Judge: US Search Warrants Apply To Overseas Computers

jfruh (300774) writes Investigators in a criminal case want to see some emails stored on Microsoft's servers in Ireland. Microsoft has resisted, on the grounds that U.S. law enforcement doesn't have jurisdiction there, but a New York judge ruled against them, responding to prosecutors' worries that web service providers could just move information around the world to avoid investigation. The case will be appealed.

Finally!

Multinationals have operated above the law for far too long. The US is sending a clear message that if you do business in a country you are subject to its laws -- globally.

Re:Finally!

[i+kan+reed]

Unfortunately, no. Jurisdiction for the crime isn't the same as jurisdiction for evidence.

Re:Finally!

[LordLimecat]

So would you be in favor of China being able to subpoena any / all of Microsofts records, regardless of where they are stored?

Re:Finally!

[retchdog]

yeah, i would. it would be a nice reminder about why not to do business with totalitarian states.

and, yes, i also think that this case is a nice reminder for other countries not to do business with the US for exactly the same reason.

Re:Finally!

[thieh]

Don't forget that NSA probably has almost everything. They are just trying to make it legal to use them in court by putting up legitimate means of extracting the info.

Re:Finally!

So would you be in favor of China being able to subpoena any / all of Microsofts records, regardless of where they are stored?

I'm not, but if Microsoft operates in that country, it suggests they ok with that.

Nobody's making Microsoft operate in US or China and thereby become subject to their laws. For whatever reason, they decided the rewards were worth the risks. If you think they have chosen unwisely, bring it up at the next shareholder meeting.

Re:Finally!

[Nemyst]

You wouldn't have to do business in the country for them to attempt to subpoena you, mind. They can fabricate a reason for doing so.

Re:Finally!

I suspect nobody will be doing business with anybody at this rate.

Re:Finally!

[Yebyen]

And how would they enforce their subpoena in this imaginary world where governments you don't ever interact with in any way can somehow affect you personally?

[/american]

Re:Finally!

[nucrash]

The current justice system has no respect for boundaries and is willing to strip away what ever rights to privacy they feel they need to bring about their form of justice. While I might not be a fan of Microsoft or Apple or any other company which uses loopholes to evade taxes, I don't want to see privacy violated either. This includes corporate entities like Microsoft.

Re:Finally!

[thaylin]

So being a multinational company you have to operate under all the laws simultaneously? So your US business depatment that only does business in the US has to obey all other countries laws, even through it does not do business there?

Re:Finally!

Yeah, but if you don't do business there you don't have to care. North Korea can subpoena me for whatever they want.

Re:Finally!

This isn't new.

Except maybe to you.

Re:Finally!

[Sun]

Not doing business in the US is not the same as deciding never to step foot in it, ever.

Shachar

Re:Finally!

[LordLimecat]

Great, so we can proceed onto a fragmented internet, with China, Russia, India, Brazil, Iran, and the Western world all having their own private enclaves.

Great idea!

Re:Finally!

China doesn't have jurisdiction over me because I didn't decide to incorporate myself in their jurisdiction. Microsoft decided to incorporate in the US and in Ireland and so they are now subject to the jurisdiction of both countries. Microsoft wants to have their cake and eat it too.

Re:Finally!

What if someone stored child pr0n on overseas servers? You want them to get out of jail because the data is in a different country? Of course not. Where the data is stored should not matter, not in that case or in any other case.

Re:Finally!

[ai4px]

You say loopholes and evade taxes. It's like you've presupposed they are doing evil. Despite what they use being called a loophole, if it's legal, don't blame them for playing by the rules. Blame the idiots who poorly crafted a law.

A certain paper company used a green energy law that said if you use alternative fuels you can get a tax credit. The paper industry has been burning black liquor since the 1930s and in 2008 figured out they could get the tax credit if they /added/ diesel fuel to their alternative fuel. Congress fixed it within a year. The company did nothing except follow the rules (which are like walking thru a minefield.)

Re:Finally!

[thaylin]

I am pretty sure it is new to most people. Companies typically only have to obeys laws of the countries they are operating in, at the time they are operating in them, the same as citizens.

Re:Finally!

[i+kan+reed]

Look, it depends on exactly what the law says is illegal whether they've committed a crime.

Sorry, that's just how laws work.

