Obama Administration Says the World's Servers Are Ours

An anonymous reader points out this story about the U.S. Justice Department's claim that companies served with valid warrants for data must produce that data even if the data is not stored in the U.S. Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland. In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border. A magistrate judge has already sided with the government's position, ruling in April that "the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information." Microsoft appealed to a federal judge, and the case is set to be heard on July 31.

Maybe, maybe not.

[Frosty+Piss]

Microsoft is based in the United States, so there may be some valid argument here that as an American company, Microsoft data regardless of where "in the cloud" it is stored is subject to American legal rulings.

The *real* question is what about companies that do business here but are based in other countries?

Re: Maybe, maybe not.

[mSparks43]

Someone pointed out that governments don't really matter anymore.

Doesn't matter how true it is. They are gonna bitch scream and stamp their feet till mommy buys them what they want.

Re:Maybe, maybe not.

[roman_mir]

The *real* question is what about companies that do business here but are based in other countries?

- what do you mean it is a 'question'? We already know the answer to this. If a business has any presence on USA soil, the oppressive dictatorial USA government feels that it has full authority to demand all information from that business about its customers and their transactions.

Re:Maybe, maybe not.

[Anonymous+Psychopath]

Microsoft is based in the United States, so there may be some valid argument here that as an American company, Microsoft data regardless of where "in the cloud" it is stored is subject to American legal rulings.

The *real* question is what about companies that do business here but are based in other countries?

There must be precedents or applicable laws for physical analogies. If a company operating in the US happens to store physical records somewhere outside the US, and those records are pertinent to the case, would those not be covered by a US subpoena? If the company has access to them and the ability to procure them, what does the physical location of the records or their headquarters matter?

Re: Maybe, maybe not.

[mSparks43]

You cannot serve warrents to search property in other countries.

Simple as that.

Servers and data fundamentally don't obey those rules.

The internet doesn't live in the real world. Its rediculous to try and impose real world rules on it.

But fun to watch them try.

Re:Maybe, maybe not.

[Grishnakh]

This is the case for any normal country, as well it should be. I can't believe I'm defending Obama on something, but they're right on this one: if a country's legal system has a valid case for something, and issues a court order ordering you to turn something over, you can't just avoid a court order by saying "it's in my summer home in another country!". If you refuse, they can hold you in contempt of court until you decide to produce it. Maybe the other country can't be compelled to give it up, but you're in this country, and they can keep you in jail as long as they want.

Re:Maybe, maybe not.

[bloodhawk]

The huge MASSIVE problem with that position is that many other countries have VERY specific laws about data, especially privacy data leaving the borders. This puts international companies in a hugely awkward position where they must break one law or the other, either of which potentially could result in huge fines or Jail time. The US doesn't get to determine what other countries laws are and they definitely do not get to override them.

Re:Maybe, maybe not.

I expect that the reverse is also true, that if I conduct business overseas that I am also subject to the laws of countries whose policies I do not agree with.

the problem is the US government does not believe that is true at all. For instance other countries have laws that make it illegal for privacy data to be sent out of the country without the users express consent, these US laws are therefore a breach of laws in other countries.

Re:Maybe, maybe not.

[bloodhawk]

there is a LOT to see here, this is definitely not a non-issue. This inherently makes US companies a danger to do business with many countries for hosting/cloud services where many countries have laws and/or industries with regulatory requirements that demand data cannot be taken out of the country. This ruling if upheld will make US companies like Amazon, MS, Apple, Google et al a no go when it comes to hosting, the financial ramifications are rather massive.

Re: Maybe, maybe not.

[craigminah]

If this does hold up, and Microsoft releases the data stored in another country (which is ludicrous), then how long will it take for every other country in the world to buy equipment from a non-American or solely domestic company? This may backfire...like most of our administration's policies...

Re: Maybe, maybe not.

[fustakrakich]

The internet doesn't live in the real world.

You mean there are no servers and cables? Everything is just... there?

Re:Maybe, maybe not.

[Grishnakh]

Swiss bank doesn't have to disclose ANYTHING to the USA regime about its account holders in Switzerland.

