Slashdot Mirror
Judge: US Search Warrants Apply To Overseas Computers
jfruh (300774) writes Investigators in a criminal case want to see some emails stored on Microsoft's servers in Ireland. Microsoft has resisted, on the grounds that U.S. law enforcement doesn't have jurisdiction there, but a New York judge ruled against them, responding to prosecutors' worries that web service providers could just move information around the world to avoid investigation. The case will be appealed.
Going to take a position I know will be unpopular in this thread, but:
The leverage they have is that you're accused of committing a crime within the borders of the US, and evidence you have access to can be demanded under a warrant that covers details related to that crime. Their physical inability to seize it by force(because it's in another jurisdiction) is about as relevant as their inability to unlock your bank safe. Either way they can punish you for not turning over evidence that is covered by the warrant.
If the local branch of Microsoft has access to and control over the servers, they only need to demand the local branch to do so, that doesn't mean they are extended juristiction. If the data could only be accessed from outside the US it would be more interesting.
That's good news, since it's one step closer towards closing the gap between the haves and have-nots.
Being rich enough to shuttle assets to other countries shouldn't mean you get away with breaking the law, because that's an inequal application of justice, and therefore unconstitutional.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Unfortunately, no. Jurisdiction for the crime isn't the same as jurisdiction for evidence.
"...responding to prosecutors' worries that web service providers could just move information around the world to avoid *dictatorships suppressing said information*".
Fixed it for ya.
If country X bans something, I happily move somewhere else where it's allowed assuming it was important to me.
Now what if this worked the other way. Some muslim country gets to search people's US computers even if they know they can't store their Porn on their Muslim country computer. Now they can say that storing that data in the USA isn't enough reason to avoid getting thrown in jail.
There doesn't appear to be any reference to where the email accounts user is located. If it was a US user trying to hide their data on overseas servers there might be some reasoning behind it, but if US courts are trying to get a hold of non-US users data on non US servers there is a serious issue here.
It's going to be interesting when the Chinese government issues Google a warrant to get data from the US.
Opus: the Swiss army knife of audio codec
Microsoft always sold their cloudservices in the EU with the argument that the data is physically located outside the US so the Patriot Act doesn't apply. Now that this has been proven false, EU-based cloudfirms will use this argument to choose a non-US based firm even more in their commercials than they do already. Good for the non-US based firms.
So would you be in favor of China being able to subpoena any / all of Microsofts records, regardless of where they are stored?
Is there something equivalent to "extradition" laws, but that apply to overseas evidence instead of oversees defendants?
This is like if you to go to a country border to talk with a friend you have at the other side. Each one will stay in their corresponding country without breaking any immigration law, but you can talk through the fences (the air is not restricted to one particular country .. yet). Then, your country authorities could demand the person, at the other side of the fences, to said them what you were talking about when you left the place. But this person has all the right to say nothing, because he/she is living in "another" country, with different rules and laws.
Also, this is co-related with what the Europe rules demand about information their citizen have in other countries. So, this means that each country is not an independent one and that anybody can break the physical borders in their quest about what they think, with their current laws and though, that justice could be?
It seems that a basic international ruling on the Internet it is needed to clarify limits before any judge in any country be able to invent whatever thing that, obviously, will break the other country laws.
I never fail to find the bravado and hubris underlying American exceptionalism... exceptional.
Land of the free... as long as you're not in one of our many many prisons ( http://nomadcapitalist.com/201... ), which has a higher per capita incarceration rate than Cuba, which is second on the list. Oh, and speaking of Cuba, there's always http://en.wikipedia.org/wiki/G....
Home of the brave... because you'd be pretty brave too if your military budget was larger than the nearest eight other countries combined ( http://pgpf.org/Chart-Archive/... )
Where all men are created equal... except, of course, when they're not ( http://www.pbs.org/newshour/ru... ) and a man can make something from himself even if he starts out life with nothing (but probably not): http://money.cnn.com/2013/12/0... )
And where the rule of law is universal and sacrosanct... except in those cases where it's not convenient ( https://www.globalpolicy.org/u... ) and ( https://www.eff.org/nsa-spying... )
Oh well, enjoy your "freedoms".
As said on http://arstechnica.com/tech-policy/2014/07/obama-administration-says-the-worlds-servers-are-ours/
> Companies like Apple, AT&T, Cisco, and Verizon agree. Verizon said (PDF) that a decision favoring the US would produce "dramatic conflict with foreign data protection laws." Apple and Cisco said (PDF) that the tech sector is put "at risk" of being sanctioned by foreign governments and that the US should seek cooperation with foreign nations via treaties, a position the US said is not practical.