Re:Finally!

Businesses in Ireland are subject to the EU Data Protection Directive. What happens when those conflict with US rulings? Which jurisdiction prevails?

Geographic location has always been the defining factor in jurisdiction. The US courts are attempting to enforce US law in a manner that undermines the local law of other countries. This is a dangerous precedent to set.

Re:Finally!

So would you be in favor of China being able to subpoena any / all of Microsofts records, regardless of where they are stored?

If they couldn't, then what would you do when a company decides to split a file across every country in the world? Because that's the first thing they would start doing if it meant that getting a single file required hundreds of court cases everywhere, with the failure of even a single one meaning an unrecoverable file.

Re:Finally!

If you want to set foot in a County so bad then don't break their laws and/or make yourself a target. Its not like you have a right to wander every corner of this earth doing whatever you want.

Re:Finally!

[praxis]

So being a multinational company you have to operate under all the laws simultaneously? So your US business depatment that only does business in the US has to obey all other countries laws, even through it does not do business there?

The discussion here is that if you have a corporation that does business in two countries, but countries' laws apply. You are talking about a corporation that does business in X being subject to laws in Y where they do not do business. That's a different case, and not the one we are discussing.

Re: Finally!

[junktext]

Why can't the U.S. authorities just ask the Irish police for assistance? I mean Ireland isn't exactly a lawless country. Thus, I agree with Microsoft in that U.S. warrants are only binding in U.S. territories.

Re:Finally!

[jbolden]

I'm going to come down with yes. If a corporations chooses to operate directly in country X they should be subject to the laws of company X. I'd prefer it if all corporations were national and simply traded. Not fully owned subsidiaries but genuinely independent businesses. The UN is not capable nor does it have the right policies to be a global government and without strong controls corporations are a real problem.

Re:Finally!

[Archtech]

Multinationals have operated above the law for far too long. The US is sending a clear message that if you do business in a country you are subject to its laws -- globally.

So from now on, any country in which Microsoft operates can demand access to all its computers in the USA?

Re:Finally!

[jbolden]

If they aren't in China then it doesn't matter. This is only about business in the USA.

Re:Finally!

Sounds fair to me. If you want to be multi-national, there are consequences. MS and Google have been using their multi-national status to avoid paying taxes for years, it's kind of nice to see this come back to cut them.

Re:Finally!

[jbolden]

The NSA isn't about prosecution. The FBI, Customs... would care far more.

Re: Finally!

Because there are loopholes where things that are illegal in the US are legal in Ireland.

Re:Finally!

[thaylin]

So I take it if you travel to any other country you have no issue if they get a warrant for your material back here to see if you are violating any of their laws while you are a t home...

Re:Finally!

[FilmedInNoir]

Microsoft is not a Chinese company nor is it Irish. Your straw man needs a little more padding.

Re:Finally!

They both prevail. If MS cannot simultaneously abide by both sets of laws they must divest, full stop. Corporations should not be given special treatment in this regard simply because they are multinational entities. The fact of the matter is, the company in Ireland is owned by the US company and thus the US company controls it absolutely and the US company is subject to the laws of the US including subpeonas and search warrants.

Re:Finally!

If a US court subpoena business records from a US entity, that entity must produce those records or provide a reason why they can not comply. Simply saying that the requested records are with an overseas subsidiary isn't going to fly as the US entity has control of the subsidiary, and thus the US entity can direct the subsidiary to produce the records and the subsidiary cannot say no.

If subpoenas were that easy to evade all multinationals would do it.

Re:Finally!

[bidule]

Blame the idiots who poorly crafted a law.

I am sure they were masterfully crafted. Never attribute to stupidity that which is adequately explained by malice.

Re: Finally!

[Darinbob]

Because it's irrelevant and the Irish police can not do anything here. The "button" to download all the email resides in the US. Someone in Redmond just has to push that button. So the judge says "give us the email", Microsoft says "we can't, it's in Ireland" The warrant is against a US company to provide some evidence, to US based employees who have direct access to that evidence, who can push a button the US to retrieve that evidence. All the Irish police would say is "why are you bothering us?"

Re:Finally!

[Darinbob]

If Microsoft does not like this, they can cut off the internet connection to their Microsoft employees in China. The same can't happen here because you'd deprive every Microsoft executive of access to their email if you cut the wires to Ireland. Microsoft only has a moral leg to stand on if it were an Irish company, which is it most certainly not.