No, but when the US courts find that you, a US citizen living in the US, have monies in a foreign bank account (thanks to documents they seized by court order) which they've proven are stolen or need to be taxed or whatever, "it's not in the country" is not an excuse. You either come up with the money, or you sit in jail forever in contempt of court. You can't just hide property in a foreign country and avoid legal consequences.

Re:Maybe, maybe not.

[roman_mir]

Again, the foreign companies are not USA citizens and foreign companies are not subject to USA law on their own land. However if you are an American then you are a SECOND CLASS CITIZEN today (or lower) because foreign banks that have any presence in the USA whatsoever DENY your request to open a bank account :)

If you think this is normal and that is how all countries operate, think again. When you are in Switzerland if you are from India or from China or from Russia or from Germany or from UK or from Brazil or from Uganda you are not going to be prevented from opening a bank account. However if you are from good old US of A you will not be able to open a bank account if you do not have another passport, that's what it is like today to be an American. USA government turned USA citizens into persona non grata for foreign businesses.

By the way, USA is the only of 2 or 3 countries in the world that tax 'world income', as in even if you are not a resident in the country, you are forced to file income taxes every year and above certain income you are forced to pay USA related income taxes :) Great success building that 'independence' and 'freedom'. USA was created to escape this type of persecution, now it is one of the worst offenders against human rights in the world and when I say human rights I am talking about the right to be an individual, the right to self determination, the right not to be a slave to a collective.

By the way, there is 0% wrong with having foreign bank accounts all over the world. AFAIC in today's society everybody needs to have more than one passport and many many many bank accounts and business investments around the world not tied to their country of residence. Of-course you don't have to do it, but then you are owned, aren't you?

Re: Maybe, maybe not.

[Luckyo]

This gets more warped. It would likely be illlegal to produce certain data on EU citizens like this according to EU privacy directive. Company would be forced to choose to either follow US law or EU law, as these would be at odds with one another.

I can see policy like this bringing current globalization trend to a screeching halt as companies would split to have daughter companies incorporated and operating only in certain countries to shield them against this kind of abuse.

Re: Maybe, maybe not.

[jbolden]

You cannot serve warrents to search property in other countries.

Yes you can. If Microsoft stole an antique and shipped it to China, and then was ordered to produce it they couldn't say "well its in China so we don't have produce it".

Re:Maybe, maybe not.

[physicsphairy]

if a country's legal system has a valid case for something, and issues a court order ordering you to turn something over, you can't just avoid a court order by saying "it's in my summer home in another country!"

That's fine. I'm perfectly okay with saying Microsoft has to produce all of their financial information, legal analysis, etc., when required, no matter where it is stored, as a provision of being legally incorporated in the United States.

Where this gets pernicious is that the data they are being required to present is *not* their data. They are a third party holding the data on someone else's behalf. Note the courts specifically say that this would not be okay if it was a physical document, their reasoning for being allowed to subpoena an electronic document is essentially that it's trivial for them to get away with it.

From the article:

The e-mail the US authorities are seeking from Microsoft concerns a drug-trafficking investigation. Microsoft often stores e-mail on servers closest to the account holder.

So presumably this data belongs to someone in Ireland. It's data which was created in Ireland. It may be data which has never left Ireland. But because they made the mistake of dealing with a US company, the data of an Irish citizen sitting in a room in Ireland where Irish law prevails is now being exported to America without Irish courts having any say in the matter.

Re: Maybe, maybe not.

Its worse than that, much like the NSA's over reach scaring off other countries from American tech products, this kind of ruling encourages multinationals to never set up business in the USA. The USA is a big market worth a lot of money, but if they keep piling up reasons why a multinational would want to stay the hell away, eventually companies will stop bothering.

Re: Maybe, maybe not.

[HornWumpus]

It's all sorts of things. But only people outside the jurisdiction of the courts are obstructing American justice. Where it's called 'being in compliance with local data privacy laws'.

Did the subpoena prevent you from informing your foreign employer of what was happening? More practically did it prevent corporate legal from informing their foreign bosses. What if the data is protected by their data privacy laws? What if you don't 'know that for sure'. What if your local lawyer 'was certainly unaware of that' (once made aware, he will be dirty and have to move on.)