Now, the tech sector is "at risk" of being sanctioned by foreign governments...
yeah, i would. it would be a nice reminder about why not to do business with totalitarian states.
and, yes, i also think that this case is a nice reminder for other countries not to do business with the US for exactly the same reason.
"They were pure niggers." – Noam Chomsky
In other news, judges in North Korea, Iran, Indonesia, Saudi Arabia, the UK and China all declare their rulings (regarding international jurisdiction of their respective nations' laws) to have jurisdiction internationally...
Better still, web-based companies with datacenters in many jurisdictions could store your data in a completely distributed fashion, where it isn't possible to retrieve the original without access to all (or at least several) of the servers. So they could subpoena all the data held in the US, and the UK, and Australia, and all the other surveillance states, but without a copy of the complementary data in Switzerland and Belize and on a pirate barge in the middle of the Pacific, they won't be able to reconstruct what you actually have stored up there. Better yet, if they contract with third-party storage providers wholly resident in those other countries, the US (for example) would have zero basis to subpoena those other companies - they are not "doing business" in the United States.
Don't forget that NSA probably has almost everything. They are just trying to make it legal to use them in court by putting up legitimate means of extracting the info.
A modern corporate giant is not one big company across the planet just because their offices all have the same logo outside. Local offices are separate legal entities in each country.
Suppose MegaMultinational, Inc. has its headquarters in New York and it is legally (in NY) ordered to do something by the court. If it commands its German subsidiary MegaMultinational GmbH to "just hand stuff over" this will likely be in contravention of local German law. Why would the local CEO risk jail by complying?
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
This is one more reason to make extra sure that companies that you deal with have zero US presence. In fact in many jurisdictions it would be illegal to follow these US laws due local privacy laws. By doing business in the US, any data on individuals that you have, even stored in other jurisdictions is subject to their laws, meaning you'll often have the choice of breaking US law, or breaking the laws of the country you're in.
Much safer to just avoid all dealings with the USA.
As a reader of Slashdot, I know that Microsoft only exists for the sole purpose of spying on behalf of the US government. So I know that this story is pure fiction. I mean whoever made it up didn't even put much effort into good names; Brad Smith? Come on, that's so generic.
We could potentially end up in a situation where the main branch of MS screams at the EU branch from across the Atlantic and no one over here is willing to comply.
________
Entranced by anime since late summer 2001 and loving it ^_^
I'm not, but if Microsoft operates in that country, it suggests they ok with that.
Nobody's making Microsoft operate in US or China and thereby become subject to their laws. For whatever reason, they decided the rewards were worth the risks. If you think they have chosen unwisely, bring it up at the next shareholder meeting.
You wouldn't have to do business in the country for them to attempt to subpoena you, mind. They can fabricate a reason for doing so.
And told the US courts that it must make its request through them.
is full of crap, which is of course illegal in china. so the CCP can get MS to give them all my incriminating 'speech' because it's saved in the US?
Yeah this is going to be a 'good thing'.
but a New York judge ruled against them, responding to prosecutors' worries that web service providers could just move information around the world to avoid investigation.
IANAL but when information is subpoenaed the company is breaking the law if they move, destroy or hide any requested information. If the party receiving the subpoena is found to have hidden evidence then the judge can rule against them as if the evidence was available and damaging. (it's more complicated than what I'm saying but I think this is the basic process) So I'm not really sure what the prosecutors are worried about that isn't already adequately covered under current law. It would be no different than someone using Fedex to send a paper document to another country. We have that situation covered under current law.
a European court issues an injunction under the European privacy laws against MS handing over the bits?
Lacking <sarcasm> tags,
If the judge can find a person (or company?) in the US that has control of X outside of US jurisdiction,
then maybe the judge can compel the person to bring that X before the court. (Where control means can get it without leaving US jurisdiction.)
If there is no such person, then I don't see how a US judge can compel somebody somewhere else to do anything.
I suspect nobody will be doing business with anybody at this rate.
And how would they enforce their subpoena in this imaginary world where governments you don't ever interact with in any way can somehow affect you personally?
[/american]
Restating the obvious since nineteen aught five.
Is Microsoft UK the *SAME* company as Microsoft USA? I know they have the same marketing/brand and sell the same items, but one is registered as a UK/Eire/EU company for TAX reasons and the other is a registered US one.