And this case is not about Microsoft, it is about an ex Microsoft employee, no one is trying to download all of Microsoft's email. Microsoft is expending more effort in lawyers here than it would take to download the relevant records. The real issue is that Microsoft is pissed off that a government dare tell them what to do; they paid good money for a compliant government. They're worried about a precedent maybe after they expended all that effort into moving vital assets off shore.

Re:Finally!

[Darinbob]

This is still true. However many companies do not operate in just one country. Thus a court and impound their property that exists in another country, fine employees that live in other countries, forbid their products from being sold in a certain country, and so on. Microsoft absolutely resides around the world, and needs to comply with the laws of those countries it is in in so far as the activities it does in those countries. A similar state of affairs has been in place for all of history.

Re:Finally!

[Darinbob]

This is not what the courts are asking for. They are not requesting physical equipment from Ireland, they are requesting that someone in Microsoft download the the requested emails which can be easily accesed from the US. The emails are "in the cloud". Microsoft can transfer them to any country it wants in the time it takes to process a search warrant.

Re:Finally!

[Darinbob]

Microsoft doesn't feel this way though. It avoids a lot of taxes in the US by claiming its assets are overseas. Indeed in this case Microsoft is claiming that the electronic emails don't exist in the US which is ridiculous because the owner of the email account could probably access them in seconds from a mobile phone from anywhere in the US.

Re:Finally!

You say loopholes and evade taxes. It's like you've presupposed they are doing evil. Despite what they use being called a loophole, if it's legal, don't blame them for playing by the rules. Blame the idiots who poorly crafted a law.

A certain paper company used a green energy law that said if you use alternative fuels you can get a tax credit. The paper industry has been burning black liquor since the 1930s and in 2008 figured out they could get the tax credit if they /added/ diesel fuel to their alternative fuel. Congress fixed it within a year. The company did nothing except follow the rules (which are like walking thru a minefield.)

Legality and morality are different things. While I think it's a bit far to call using tax loopholes evil, there are many well reasoned arguments about how it's immoral to evade paying taxes. For instance because a large company uses loopholes to pay less taxes means others who are unable to take advantage of said loopholes have to pay more taxes. Of course the issue is more complicated than that, companies provide jobs, etc.

On the side about stupid laws, surely no large company has lobbied or otherwise influenced the law to make sure certain loopholes continue to exist. Additionally that area is a legal minefield partially because it limits who can and who cannot take advantage of certain tax breaks or loopholes.

Re:Finally!

[Darinbob]

This is not related to privacy, though that is what Microsoft is claiming. If the servers were in the US and the subpoena were not so newsworthy, would it suddenly start being a mere criminal investigation again or would it still be about privacy? Or are any subpoenas for evidence in a criminal case worthy of being called privacy violations?

What draws the line here from this being just any run of the mill evidence subpoena to being a cause celebre privacy rights case? The issue of emails physically residing in Ireland is ridiculous because no one has to travel to Ireland to read the emails and no one has subpoenaed the actual physical hard drives. Microsoft is just pissed off that the government they bought and paid for is not being respectful.

Re:Finally!

[Darinbob]

I've heard nothing about a US court asking for access to all computers from Microsoft. They have a subpoena for specific emails from a specific person under criminal investigation. If it was a Chinese court investigating a Chinese crime by a Chinese nation who worked for Microsoft who sent emails in China of special interest to the investigation, then they should be able to request those emails from Microsoft.

Re:Finally!

[david_thornley]

Essentially, yes, and Microsoft has a choice of complying or not doing business in that country. As a matter of practice, no country is going to do that. In this case, the US courts want specific email that Microsoft has chosen to store in Ireland for reasons of its own. This is not a general fishing expedition into Microsoft Ireland. This would be entirely unremarkable if the email was stored in the US, and the only reason it's interesting is that Microsoft is trying out a new excuse to avoid handing the email over. As the judge pointed out, this would make any sort of discovery or subpoena or search warrant useless against a multinational company.

Re:Finally!

[CaptnZilog]

What if someone stored child pr0n on overseas servers? You want them to get out of jail because the data is in a different country? Of course not. Where the data is stored should not matter, not in that case or in any other case.