Re:Maybe, maybe not.

[physicsphairy]

If the company has access to them and the ability to procure them, what does the physical location of the records or their headquarters matter?

Because they are storing someone else's data. That someone else (and their locally stored property) should receive the full protection of their local laws when dealing with a local subsidiary of an international company. This is not an embassy, it is not considered a territorial extension of the United States. The server is owned and taxed as Irish property. It should require an Irish court order to forcibly extract data off of it, same as it would taking letters out of an Irish safety deposit box (even if the bank had an American presence).

Would we be comfortable with courts in China being able to subpoena any US held data from companies with a Chinese presence? "Sorry Yahoo but as part of your incorporation in China we need you to produce any emails from the personal accounts of Boeing employees held on your US owned servers."

Re:Maybe, maybe not.

[DamnOregonian]

This is why the data should never have been in Microsoft's possession to begin with, and why it matters what companies you do business with, and what countries they operate in/what laws they are subject to in the various jurisdictions they're incorporated in.

Re:Maybe, maybe not.

[DamnOregonian]

Google is an incorporated entity in the United States of America.
The IRS most certainly *can* bring suit against them in a US court, and demand that they turn over records for their tax-haven bank accounts.
The jurisdiction applies between the plaintiff and the defendant, borders matter not.

Where jurisdiction comes in, is we can't fly a team of cops over to the Bahamas and raid the offices of the bank to produce the data, the worst we can do is levy sanctions against the defendant.

This is *completely normal*, all over the goddamn world.

Re: Maybe, maybe not.

[I'm+New+Around+Here]

Nonsense. A company is a totally fictitious entity. The government created it and the government can make it do whatever they want.

(As it turns out, the corporation is also able to control the government, but that's another topic.)

Well, the government is also a totally fictitious entity itself. So, it's not surprising that fictitious entities are controlling each other.

Re: Maybe, maybe not.

[jhol13]

Suppose that the data resides in Swizerland (Swiss privacy laws prohibit moving data overseas - don't know exact details, but the idea should be obvious). Suppose the credentials to give the data is only on the hands of a swiss administrator - no american has access to the data/server/credentials in Swizerland. In this case no matter who in the company orders to give him the credentials, the administrator in Swizerland cannot give them or he would be breaking the Swiss law.

Re: Maybe, maybe not.

[countach]

"if they have the authority to change the policy regarding who has credential to get the data they must do so"

How do you define "has the authority" though? If exercising that authority contravened the laws of a foreign power, does it constitute having authority? What if it contravenes a foreign religious system? What if it contravened the laws of a foreign power that the US doesn't recognise, or in a territory which is under dispute? (Palestine? Crimea? Taiwan? Sealand?).

The end game of this is that tech companies will set up the head of the pyramid of the company in some obscure jurisdiction who will do what they are told, and they'll set up their servers in countries with strong privacy laws, and the US will be left out of the loop.

Re:Maybe, maybe not.

[davecb]

The criteria is "the company that has the power to demand the data, has to do so if ordered by their country's courts". This probably dates back to the 16th century or earlier. Some time around the Hanseatic League...

A Canadian company with data in Outer Mongolia has to produce the data if it can. If the Outer Mongols prohibit the Canadian company from demanding it normally, the Canadians can't be ordered to produce it, because the data isn't in the Canadian company's control. If they allow it to be demanded normally, a Canadian court can get it. They have to do it via the Mongolian branch, they can't just issue court orders in Mongolia.

Your suspicion is correct: a Canadian company that controls data in the U.S. can indeed be ordered by a Canadian court to produce it .

--dave

Re: Maybe, maybe not.

[Applehu+Akbar]

This situation already arose in Swiss banking: the IRS tried to assert jurisdiction over American accounts held in Switzerland. Switzerland 's response was, Screw you. All American accounts there were closed down and the US has been totally spliced out of dealings with this major world financial center. They found they could get along perfectly well without us.