In these days of 'Internal Marketplaces' and companies braking into subsidiaries, is the UK arm of a company technically the same company as the parent if they are both under very different jurisdictions ?
Could this ruling be used on a subsidiary of a foreign organisation based in the US to get access to the parent company's data?
Or, to turn it around, could this be used by another nation on a foreign subsidiary of an American company to access the Main companies data?
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
The current justice system has no respect for boundaries and is willing to strip away what ever rights to privacy they feel they need to bring about their form of justice. While I might not be a fan of Microsoft or Apple or any other company which uses loopholes to evade taxes, I don't want to see privacy violated either. This includes corporate entities like Microsoft.
Place something witty here
So being a multinational company you have to operate under all the laws simultaneously? So your US business depatment that only does business in the US has to obey all other countries laws, even through it does not do business there?
When you cant win, ad hominem.
Yeah, but if you don't do business there you don't have to care. North Korea can subpoena me for whatever they want.
This isn't new.
Except maybe to you.
Not doing business in the US is not the same as deciding never to step foot in it, ever.
Shachar
Great, so we can proceed onto a fragmented internet, with China, Russia, India, Brazil, Iran, and the Western world all having their own private enclaves.
Great idea!
A warrant is not something that requires cooperation. It is legal permission for investigators to break-in to a certain place, search for and take listed things. So if this is justified, let them do it!
The warrant should allow particular investigators to break-into whichever servers listed, grep around and download listed items. Done. If they cannot, find 1337r agents. If you need keys, get warrants for physical access to machines.
These "compell" warrants are quite a stretch -- they compell MS to violate EU law, to certify what they turn over, and to never be sure they've fully complied (how could they know they got it all)?
Excuse me but doesn't Ireland get a say in the matter? The warrant being served involves something physically located on a foreign shore, or is it this administrations thinking it can do whatever it wants with another country like it has to it's own citizens. Ireland ought to tell Obama to kiss their shillelagh, that they have jurisdiction in this matter and if you want something you need to request it through diplomatic channels.
China doesn't have jurisdiction over me because I didn't decide to incorporate myself in their jurisdiction. Microsoft decided to incorporate in the US and in Ireland and so they are now subject to the jurisdiction of both countries. Microsoft wants to have their cake and eat it too.
What if someone stored child pr0n on overseas servers? You want them to get out of jail because the data is in a different country? Of course not. Where the data is stored should not matter, not in that case or in any other case.
How convenient for the US that foreigners have all the obligations of our citizens, but none of the rights!
If Microsoft comply, they will be sued by their EU customers and maybe even the EU governments themselves.
There's a reason that jurisdiction applies. You can't be legally required to do something in one country, and then legally required by another country to not do it.
Sorry, US, but if Microsoft comply without getting it right, the EU are likely to fine them into oblivion, and the EU is JUST AS BIG, if not larger, a market as their US market.
Seriously, America, you do not own the world.
A certain paper company used a green energy law that said if you use alternative fuels you can get a tax credit. The paper industry has been burning black liquor since the 1930s and in 2008 figured out they could get the tax credit if they /added/ diesel fuel to their alternative fuel. Congress fixed it within a year. The company did nothing except follow the rules (which are like walking thru a minefield.)
I am pretty sure it is new to most people. Companies typically only have to obeys laws of the countries they are operating in, at the time they are operating in them, the same as citizens.
When you cant win, ad hominem.
Look, it depends on exactly what the law says is illegal whether they've committed a crime.
Sorry, that's just how laws work.
Businesses in Ireland are subject to the EU Data Protection Directive. What happens when those conflict with US rulings? Which jurisdiction prevails?
Geographic location has always been the defining factor in jurisdiction. The US courts are attempting to enforce US law in a manner that undermines the local law of other countries. This is a dangerous precedent to set.
an American judge decides American laws apply to foreign lands. Could you ever imagine the a decision the other way?
So would you be in favor of China being able to subpoena any / all of Microsofts records, regardless of where they are stored?
If they couldn't, then what would you do when a company decides to split a file across every country in the world? Because that's the first thing they would start doing if it meant that getting a single file required hundreds of court cases everywhere, with the failure of even a single one meaning an unrecoverable file.
If you want to set foot in a County so bad then don't break their laws and/or make yourself a target. Its not like you have a right to wander every corner of this earth doing whatever you want.
So being a multinational company you have to operate under all the laws simultaneously? So your US business depatment that only does business in the US has to obey all other countries laws, even through it does not do business there?