Let me know how that works out when your GF gets beaten/stoned to death for not wearing her burka in public, because it's against the law in some Islamic countries and by your rationale those laws should apply here too, right?

Re:Finally!

[CaptnZilog]

If a US court subpoena business records from a US entity, that entity must produce those records or provide a reason why they can not comply. Simply saying that the requested records are with an overseas subsidiary isn't going to fly as the US entity has control of the subsidiary, and thus the US entity can direct the subsidiary to produce the records and the subsidiary cannot say no.

If subpoenas were that easy to evade all multinationals would do it.

Perhaps, but what if producing said records is against the law in the other country?

For instance, what if the US requests health care records for an EU employee in a subsidiary? Or, in the reverse, what if an EU company wants the health care records for an employee in a US subsidiary? Does HIPAA apply or EU laws? What if a company headquartered in Saudi Arabia has a US subsidiary, and they catch your GF/wife driving to her job at their subsidiary... do they have the right to give her 50 lashes because women driving is against the law in S.A.?

Re:Finally!

[anagama]

Masterfully crafted after being purchased by lobbyists for the companies. The financial return of lobbying is massive -- more than making cool products people love.

We find firms lobbying for this provision have a return in excess of $220 for every $1 spent on lobbying, or 22,000%.

http://papers.ssrn.com/sol3/pa...

That said, I think the nature of the parties in this instance is clouding /.'s judgment. Let's say it was a secure email provider who stored all data offshore, but was a US company. Would /. in general really be so willing to side with the Feds? I doubt it, and I see a lot of potential problems that could hurt real people as a result of this decision surviving appeals.

Re: Finally!

[ray-auch]

The Irish police will say "why are you bothering us? Ask an (Irish) judge like you usually do (via MLAT)". It is the judiciary that need to be involved first. Funnily enough that is also what former Irish attorney general and various senior EU officials have said - the correct approach is to use the MLAT, which is there for exactly this purpose. With a warrant from an Irish court the Irish police will be happy to help, should the Irish operators of the Irish data centre need a hand pushing the button in Ireland.

But the US doesn't want to use MLAT, it wants to end-run around it because they run into annoying problems like having to justify their request properly and whether or not their search is a search or a fishing expedition and stuff like whether the Irish user, in Ireland, has actually done anything illegal in Ireland.

Coincidentally,the UK police don't like MLAT process either and have said so in submissions regarding judicial limits of UK RIPA act. They run into annoying things like the US first amendment stopping them getting details of US users posting stuff on US servers that can be read in the UK and is not legal in the UK. If the DOJ succeeds in bypassing the MLAT process with this trick then some UK police forces will be right behind them ( and probably others elsewhere too). At least one of the amicus briefs points that out.

This will open up a big can of worms if it stands, extradition and MLAT treaties are a necessary process to protect both corporations and individuals from conflicting legal jurisdictions. Microsoft is not (just) saying "we can't, it's in Ireland", they are saying "we are not allowed to under the law of the country where the evidence is". Enabling the international rendition of data at the whim of any country's law enforcement doesn't physically extradite anyone, but it could easily end up making international travel a whole lot more interesting and risky. Be careful about exercising your first amendment rights to hate speech if you ever want a European vacation or business trip. Be aware that some EU jurisdictions are actively trying to outlaw anonymity and pseudonymity online...

Re:Finally!

[nospam007]

"Businesses in Ireland are subject to the EU Data Protection Directive. What happens when those conflict with US rulings?"

What happens? Some MS employee with or without Irish roots will never see the Old Country, unless it's the inside of a prison cell.

Re: Finally!

If it is that bad then the answer is to store the data for each country in that country.

Re: Finally!

[Darinbob]

But getting the Irish involved is irrelevant. The prosecutor in this case does not want the actual hard drive with the emails. What would the Irish courts actually *do* in this case? Would they send back an email saying "you have our permission to tell your US company to go ahead and retrieve their data from the comfort of their US offices?"

I don't buy the argument that the data is in Ireland. It's not so well localized as that. It flies around all the time to and from "the cloud". There may be caches of it in many countries. The emails were not even originally written in Ireland.

Re:Finally!

[sumdumass]

What? What he said, while crude , was nothing like that.

