and taxes so a tiny elite of wealthy parasites can continue to leach american money offshore

It also affects ordinary, non-rich-and-powerful people like myself: I'm an American PhD student in Switzerland and dealing with all the tax laws purportedly targeted at shady rich people (but which overwhelmingly affect ordinary people) is a massive pain and costs my wife and I several hundred dollars per year for a tax accountant to do our reasonably straightforward (i.e. we have some US investments, retirement accounts, etc. but earn all of our income in Switzerland) taxes.

Honestly, the whole thing can be resolved by making US tax law similar to that elsewhere in the world: pretty much all the other countries tax people based on their residency, not citizenship. That is, a Canadian living in Canada will pay Canadian taxes, but a Canadian living in Switzerland only pays Swiss taxes and owes the Canadian government nothing. Americans get taxed on their global income even if they don't live in the US (though there is a certain amount below which they're not double-taxed).

Re: Maybe, maybe not.

[Hodr]

I know Slashdot isn't all one mind, but I seem to remember the arguments from our European members being the opposite when it came time to try Microsoft for being a monopoly.

How can the EU fine a US company? Simple, they fined the portion that was incorporated in the EU.

This is the same issue; The US is not going after the EU Microsoft corporate entity, they are going after the US corporate entity. That these may be the "same" company (like a person with dual citizenship) is not really the issue. They can ask the US company to provide the data (wherever it is located), and if they refuse they can be held in contempt, found to be obstructing, etc.

   

Re: Maybe, maybe not.

[Anne+Thwacks]

Looks like Swizerland will soon be as big in the server world as it is in banking.

Re:Maybe, maybe not.

[roman_mir]

roman_mir is a psycho that I'm ashamed to share a UID within a range of 60,000

- you shouldn't worry about it, not only are you useless for any meaningful discussion, but you also can't count obviously.

your id is 1212466, mine is 125474, the difference is 1086992 or 18 times the difference you are 'ashamed of', so don't worry, you don't have to be ashamed of proximity to my id, you have to be ashamed of many other things, but not of that one.

Re: Maybe, maybe not.

[Applehu+Akbar]

All countries follow the same rule for taxation of citizens: when you live in another country, you remain a 'visitor', taxed in your home country, for one year. After that, your status switches to being taxed by the host country instead, because that's whose economy you live in and benefit from.

The one country that does not follow this rule is the US. Its citizens are taxed in both the home country and, after one year, in the host country. You can credit the host-country tax against the US tax, but because this means a lot of additional paperwork for both employee and employer, foreign countries have mostly just stopped hiring Americans for overseas jobs. Now that FATCA makes it difficult for such employees to open bank accounts for local, everyday transactions, the situation is worse still.

And hell yes, the average overseas American would take your deal yesterday.

Easy solution

Just claim the data was lost due to a "hard drive crash." I mean, it worked for the IRS, right?

Goodbye foreign markets

If this holds, US companies will have trouble competing abroad. Information belonging to a US firm's foreign customer company could be seized without possible recourse, unless the customer hires a US counsel.

Re:Goodbye foreign markets

[Altrag]

There's a bit of a fallacy in that comment -- we have no proof that Iceland wouldn't be just as bad if they had the opportunity. If Iceland had the same vendor presence internationally that the US and China do, there's a fairly good chance that sooner or later someone would come into power who feels a need to abuse their position.

What will (and in a lot of places has started to) happen is that all of the countries will just turn inwards and shut out everyone.

Canada for example has started building our own backbones after relying on the US ones for decades because we no longer trust our data passing over US carriers after PRISM was revealed.

Similarly, many countries and companies have stopped buying routers made in China after the talk a few years about back doors being built in (I'm not even sure that was proven but just the rumor was enough to make people look to other vendors.)

Will this affect overseas profits tax evasion?

[swb]

Will this influence the tax gimmick where the HQ is overseas so the profits don't have to have taxes paid on them?

Why is it the money can evade the government but the data can't?

Re:Will this affect overseas profits tax evasion?

[Anonymous+Psychopath]

Will this influence the tax gimmick where the HQ is overseas so the profits don't have to have taxes paid on them?