The discussion here is that if you have a corporation that does business in two countries, but countries' laws apply. You are talking about a corporation that does business in X being subject to laws in Y where they do not do business. That's a different case, and not the one we are discussing.
Why can't the U.S. authorities just ask the Irish police for assistance? I mean Ireland isn't exactly a lawless country. Thus, I agree with Microsoft in that U.S. warrants are only binding in U.S. territories.
@junktext
I'm going to come down with yes. If a corporations chooses to operate directly in country X they should be subject to the laws of company X. I'd prefer it if all corporations were national and simply traded. Not fully owned subsidiaries but genuinely independent businesses. The UN is not capable nor does it have the right policies to be a global government and without strong controls corporations are a real problem.
Multinationals have operated above the law for far too long. The US is sending a clear message that if you do business in a country you are subject to its laws -- globally.
So from now on, any country in which Microsoft operates can demand access to all its computers in the USA?
I am sure that there are many other solipsists out there.
If they aren't in China then it doesn't matter. This is only about business in the USA.
Sounds fair to me. If you want to be multi-national, there are consequences. MS and Google have been using their multi-national status to avoid paying taxes for years, it's kind of nice to see this come back to cut them.
The NSA isn't about prosecution. The FBI, Customs... would care far more.
Because there are loopholes where things that are illegal in the US are legal in Ireland.
So I take it if you travel to any other country you have no issue if they get a warrant for your material back here to see if you are violating any of their laws while you are a t home...
When you cant win, ad hominem.
All your server are belong to us!
Microsoft is not a Chinese company nor is it Irish. Your straw man needs a little more padding.
Sig. Sig. Sputnik
the wholly owned subsidiary of MS, but subject to IRISH laws which require a court order from an IRISH court to release data.
The disk crashed and we lost the data - like her at the IRS... terribly sorry...
If the data is physically in country A, then the court of country A can ban the company that owns it from releasing it, regardless of its 'ownership' by someone else. And it gets lots more interesting if the data is owned by MS Ireland, not MS USA...
Why doesn't Microsoft just pull an IRS and say "the hard drive crashed, they are no where to be found"
" One of the reasons why companies put data centers in Ireland is to comply with EU rules about the locations of personal information. If the US can pierce EU rules regarding personal information simply because someone in the US has access to the servers, then that could lead to EU rules prohibiting such access." And the US is attempting an end run around the established Interpol channels and other countries' laws. And, in typically ignoramus US fashion, the US is unaware of what precedent it will set, if this is successful, and how it will blow back in their faces, if another country tries it. As much as the US would like to ignore reality, the truth is the servers are in another country, and,no matter who owns them, they are subject to that countries rules and regulations. The US is attempting to impose its laws on the rest of the world. You are right- this is not a matter for the US courts, it is for the world court to decide. And my bet is the WC will decide that the laws of the country where the servers are located will prevail.
Republican leadership = Idiocracy
(Title is ironic)
We really need to find a way to start over with the US. Don't know how that could work without being worse in the interim, but we are in dire straits.(sp?)
If the warrant had been a conventional search warrant Microsoft could have been right since there are territorial restrictions on those warrants, [magistrate judge James Francis of the U.S. District Court of the Southern District of New York] said.
...
However, a search warrant on electronic communications is not conventional but rather a hybrid: part search warrant and part subpoena, he said.
“It is executed like a subpoena in that it is served on the ISP in possession of the information and does not involve government agents entering the premises of the ISP to search its servers and seize the email account in question,” he said.
Moreover, if treated like a conventional warrant, “the burden on the government would be substantial, and law enforcement efforts would be seriously impeded,” Francis said. To obtain the contents of emails stored abroad, U.S. law enforcement would have to comply with treaties that require the cooperation of two governments. Such requests could be time consuming or even denied, Francis said, adding that the U.S. does not have such treaties with all countries.
Source: PCworld
To move data across jurisdictions is trivial. If it were made this easy to stymie law enforcement whenever the evidence in question is electronic data, we'd end up with much bigger problems. They should at least have to go through the trouble of setting up a shell company...
The one valid concern I've seen raised regarding this issue (which I have not seen raised in this specific case) is when such a warrant would be at odds with data privacy laws in the other jurisdiction; this is a lose-lose situation for the party on whom the warrant is served. I'd feel bad for them, but it was their choice to operate across jurisdictions in the firs place, and their responsibility to be in compliance with all parties; if that's not possible, and they choose to operate anyway, I don't pity them at all.
Judge: US Search Warrants Apply to US Corporations.
There. FTFY.