He is saying that those in control of the data if subject to the jurisdiction of law can be compelled to deliver access to it even if it resides outside the country or jurisdiction else bad things could happen.

I agree with that premise to. In this situation, it is a product of MS shifting revenue around in order to take advantage of Ireland's low taxes. It demonstrates MS' level of control over that operation.

Re: Finally!

[ray-auch]

But getting the Irish involved is irrelevant. The prosecutor in this case does not want the actual hard drive with the emails. What would the Irish courts actually *do* in this case?

The EU has data protection laws. If the data is personal data and held in Ireland then Irish DPA applies and the data can only be sent outside of Ireland in accordance with the DPA. The Irish courts would give permission (or not...) for the data to be sent elsewhere outside the protection of the DPA, simple.

Would they send back an email saying "you have our permission to tell your US company to go ahead and retrieve their data from the comfort of their US offices?"

It is not their data to do with as they wish under the DPA, in fact most people would consider it is the customer's data - I certainly consider my emails as my data even if they are on ISP servers.

I don't buy the argument that the data is in Ireland.

Then you have MS on perjury.

MS actually makes a big marketing thing about control of data localization in their cloud, precisely so it can sell it as compliant with the DPA in the EU. A lot of MS cloud business in the EU depends on this, and that is why MS will fight it on principle - they will not care about this one individual's emails at all, but the amount of cloud hosting business they stand to lose if a US prosecutor can simply order them to breach the DPA in the EU is enormous.

Re:Finally!

Prison cell in which country though? Your wording is very ambiguous.

Re: Finally!

"What if someone stored child pr0n on overseas servers? You want them to get out of jail because the data is in a different country?"

There are ways for police in different countries to cooperate. Legal, proven ways.

Your example in particular is one where police and justice systems tend to cooperate readily.

Of course, if this works out, other jurisdictions such as the EU, China and Russia will expect reciprocity.

Re: Finally!

I have not rtfa but often companies like ms set up new incorporations in each country they do business in. If it is a seperate entity...like say Microsoft(IR). Then maybe its a case of a US judge ordering a US company to turm over documents belonging to an entirly different company in a different jurisdiction.

Re:Finally!

[equivocal]

Aereo took great pains to follow the rules set forth by law and court rulings. And it did not matter.

Re:Finally!

[Leofcwen]

Microsoft is headquartered in the US so they as an entity fall under US law.

Re:Finally!

[aurizon]

What if a third party, of the other country, who has a contract that they will only release evidence if so ordered by a court of competent domain. A US court will not be a competent athority to order a non resident alien corporation to cough up the data. They could also have the data encrypted by a third party, with the decryption key not under Microsoft's control, who will not release the key if Microsoft reveals they have been ordered to reveal it - in which case once microsoft has revealed the court orders existence, the third party can cite that as a duress and not reveal the key.

Re: Finally!

Not a matter of whether Microsoft or any other multinational "want" to business in China, Ireland or elsewhere. They must to compete. If Microsoft fails to compete, they fail. Next thing you know, Microsoft will be sold to another multinational, maybe Chinese.

At that point when US authorities want data outside the US, answer will be no!

No just about business, this is well established. This is about data and rules not established. After a few conflicts arise, begrudgingly, countries will need to come together and determine how data stored outside a host country is stored. If I means US must go through proper EU channels to obtain Irish data then so be it. Just stop taking short cuts or threatening US multinationals who fail to comply because decided to be lazy.

Re: Finally!

[jbolden]

They don't must anything. US multinations can or cannot run cloud services in Europe. European cloud services can or cannot run services in the USA. Similarly with all the possibilities with China or African countries. There is no must. There are options.

There may be some compromises and treaties in the future and that's fine. If treaties are signed than that becomes USA law. But until then, absolutely US multinationals follow USA law as it exists. If they can't "compete" then fine.

Re:Finally!

[aybiss]

Of course. The USA is the USA, all those other places, they're just countries.

Re:Finally!

[jbolden]

What are you talking about. USA law applies to the USA. Chinese law applies to China. French law applies to France. Its the Europeans who are trying to export their laws to the rest of the planet.

Re:Finally!

[aybiss]

The original question (in my filtered view) was asking whether you'd be happy with China demanding information stored on US Microsoft servers.

If you're saying that question is hypothetical because China isn't the US then I disagree. Microsoft does business in China. The Chinese government could assert that its control over that data also extends to the US, in exactly the same way as has occurred here.