Why is it the money can evade the government but the data can't?

Tax evasion is illegal. Tax avoidance, which is what these companies are practicing, is not. There's no criminal wrongdoing taking place.

Even though the politicians bluster on and on about the problem, they always forget to mention that they are the ones with the power to fix it, if they chose to.

Re:Will this affect overseas profits tax evasion?

[Dynedain]

Tax avoidance is by definition, figuring out what is legal, what is not, and adjusting accordingly.

Claiming your charitable donations on your tax return (which you're supposed to do) is tax avoidance. If the laws allow for undesirable tax avoidance behaviors, then they should be changed.

Long term plan?

[KerPow]

The best the US administration can hope for here is to shatter the US software industry into a thousand small associated companies with strict data sharing agreements to handle overseas data. Worst case they slowly succeed at destroying any ability to run a US business that handles overseas customer information. What is the goal here? There is no way that demanding that kind of access will be sustainable (short of all out secrecy which has obviously failed in this instance.)

Curious

[aevan]

Does this mean that the US Gov is fine with those same companies turning over all their data to China if a Chinese official decides he wants it? Wonder what other companies this fun can extend to.

It's corporations we're talking about

[jgotts]

Effectively, though perhaps not in the strict legal definition, the purpose of a corporation is to make a profit.

As we can plainly see from Microsoft's conduct over the years, they will break whatever laws they can get away with to make that profit. This lawsuit isn't about Hotmail users' e-mail messages, this is about illegal or otherwise objectionable behavior that they are trying to shield in other countries.

If you're worried about your e-mail and data stored on Microsoft's servers, then let's not mix that up with a corporation's ability to hide illegal, unethical, or immoral behavior within a more compliant state's physical borders.

Headline should be modded as Flamebait

[fightinfilipino]

i fully agree with the troubling implications that the U.S. can subpoena any information regardless of where it physically resides in the world, but the headline is woefully inaccurate. i thought this was Slashdot, not BuzzFeed. very disappointed here.

Re:I think USA is right...

[Rich0]

And the reaction will be that all high tech companies will just leave the USA.

The ruling pertains to anybody who does business in the US. So, they can leave the USA, as long as they don't sell anything in the USA.

what a headline

[maliqua]

That's not got an agenda behind it at all. what it means to say is US owns data of US companies/citizens even if they hide it outside the USA that seems some what reasonable.

A larger legal question arises here

[bobbied]

I believe that Microsoft is right to claim the US government doesn't have jurisdiction over data stored outside of the United States. There simply MUST be a clear distinction maintained over where something is located, or country borders don't mean anything. If law enforcement in one country can force the production of evidence located in another country, then it's a free for all and borders have no meaning.

For instance... Lets say that a country (not the USA) has strict privacy laws about data collected and stored digitally and how it can be used. Lets say that they strictly forbid the sharing of specific kinds of data without written consent from the individual the data is about. If Microsoft operates in that country and collects data from it's users and then receives a court order for data from the USA for data stored in the country with strict privacy laws, what is Microsoft to do? Violate the court order and obey the laws under which the data was collected and stored OR violate the laws of another country? If borders mean ANYTHING, Microsoft must obey the local laws of the countries they operate in. So if the data is not here in the USA, the USA cannot force production of the data though the courts.

I understand that this is rife for abuse because it allows the hiding of criminal evidence overseas where it is beyond direct USA reach, but there are processes to obtain such evidence though diplomatic and international law enforcement channels in place. For Civil litigation, there are ways to work though other countries legal systems (albeit inconvenient and expensive ones). So, where I get there are problems, we really cannot just unilaterally decide we have the authority to demand a company produce data held overseas and force them hand over evidence which is not within our borders.

Finally, there is the "How would you feel if somebody did it to you?" test. Let's say the US was where the data was located and some other country was demanding that the data be sent back to them and felt they could enforce their will within the USA.... Would we not feel offended? I dare say we would.