They both prevail. If MS cannot simultaneously abide by both sets of laws they must divest, full stop. Corporations should not be given special treatment in this regard simply because they are multinational entities. The fact of the matter is, the company in Ireland is owned by the US company and thus the US company controls it absolutely and the US company is subject to the laws of the US including subpeonas and search warrants.
The parent post was clearly not written by a Canadian, as any good Canadian knows that Tim Horton's does NOT serve poutine. Otherwise though, your post is spot on.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
If a US court subpoena business records from a US entity, that entity must produce those records or provide a reason why they can not comply. Simply saying that the requested records are with an overseas subsidiary isn't going to fly as the US entity has control of the subsidiary, and thus the US entity can direct the subsidiary to produce the records and the subsidiary cannot say no.
If subpoenas were that easy to evade all multinationals would do it.
Blame the idiots who poorly crafted a law.
I am sure they were masterfully crafted. Never attribute to stupidity that which is adequately explained by malice.
ID: the nose did not occur naturally, how would we wear glasses otherwise? (apologies to Voltaire)
This will finally give the IRS the tools it needs to crack open the books on all those shady Swiss & Cayman tax dodges and make the 1% pay their damn taxes.
man, I crack me up...
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Because it's irrelevant and the Irish police can not do anything here. The "button" to download all the email resides in the US. Someone in Redmond just has to push that button. So the judge says "give us the email", Microsoft says "we can't, it's in Ireland" The warrant is against a US company to provide some evidence, to US based employees who have direct access to that evidence, who can push a button the US to retrieve that evidence. All the Irish police would say is "why are you bothering us?"
If Microsoft does not like this, they can cut off the internet connection to their Microsoft employees in China. The same can't happen here because you'd deprive every Microsoft executive of access to their email if you cut the wires to Ireland. Microsoft only has a moral leg to stand on if it were an Irish company, which is it most certainly not.
And this case is not about Microsoft, it is about an ex Microsoft employee, no one is trying to download all of Microsoft's email. Microsoft is expending more effort in lawyers here than it would take to download the relevant records. The real issue is that Microsoft is pissed off that a government dare tell them what to do; they paid good money for a compliant government. They're worried about a precedent maybe after they expended all that effort into moving vital assets off shore.
This is still true. However many companies do not operate in just one country. Thus a court and impound their property that exists in another country, fine employees that live in other countries, forbid their products from being sold in a certain country, and so on. Microsoft absolutely resides around the world, and needs to comply with the laws of those countries it is in in so far as the activities it does in those countries. A similar state of affairs has been in place for all of history.
The judge is not claiming jurisdiction overseas. The judge is claiming jurisdiction over Microsoft USA, who has stipulated that the data in question exists and that they have access to it.
Another instance of unqualified people being stakeholders in things they know nothing about.
You can not move data, it can only be copied. ( Well, you could put the HDD in a car, but that's not what this ruling is arguing.)
The existing law works. If said data is stored in the US, then copied to UK and the data.US is deleted... that's destroying evidence. There are already laws for this.
This is not what the courts are asking for. They are not requesting physical equipment from Ireland, they are requesting that someone in Microsoft download the the requested emails which can be easily accesed from the US. The emails are "in the cloud". Microsoft can transfer them to any country it wants in the time it takes to process a search warrant.
Microsoft doesn't feel this way though. It avoids a lot of taxes in the US by claiming its assets are overseas. Indeed in this case Microsoft is claiming that the electronic emails don't exist in the US which is ridiculous because the owner of the email account could probably access them in seconds from a mobile phone from anywhere in the US.
You say loopholes and evade taxes. It's like you've presupposed they are doing evil. Despite what they use being called a loophole, if it's legal, don't blame them for playing by the rules. Blame the idiots who poorly crafted a law.
A certain paper company used a green energy law that said if you use alternative fuels you can get a tax credit. The paper industry has been burning black liquor since the 1930s and in 2008 figured out they could get the tax credit if they /added/ diesel fuel to their alternative fuel. Congress fixed it within a year. The company did nothing except follow the rules (which are like walking thru a minefield.)
Legality and morality are different things. While I think it's a bit far to call using tax loopholes evil, there are many well reasoned arguments about how it's immoral to evade paying taxes. For instance because a large company uses loopholes to pay less taxes means others who are unable to take advantage of said loopholes have to pay more taxes. Of course the issue is more complicated than that, companies provide jobs, etc.