I don't think people would be anywhere near as comfortable with that.

Re:Finally!

[jbolden]

The original question (in my filtered view) was asking whether you'd be happy with China demanding information stored on US Microsoft servers.

And I answered that in this thread. I said it was the wrong question. Microsoft is a USA company. They should be subject to USA law. Conversely Aliyun should be subject to Chinese law even for USA customers. ChinaCache has services in about 10 American cities but the company is Chinese and China is the appropriate regulating body for their service. The services under European law should be ones like Interxion and those should not be subject to USA law.

It's almost sane(really)

[i+kan+reed]

Going to take a position I know will be unpopular in this thread, but:

The leverage they have is that you're accused of committing a crime within the borders of the US, and evidence you have access to can be demanded under a warrant that covers details related to that crime. Their physical inability to seize it by force(because it's in another jurisdiction) is about as relevant as their inability to unlock your bank safe. Either way they can punish you for not turning over evidence that is covered by the warrant.

Re:It's almost sane(really)

It's all well and good so long as the USA don't mind, say, a Russian court issuing a warrant for data held on servers in the USA.

Re:It's almost sane(really)

[hawguy]

Going to take a position I know will be unpopular in this thread, but:

The leverage they have is that you're accused of committing a crime within the borders of the US, and evidence you have access to can be demanded under a warrant that covers details related to that crime. Their physical inability to seize it by force(because it's in another jurisdiction) is about as relevant as their inability to unlock your bank safe. Either way they can punish you for not turning over evidence that is covered by the warrant.

Is there any circumstance where you think USA prosecutors should not be allowed to force foreign entities to hand over evidence without going through that country's legal system?

Like if I'm arrested for smoking pot in the USA and USA prosecutors want to search my bedroom back home in Amsterdam to collect proof of my drug habit, you think its ok for USA police to force my parents to let them search my bedroom back home (or enter their home by force)? Even if my "crime" is only a crime in the USA?

Re:It's almost sane(really)

[disposable60]

Or China, Iran, Pakistan, Myanmar or North Korea - you know, countries in which dissent of (heavens!) heresy/apostasy are capital offenses.

Re:It's almost sane(really)

[CanHasDIY]

Like if I'm arrested for smoking pot in the USA and USA prosecutors want to search my bedroom back home in Amsterdam to collect proof of my drug habit, you think its ok for USA police to force my parents to let them search my bedroom back home (or enter their home by force)? Even if my "crime" is only a crime in the USA?

I'm having trouble determining whether this is a really good analogy, or a really bad one... Leaning towards the former.

Re:It's almost sane(really)

[drinkypoo]

It's all well and good so long as the USA don't mind, say, a Russian court issuing a warrant for data held on servers in the USA.

There's nothing wrong with that, so long as they don't propose to use force to retrieve the data.

Re:It's almost sane(really)

If the data is relevant to a case where Russians are using USA servers to hide information related to crimes committed in Russia I don't really see a problem.

Re:It's almost sane(really)

[tomhath]

If a Chinese company has data on a server in the US and routinely accesses that data, can the US government suddenly say the company can no longer have access to the data because a Chinese judge issued a warrant for it?

That seems different than the Chinese government demanding data from a US company like twitter when the data is stored on a server in the US

Re:It's almost sane(really)

The court is free to force YOU to turn over whatever evidence YOU have access to then. So you could turn over your password or you could download all your e-mails and turn them over to the court. I don't see how that means the court can then go to a 3rd party operating in a foreign country and force them to turn over information about you.

Re:It's almost sane(really)

A Russian court issuing a warrant for data held by a Russian company on servers located in the US but controlled by the Russian company would be consistent with this ruling.

Re:It's almost sane(really)

[silfen]

Why would "the USA mind"? Any country is free to issue warrants for whatever it wants. But, in practice, it can only enforce them within its jurisdiction or via treaty.

The US can enforce its warrant against Microsoft because Microsoft operates within its jurisdiction. Microsoft has to decide whether it values more operating in the US or whether it values the privacy of its foreign operations more. I think it's pretty clear how that's going to shake out.