Re:Simple rule, actually

[PopeRatzo]

It's interesting that right at this moment, the Obama Adminstration is pushing an international treaty that will make it so that corporations do not have to comply with a country's laws. It's called "TISA" and it's so bad that it was supposed to be secret for five years after it's ratified and put into action. We only know about it because Wikileaks released a leaked portion of it.

Secret laws being adjudicated in secret courts. All at the behest of corporations who then want (like Microsoft) to not have to comply. It's a pretty ugly type of fascism.

Subpoena vs Warrent

[jcochran]

The real issue at hand is the difference between a warrent and a subpoena.
The legal requirements to obtain a warrent are rather trivial and obtaining a warrent is rather easy. But a warrent doesn't extend past the boundaries on the United States. A subpoena on the other hand has far stricter oversight and requirements to obtain. But a subpoena requires the one served to provide the information requested regardless of where in the world that information resides.

What's happening is the government is attempting to get the best of both worlds. The trivial requirements of obtaining a warrent, combined with the expanse of a subpoena. And that frankly is wrong and needs to be stopped.

Discoverable

[Etherwalk]

IIRC, information in the possession, custody, or control of a US party is subject to discovery in a civil suit, regardless of where it is located. The company can provide it or lose the case.

Re:Overreach

[sumdumass]

There are several types of warrants. What you are describing is just a single warrant generally referred to as a search warrant.

What we have here is a subpoena , or more precisely a subpoena duces tecum . This subpoena has been used in law since before the country was founded and throughout its existence. IT basically means you need to produce something to the court or whatever agency the law allowing it dictates. It's issued by a judge after a lawful request failed in procuring the items. It generally requires substantial knowledge that a person or entity is in possession of them.

nice

[Charliemopps]

Careful what you wish for. If the administration succeeds you'll quickly see the mass exodus of pretty much the entire tech sector of this country that's capable of leaving.

You have this backwards.

[IBitOBear]

Microsoft is trying the "you can't hold me responsible for yesterday's shooting because the gun is in my other pants" defense.

The law has _always_ held that if you are before the court, everything relevant to the case is before the court.

If this were not the case then the Tobacco and Asbestos companies could have just said "all those meeting minutes and research records are stored in our warehouse in mexico so ha ha, you all lose." Any company or person, on any issue, could just mail the evidence out of state or out of country and get off scott free.

That just never happened.

Just because the evidence is "on a computer" instead of "printed on paper" doesn't make the "other pants" defense viable.

The court is not reaching across a border. Microsoft is _here_. Microsoft does business _here_. The complaint is _here_, and the court is _here_. The proper legal response to "the other pants" gambit is to tell the guy in his shorts to send someone to go get whatever it is from those pants and bring it back.

Criminals don't just "move" their assets to other countries, they "hide" them because if it can be found it's on the table.

Every court. Every country. Every topic. From the beginning of time.

This is no different.

Re:You have this backwards.

[forand]

I agree with everything you have stated. However, the situation is not one of Microsoft being required to produce their own documents, they are being required to produce other's documents. So the analogy would be that Microsoft has a rental storage facility in Ireland and the US wants them to riffle through a unit and send some documents they find. That is far less reasonable and clear cut as your summary.

Re:You have this backwards.

Actually the US government is trying to have it both ways...

http://www.wired.com/2014/06/feds-seize-stingray-documents/

"In the Sarasota case, the U.S. Marshals Service claimed it owned the records Sarasota police offered to the ACLU because it had deputized the detective in the case, making all documentation in the case federal property. Before the ACLU could view the documents Sarasota had put aside for them, the agency dispatched a marshal from its office in Tampa to seize the records and move them to an undisclosed location."

Oh, the irony.

Re:You have this backwards.

[IBitOBear]

If I used a Saudi document escrow or storage service to store my documents, and they stored them in Botswana, there would be at least three jursidictions with the ability to subpoena those documents. Botswana, Saudi Arabia, and Wherever I live (so State of Washington, and U.S.A. federal jurisdictions).

It was _my_ choice to involve the Saudis and they were acting as my agent when they involved Botswana.

Sucks to be me if my documents are not actionable here but against the law there. I got those places involved in my business by doing business with them. That's the nature of actual, personal responsibility.