On the side about stupid laws, surely no large company has lobbied or otherwise influenced the law to make sure certain loopholes continue to exist. Additionally that area is a legal minefield partially because it limits who can and who cannot take advantage of certain tax breaks or loopholes.
This is not related to privacy, though that is what Microsoft is claiming. If the servers were in the US and the subpoena were not so newsworthy, would it suddenly start being a mere criminal investigation again or would it still be about privacy? Or are any subpoenas for evidence in a criminal case worthy of being called privacy violations?
What draws the line here from this being just any run of the mill evidence subpoena to being a cause celebre privacy rights case? The issue of emails physically residing in Ireland is ridiculous because no one has to travel to Ireland to read the emails and no one has subpoenaed the actual physical hard drives. Microsoft is just pissed off that the government they bought and paid for is not being respectful.
"Seriously, America, you do not own the world."
But also the EU does not own the world.
The possibility that multinational corporation which has split itself up for the purpose of playing different legal jurisdictions off each other has put itself in a position where the pieces create legal liability for other pieces does not necessarily invalidate any of those laws. It may be that they really are running an multinational scam and now they are caught.
I've heard nothing about a US court asking for access to all computers from Microsoft. They have a subpoena for specific emails from a specific person under criminal investigation. If it was a Chinese court investigating a Chinese crime by a Chinese nation who worked for Microsoft who sent emails in China of special interest to the investigation, then they should be able to request those emails from Microsoft.
Essentially, yes, and Microsoft has a choice of complying or not doing business in that country. As a matter of practice, no country is going to do that. In this case, the US courts want specific email that Microsoft has chosen to store in Ireland for reasons of its own. This is not a general fishing expedition into Microsoft Ireland. This would be entirely unremarkable if the email was stored in the US, and the only reason it's interesting is that Microsoft is trying out a new excuse to avoid handing the email over. As the judge pointed out, this would make any sort of discovery or subpoena or search warrant useless against a multinational company.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
I may be having a bad case of deja vu, but wasn't this discussed in detail only recently?
What if someone stored child pr0n on overseas servers? You want them to get out of jail because the data is in a different country? Of course not. Where the data is stored should not matter, not in that case or in any other case.
Let me know how that works out when your GF gets beaten/stoned to death for not wearing her burka in public, because it's against the law in some Islamic countries and by your rationale those laws should apply here too, right?
If a US court subpoena business records from a US entity, that entity must produce those records or provide a reason why they can not comply. Simply saying that the requested records are with an overseas subsidiary isn't going to fly as the US entity has control of the subsidiary, and thus the US entity can direct the subsidiary to produce the records and the subsidiary cannot say no.
If subpoenas were that easy to evade all multinationals would do it.
Perhaps, but what if producing said records is against the law in the other country?
For instance, what if the US requests health care records for an EU employee in a subsidiary? Or, in the reverse, what if an EU company wants the health care records for an employee in a US subsidiary? Does HIPAA apply or EU laws? What if a company headquartered in Saudi Arabia has a US subsidiary, and they catch your GF/wife driving to her job at their subsidiary... do they have the right to give her 50 lashes because women driving is against the law in S.A.?
Another analogy. You have your office on the Mexican border with your office wall right on the border.
You build a save into that wall. The court orders you to turn over the contents of the safe.
You say no, and say they cannot get into it because it is in Mexico.
It is a BS argument, they will keep you in jail for Contempt of Court until you comply.
US corporations or anything incorporated in the USA is going to fall under US law. To allow multinationals anymore exceptions above the law than they already have would be EXTREMELY foolish!
What wouldn't surprise me is how Microsoft could get away with stuff while humans in other countries can not... thinking of what they'll do to Assange or what they are doing to Kim Dot Com who are not under US jurisdiction but are/will be subject to it anyhow... along with anybody else the USA is upset with.
Democracy Now! - uncensored, anti-establishment news
Masterfully crafted after being purchased by lobbyists for the companies. The financial return of lobbying is massive -- more than making cool products people love.
http://papers.ssrn.com/sol3/pa...
That said, I think the nature of the parties in this instance is clouding /.'s judgment. Let's say it was a secure email provider who stored all data offshore, but was a US company. Would /. in general really be so willing to side with the Feds? I doubt it, and I see a lot of potential problems that could hurt real people as a result of this decision surviving appeals.
What changed under Obama? Nothing Good
The Irish police will say "why are you bothering us? Ask an (Irish) judge like you usually do (via MLAT)". It is the judiciary that need to be involved first. Funnily enough that is also what former Irish attorney general and various senior EU officials have said - the correct approach is to use the MLAT, which is there for exactly this purpose. With a warrant from an Irish court the Irish police will be happy to help, should the Irish operators of the Irish data centre need a hand pushing the button in Ireland.