My impression (I have in-laws there) is that same thing is about to happen in Swiss IT. Swiss companies will buy their equipment directly from China and close any operations in the US. As the Obama Dark Age rolls on, we become a tech as well as a financial backwater.

Re: Maybe, maybe not.

Servers do not make there own rules.

They do have rules to protect and segregate data if they're set up properly, but we already know Microsoft's servers are compromised, and any data on them already available to the US government via the NSA.

This isn't about the US government getting access to the data, it's about establishing and testing legal frameworks for being able to use the data in prosecutions and court cases. That's why the US Justice Department is using a compliant corporation like Microsoft as their test case. MS will put up a token resistance, concede where the DoJ wants them to, and hand over a nicely packaged precedent for the US government to work with from then on.

We're all in dire trouble until we can unwrap these corps from the government...

Re: Maybe, maybe not.

[Immerman]

So if I say to my foreign counterpart "give me this data that I have been subpoenaed to provide" I am obstructing justice? You could argue that the foreign branch is obstructing US justice when they implement the policy of automatic refusal unless/until a local subpoena complying with local legal requirements is received, but nobody there is personally bound by US law, so it's not particularly relevant unless they want to travel to the US in the future. Meanwhile they might very well be in violation of local law by supplying said data without the appropriate local legal authorization.

I'm not happy with this - it seems like an issue where there's no good solution: The US can't be allowed to be "world cops" to this degree - we've proven repeatedly that we've lost whatever moral superiority *might* have once entitled us to such a position - call me paranoid but handing more power to the gestapo-in-training seems to always go badly for the common man. Meanwhile *without* such authority I can easily imagine elaborate corporate data shell games where all sensitive data is inaccessible to any government. The only answer I can see is international treaties bringing corporations to heel, but I suspect those would be tricky in the extreme to get right, even if the self-same megacorps didn't already have pretty much all the relevant politicians in their pocket.

Easy solution

Just claim the data was lost due to a "hard drive crash." I mean, it worked for the IRS, right?

Goodbye foreign markets

If this holds, US companies will have trouble competing abroad. Information belonging to a US firm's foreign customer company could be seized without possible recourse, unless the customer hires a US counsel.

Will this affect overseas profits tax evasion?

[swb]

Will this influence the tax gimmick where the HQ is overseas so the profits don't have to have taxes paid on them?

Why is it the money can evade the government but the data can't?

Re:Will this affect overseas profits tax evasion?

[Anonymous+Psychopath]

Will this influence the tax gimmick where the HQ is overseas so the profits don't have to have taxes paid on them?

Why is it the money can evade the government but the data can't?

Tax evasion is illegal. Tax avoidance, which is what these companies are practicing, is not. There's no criminal wrongdoing taking place.

Even though the politicians bluster on and on about the problem, they always forget to mention that they are the ones with the power to fix it, if they chose to.

Re:Will this affect overseas profits tax evasion?

[Dynedain]

Tax avoidance is by definition, figuring out what is legal, what is not, and adjusting accordingly.

Claiming your charitable donations on your tax return (which you're supposed to do) is tax avoidance. If the laws allow for undesirable tax avoidance behaviors, then they should be changed.

Curious

[aevan]

Does this mean that the US Gov is fine with those same companies turning over all their data to China if a Chinese official decides he wants it? Wonder what other companies this fun can extend to.

It's corporations we're talking about

[jgotts]

Effectively, though perhaps not in the strict legal definition, the purpose of a corporation is to make a profit.

As we can plainly see from Microsoft's conduct over the years, they will break whatever laws they can get away with to make that profit. This lawsuit isn't about Hotmail users' e-mail messages, this is about illegal or otherwise objectionable behavior that they are trying to shield in other countries.

If you're worried about your e-mail and data stored on Microsoft's servers, then let's not mix that up with a corporation's ability to hide illegal, unethical, or immoral behavior within a more compliant state's physical borders.

Re:I think USA is right...

[Rich0]

And the reaction will be that all high tech companies will just leave the USA.

The ruling pertains to anybody who does business in the US. So, they can leave the USA, as long as they don't sell anything in the USA.

what a headline

[maliqua]

That's not got an agenda behind it at all. what it means to say is US owns data of US companies/citizens even if they hide it outside the USA that seems some what reasonable.