Really read this sentence: "In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas."

This is a core tenant of law. It is the same legal principle that says the U.S. can prevent and punish a U.S. company from shipping heroin and sex slaves from Afghanistan to Brunei because they _are_ a U.S. company. It's also the same reason that a Brunei court can go after the same company.

If I go to mexico I am bound by Mexican _and_ U.S. Law. You can substitute any countries for any countries in this scenario.

This is also why I am mostly untouchable in Utah and Montana since I've never been in Utah, and I drove through Montana once. But that could change if I started a partnership with someone who lived in Utah. That relationship between them and I could bring many of my details under the jurisdiction of the Utah court.

You step in a river, you get water on you. You splash around in business in a particular country, the law of that country will stick.

Microsoft does business here. The dispute is a dispute here. That Microsoft stores the relevant material there, by accident of fate or by purpose of design, doesn't insulate that material from this court.

Where is the dispute, who created the material, and where are they, and where were they when they made the material. These are not very advanced questions.

It's more or less the same reason that a U.S. court can prosecute a U.S. citizen for "sex toruism" if they do the under-aged nasty in a land where that's supposedly okay, because they did it under the tacit protection of the U.S. because they could call their council and embassy via their citizenship and passport etc.

It's very, very hard to wash off a jurisdiction. One of the reasons the Swiss were so useful for so long is that they just wouldn't say what they were holding. Other jurisdictions could hold you responsible for what they could prove you "must have", but they couldn't ever get the swiss to _be_ that proof because they would simply remain silent.

There is no dispute that Microsoft has these documents. There is no dispute that Microsoft is a U.S. company. There is no dispute that the dispute is taking place in the U.S. So Microsoft's claim is _almost_ pro forma. They don't _want_ to cough up the stuff, but they likely have no belief that this defense will work.

Part of what Microsoft sells here is "if they mess with your bull they'll get _our_ horns, so trust us with your stuff". The very fact of the defense, despite its absurdity, is a feather in their cap.

But eventually the documents will be produced.

Re:You have this backwards.

[nabsltd]

Really read this sentence: "In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas."

The problem is that this case is using a warrant, which historically targets a search of a very specific location and has never been allowed to specify a location not directly within the authority of the court issuing the warrant, yet the administration wants it to act like a subpoena, which does allow the data to be located outside the authority of the issuing court, as long as the person (or company) being served is within the court's authority.

For example, if the Chicago police department is investigating a crime, they can present to a Illinois court a request for a warrant to search something that is within the state of Illinois. They could not request an Illinois court to grant them a warrant to search a location in Texas. They can, of course, request that a Texas court allow them to perform that search.

In the same way, the US government cannot get a warrant from a US court to search a location in Ireland. Yet, the USG is trying to do exactly that. They could ask an Irish court to give them a warrant (and, IIRC, have done so in this case, and been denied) to search that location. If the USG was asking for information that was owned by Microsoft, then a subpoena against the US-based Microsoft would be enough to force them to produce data stored in Ireland. Instead, they are asking Microsoft to produce data that although they technically control, is actually owned by some user of Microsoft's services. For that, they need a warrant.

Maybe, maybe not.

[sdack]

"The *real* question is what about companies that do business here but are based in other countries?"

No, this is not the right question.

It does not matter where you do business or where you are based at. What matters is what your offence or crime is! Meaning, the reason why you are in court.

Depending on what you did can your status have all different kinds of influence on the outcome or none at all.

Of course, you also have to define what you understand by "being based at" and "doing business in". It often will make little difference. For example when you have to pay your taxes then the difference may only make a difference in which taxes you have to pay, but you will have to pay one or the other tax for sure.

Re:Dog carried my homework off to Mexico

[ray-auch]

When you are obligated by law to produce the required information then this is how it is. If you have placed the information out of reach for you to get it, or only refuse to get it, then it has got a fair chance to turn into an obstruction of justice and you will find yourself in even more trouble.

The information has not been placed out of reach by MS, it never was in the US. Nor is it MS's information - it is information belonging to one of their customers that happens to be stored on MS servers (that "cloud" thing) - outside of the US.