But the US doesn't want to use MLAT, it wants to end-run around it because they run into annoying problems like having to justify their request properly and whether or not their search is a search or a fishing expedition and stuff like whether the Irish user, in Ireland, has actually done anything illegal in Ireland.
Coincidentally,the UK police don't like MLAT process either and have said so in submissions regarding judicial limits of UK RIPA act. They run into annoying things like the US first amendment stopping them getting details of US users posting stuff on US servers that can be read in the UK and is not legal in the UK. If the DOJ succeeds in bypassing the MLAT process with this trick then some UK police forces will be right behind them ( and probably others elsewhere too). At least one of the amicus briefs points that out.
This will open up a big can of worms if it stands, extradition and MLAT treaties are a necessary process to protect both corporations and individuals from conflicting legal jurisdictions. Microsoft is not (just) saying "we can't, it's in Ireland", they are saying "we are not allowed to under the law of the country where the evidence is". Enabling the international rendition of data at the whim of any country's law enforcement doesn't physically extradite anyone, but it could easily end up making international travel a whole lot more interesting and risky. Be careful about exercising your first amendment rights to hate speech if you ever want a European vacation or business trip. Be aware that some EU jurisdictions are actively trying to outlaw anonymity and pseudonymity online...
"Businesses in Ireland are subject to the EU Data Protection Directive. What happens when those conflict with US rulings?"
What happens? Some MS employee with or without Irish roots will never see the Old Country, unless it's the inside of a prison cell.
I think this is great news as this offers a huge incentive for other countries to stand up competing infrastructure to the US and decimate US domination over the Internet.
The Internet I signed up for was never intended to be controlled by a handful of global, massive content companies.
If it is that bad then the answer is to store the data for each country in that country.
But getting the Irish involved is irrelevant. The prosecutor in this case does not want the actual hard drive with the emails. What would the Irish courts actually *do* in this case? Would they send back an email saying "you have our permission to tell your US company to go ahead and retrieve their data from the comfort of their US offices?"
I don't buy the argument that the data is in Ireland. It's not so well localized as that. It flies around all the time to and from "the cloud". There may be caches of it in many countries. The emails were not even originally written in Ireland.
US law certainly does not apply to other countries. If the US regime starts claiming this, then the regime in Washington has gone completely rogue, and must not be tolerated by the civilised world. If this is allowed to stand, then Saudi, Kuwait, Israel, and other nasty regimes with abysmal human rights records, will be able to start applying their laws to US citizens.
What? What he said, while crude , was nothing like that.
He is saying that those in control of the data if subject to the jurisdiction of law can be compelled to deliver access to it even if it resides outside the country or jurisdiction else bad things could happen.
I agree with that premise to. In this situation, it is a product of MS shifting revenue around in order to take advantage of Ireland's low taxes. It demonstrates MS' level of control over that operation.
Can you please nuke these stupid and arrogant Muricans into oblivion so that we do not have to endure their all your bases are belong to us attitude anymore?
Thank you.
But getting the Irish involved is irrelevant. The prosecutor in this case does not want the actual hard drive with the emails. What would the Irish courts actually *do* in this case?
The EU has data protection laws. If the data is personal data and held in Ireland then Irish DPA applies and the data can only be sent outside of Ireland in accordance with the DPA. The Irish courts would give permission (or not...) for the data to be sent elsewhere outside the protection of the DPA, simple.
Would they send back an email saying "you have our permission to tell your US company to go ahead and retrieve their data from the comfort of their US offices?"
It is not their data to do with as they wish under the DPA, in fact most people would consider it is the customer's data - I certainly consider my emails as my data even if they are on ISP servers.
I don't buy the argument that the data is in Ireland.
Then you have MS on perjury.
MS actually makes a big marketing thing about control of data localization in their cloud, precisely so it can sell it as compliant with the DPA in the EU. A lot of MS cloud business in the EU depends on this, and that is why MS will fight it on principle - they will not care about this one individual's emails at all, but the amount of cloud hosting business they stand to lose if a US prosecutor can simply order them to breach the DPA in the EU is enormous.
For us europeans is quite confusing to have USA as our military ally and surveillance enemy.-Ignacio Agulló
Prison cell in which country though? Your wording is very ambiguous.
I assume the US judge applied US law to this case. I assume there are laws in Ireland that place limits on the transfer of data.