A larger legal question arises here

[bobbied]

I believe that Microsoft is right to claim the US government doesn't have jurisdiction over data stored outside of the United States. There simply MUST be a clear distinction maintained over where something is located, or country borders don't mean anything. If law enforcement in one country can force the production of evidence located in another country, then it's a free for all and borders have no meaning.

For instance... Lets say that a country (not the USA) has strict privacy laws about data collected and stored digitally and how it can be used. Lets say that they strictly forbid the sharing of specific kinds of data without written consent from the individual the data is about. If Microsoft operates in that country and collects data from it's users and then receives a court order for data from the USA for data stored in the country with strict privacy laws, what is Microsoft to do? Violate the court order and obey the laws under which the data was collected and stored OR violate the laws of another country? If borders mean ANYTHING, Microsoft must obey the local laws of the countries they operate in. So if the data is not here in the USA, the USA cannot force production of the data though the courts.

I understand that this is rife for abuse because it allows the hiding of criminal evidence overseas where it is beyond direct USA reach, but there are processes to obtain such evidence though diplomatic and international law enforcement channels in place. For Civil litigation, there are ways to work though other countries legal systems (albeit inconvenient and expensive ones). So, where I get there are problems, we really cannot just unilaterally decide we have the authority to demand a company produce data held overseas and force them hand over evidence which is not within our borders.

Finally, there is the "How would you feel if somebody did it to you?" test. Let's say the US was where the data was located and some other country was demanding that the data be sent back to them and felt they could enforce their will within the USA.... Would we not feel offended? I dare say we would.

Re:Simple rule, actually

[PopeRatzo]

It's interesting that right at this moment, the Obama Adminstration is pushing an international treaty that will make it so that corporations do not have to comply with a country's laws. It's called "TISA" and it's so bad that it was supposed to be secret for five years after it's ratified and put into action. We only know about it because Wikileaks released a leaked portion of it.

Secret laws being adjudicated in secret courts. All at the behest of corporations who then want (like Microsoft) to not have to comply. It's a pretty ugly type of fascism.

You have this backwards.

[IBitOBear]

Microsoft is trying the "you can't hold me responsible for yesterday's shooting because the gun is in my other pants" defense.

The law has _always_ held that if you are before the court, everything relevant to the case is before the court.

If this were not the case then the Tobacco and Asbestos companies could have just said "all those meeting minutes and research records are stored in our warehouse in mexico so ha ha, you all lose." Any company or person, on any issue, could just mail the evidence out of state or out of country and get off scott free.

That just never happened.

Just because the evidence is "on a computer" instead of "printed on paper" doesn't make the "other pants" defense viable.

The court is not reaching across a border. Microsoft is _here_. Microsoft does business _here_. The complaint is _here_, and the court is _here_. The proper legal response to "the other pants" gambit is to tell the guy in his shorts to send someone to go get whatever it is from those pants and bring it back.

Criminals don't just "move" their assets to other countries, they "hide" them because if it can be found it's on the table.

Every court. Every country. Every topic. From the beginning of time.

This is no different.

Re:You have this backwards.

[forand]

I agree with everything you have stated. However, the situation is not one of Microsoft being required to produce their own documents, they are being required to produce other's documents. So the analogy would be that Microsoft has a rental storage facility in Ireland and the US wants them to riffle through a unit and send some documents they find. That is far less reasonable and clear cut as your summary.

Re:Simple rule, actually

[PopeRatzo]

The TISA is classified so investment groups wouldn't take advantage of it before it went into effect, thus screwing you and I over.

For five years after it becomes law?

Also, it's been in negotiation for 2 fucking decade, so not really 'Obama'.

Exactly right. This treaty, which creates corporate sovereignty, is being negotiated in secret...from us. Do you really believe for a moment that it's also secret from the companies that will benefit, like Goldman Sachs?

Every president for the past 30 years has been playing for the same team. And the team does not include us.

Obama is a fool.

[Karmashock]

It will take a long time for those that have linked their personal identity to the man to admit this point... but he always has been a fool.