MS have made a big selling point of their Irish data centre location being in-EU for projects (including government stuff) that have data subject to EU rules where, in law, it may not be sent outside the EU. If MS-Ireland (or whichever MS-co it is) suddenly starts sending data to MS (US) just because head office requested it, then I think a lot of big EU contracts become invalid and/or a lot of big EU projects suddenly become illegal under EU law.

Your problem with posturing about "it is you who will be judged and sentenced by the court" is that it also applies if they do ship their customer's personal data out of the EU in breach of EU laws, it is just that they will then be judged and sentenced by a different court.

Stupid thing is there is a perfectly easy and logical way to do this - simply get a court order (warrant) for the data where it is, in Ireland, from an Irish court. All the EU data protection etc. laws allow for data to be released by court order in the right jurisdiction. So why won't the DOJ do that ?

Couldn't possibly be that they are just on a fishing expedition that they couldn't possibly get past any court where the judge isn't already in their pocket ?

Re:Simple rule, actually

[PopeRatzo]

The TISA is classified so investment groups wouldn't take advantage of it before it went into effect, thus screwing you and I over.

For five years after it becomes law?

Also, it's been in negotiation for 2 fucking decade, so not really 'Obama'.

Exactly right. This treaty, which creates corporate sovereignty, is being negotiated in secret...from us. Do you really believe for a moment that it's also secret from the companies that will benefit, like Goldman Sachs?

Every president for the past 30 years has been playing for the same team. And the team does not include us.

Re:Simple rule, actually

[PopeRatzo]

The part that's dangerous to us is that it is another brick in the wall of corporate sovereignty.

Where is the obiligatory AYB?

[Naatach]

All Your Base Are Belong to Us?

Re:Simple rule, actually

[PopeRatzo]

[citation needed]

I would start with the excellent site by Yves Smith, Naked Capitalism. The writers there are not wild-eyed ideologues, but people who have spent careers in the financial industry, working at pretty high levels. They've been all over this story since the Wikileaks documents broke. Remember, it was Wikileaks that published the secret TPP documents as well, which put the efforts to push that treaty through the tunnel on its heels, at least temporarily. Sunshine can be a great disinfectant.

http://www.nakedcapitalism.com...

And in case you need a citation regarding sunlight being a disinfectant, I would give you none other than the great Louis Brandeis:
http://sunlightfoundation.com/...

To answer that, the Republicans voted repeal

[raymorris]

> We really can't tell the difference between Democrats and Republicans.... This sounds so Bush-like...

So you can know the difference on this issue, the Republicans voted to repeal the law. The law generates negative net revenue, costing more to administer and enforce than it brings in. Generally speaking, Republicans are against burdensome taxes, taxes that only cost money and don't increase revenue. That's more of a Democrat thing.

Obama is a fool.

[Karmashock]

It will take a long time for those that have linked their personal identity to the man to admit this point... but he always has been a fool.

Re:The cloud

[kwbauer]

"basic failure to understand reality" Pretty much sums up the current administration.

Mod parent up

[amaurea]

I'm pretty sure this is itself a fallacy. You can't just assume every country operates identically, given the same opportunity. That's just like saying every man would rape a woman given a good opportunity, just because one guy did so.

Iceland hasn't done anything to earn a bad reputation. The US government has.

Well said. The "I'm sure everybody else is just as bad" defence of the USA is annoyingly common on Slashdot, but there are no reasons to expect them to be the same. They differ in how healthy their democracies are (USA has a relatively large distance from the wishes of the individual citizen to the actions of the government (this depends on size of the population, the implementation of democracy and the laws regulating the influence of money)), how much resources they can allocate (if Iceland spent the same fraction of their money on surveilance, they would have about 50 NSA/CIA equivalent employees and store much less than 1% of the world's data for 0.1 years. But there are economics of scale that would lower this further), and how powerful they are internationally (and hence to which degree they can bully other countries into cooperating).

I think the main reason why your data might not be safe in Iceland is that Iceland would bow to pressure from the USA, not that Iceland would covert it itself.

(By the way, EU != Europe. Iceland is not in the EU)