So, in Ireland, Irish Microsoft might not be allowed to transfer relevant data that authorities in the USA are legally demanding from USA Microsoft.
This seems to be a trivial example of the complexity of international law which hitherto has gone unnoticed because nobody questioned the practice (don't say, don't ask). (Or, just for fun, the NSA simply got the data without the need to ask anyone).
So this is a test case to see who wins - Ireland/EU standing up for their rights, Microsoft hiring the best legal brains, the Congress insisting that existing US law must be followed.
Clear the ring and place your bets.
"What if someone stored child pr0n on overseas servers? You want them to get out of jail because the data is in a different country?"
There are ways for police in different countries to cooperate. Legal, proven ways.
Your example in particular is one where police and justice systems tend to cooperate readily.
Of course, if this works out, other jurisdictions such as the EU, China and Russia will expect reciprocity.
The problem arises when the NSA or CIA get them selves a nice secret court to appoint them warrents to snoop about foreign intelligence servers and computers . All in the name of counter terrorism of course.
Eg. G8 Geneva 2008, Indie News servers in London.
I have not rtfa but often companies like ms set up new incorporations in each country they do business in. If it is a seperate entity...like say Microsoft(IR). Then maybe its a case of a US judge ordering a US company to turm over documents belonging to an entirly different company in a different jurisdiction.
Aereo took great pains to follow the rules set forth by law and court rulings. And it did not matter.
ish :)
That's good enough for Guantanamo so it should be good enough for you and me, right? :-D
Microsoft is headquartered in the US so they as an entity fall under US law.
What if a third party, of the other country, who has a contract that they will only release evidence if so ordered by a court of competent domain. A US court will not be a competent athority to order a non resident alien corporation to cough up the data. They could also have the data encrypted by a third party, with the decryption key not under Microsoft's control, who will not release the key if Microsoft reveals they have been ordered to reveal it - in which case once microsoft has revealed the court orders existence, the third party can cite that as a duress and not reveal the key.
Honestly, it's as if they want to wreck the US tech industry. I wouldn't be surprised if 20 years from now there was no longer an internet but instead just a bunch of regional intranets and national nets, each one totally disconnected to anything outside. We're already seeing the beginnings of this right now what with China's "Great Firewall" or whatever they call it and Iran's moves in that direction. The US' "What's yours is mine, BEEYOTCH" attitude is only gonna accelerate things.
Not a matter of whether Microsoft or any other multinational "want" to business in China, Ireland or elsewhere. They must to compete. If Microsoft fails to compete, they fail. Next thing you know, Microsoft will be sold to another multinational, maybe Chinese.
At that point when US authorities want data outside the US, answer will be no!
No just about business, this is well established. This is about data and rules not established. After a few conflicts arise, begrudgingly, countries will need to come together and determine how data stored outside a host country is stored. If I means US must go through proper EU channels to obtain Irish data then so be it. Just stop taking short cuts or threatening US multinationals who fail to comply because decided to be lazy.
They don't must anything. US multinations can or cannot run cloud services in Europe. European cloud services can or cannot run services in the USA. Similarly with all the possibilities with China or African countries. There is no must. There are options.
There may be some compromises and treaties in the future and that's fine. If treaties are signed than that becomes USA law. But until then, absolutely US multinationals follow USA law as it exists. If they can't "compete" then fine.
Of course. The USA is the USA, all those other places, they're just countries.
It's OK Bender, there's no such thing as 2.
Did they happen to rule on whether Nigerian princes who use cloud services in the US would be covered by the same thing?
It's OK Bender, there's no such thing as 2.
What are you talking about. USA law applies to the USA. Chinese law applies to China. French law applies to France. Its the Europeans who are trying to export their laws to the rest of the planet.
The original question (in my filtered view) was asking whether you'd be happy with China demanding information stored on US Microsoft servers.
If you're saying that question is hypothetical because China isn't the US then I disagree. Microsoft does business in China. The Chinese government could assert that its control over that data also extends to the US, in exactly the same way as has occurred here.
I don't think people would be anywhere near as comfortable with that.
It's OK Bender, there's no such thing as 2.
And I answered that in this thread. I said it was the wrong question. Microsoft is a USA company. They should be subject to USA law. Conversely Aliyun should be subject to Chinese law even for USA customers. ChinaCache has services in about 10 American cities but the company is Chinese and China is the appropriate regulating body for their service. The services under European law should be ones like Interxion and those should not be subject to USA law.