Re:It's almost sane(really)

[i+kan+reed]

Here's how it works:

1. You're a government.
2. You have leverage over the entity in question.
3. Your own legal system allows it.

Without 2, you've got nothing, but the case in question is pretty clearly targetting providers who might move information. Not those that don't operate in the US at all.

Re:It's almost sane(really)

[TRRosen]

That is a completely irrelevant example. Were not talking about subpoenaing a foreign company or entity. We are talking about forcing companies operating in the US to turn over information that is in their possession (under there control).

The basic concept here is that data does not exist in the physical world. Where the electrons are is irrelevant if the entity that controls it exists in the US.
         

Re:It's almost sane(really)

[CanHasDIY]

OK, thought of a good counter analogy:

- You've hidden bombs on public transit all over the country, and the list of where you hid them is stored on a server in the UK; should the government be able to get a warrant for that information?

And a not so appropriate, yet still thought provoking one:

- You're a serial killer in the US, but every time you murder someone you drive to your Canadian cabin in the woods to hide the body; should the US be able to get search warrants for said cabin?

Re:It's almost sane(really)

"Like if I'm arrested for smoking pot in the USA"

Do we even know if the owner of this email account has committed a crime here in the US? A lot of countries are going crazy in regards to prosecuting (or in some cases harassing) individuals who commit "crimes" OUTSIDE their country (including the US). There was one recent case I believe where someone was denied entry into the US because they had smoked pot abroad. To modify your example what if you traveled to the US for a visit and were arrested, while searching your belongings they found photos of you smoking pot in Amsterdam and despite no proof that you had done so here in the US proceeded to add that to the charges (assuming there were any others).

Re: It's almost sane(really)

Don't give an EMPLOYEE IN RUSSIA access to the material.

Basically they are suing he ADMINS at desks in the USA for data that THEY CAN ACCESS in other countries.. But FROM their desk in the USA. This really isn't that much of a stretch.

Re:It's almost sane(really)

[0a100b]

Using some force may be acceptable, like waterboarding Satya Nadella to get the data...

Re:It's almost sane(really)

The US should be able to get search warrants...

wait for it...

In Canadian courts. MIND BLOWN.

Re:It's almost sane(really)

[Nemyst]

To both cases: this is why organizations like Interpol exist. So a police force from one country can work in tandem with another to solve a case that crosses national borders. If the US want data stored in an Ireland server, they should work with the police there to get it, instead of saying that their jurisdiction extends worldwide unilaterally.

Re:It's almost sane(really)

They could also issue a subpoena against you, under threat of enhanced prosecution if you refuse.

Re:It's almost sane(really)

[Dragonslicer]

Is there any circumstance where you think USA prosecutors should not be allowed to force foreign entities to hand over evidence without going through that country's legal system?

Microsoft isn't a foreign entity.

Re:It's almost sane(really)

[hawguy]

That is a completely irrelevant example. Were not talking about subpoenaing a foreign company or entity. We are talking about forcing companies operating in the US to turn over information that is in their possession (under there control).

The basic concept here is that data does not exist in the physical world. Where the electrons are is irrelevant if the entity that controls it exists in the US.

       

What if the data was in my locked briefcase in Microsoft's London office.... Do you think they should just hand it over to USA prosecutors without going through the UK's legal process?

Re:It's almost sane(really)

[hawguy]

OK, thought of a good counter analogy:

- You've hidden bombs on public transit all over the country, and the list of where you hid them is stored on a server in the UK; should the government be able to get a warrant for that information?

Of course they should... Through a UK court, not a USA court.

Re:It's almost sane(really)

Someone has been watching WAY too much 24/Homeland/other "national security" drama. 99.99% of warrants are for relatively low level crimes (money laundering, tax evasion, theft). And while police should be allowed to take some shortcuts in extreme situations I don't think we should shred the constitution, national sovereignty & citizens rights over stuff like an accountant cooking some income tax returns.

Re:It's almost sane(really)

[TRRosen]

Yes Microsoft is a US operating entity it is obligated to turn over its information.

Re:It's almost sane(really)

OK, thought of a good counter analogy:

- You've hidden bombs on public transit all over the country, and the list of where you hid them is stored on a server in the UK; should the government be able to get a warrant for that information?

No... But the government of whatever country you're talking about could inform the British police about the evidence pointing to that server. It is then up to the British police to decide if they want to ask a British judge for a search warrant. If they get the search warrant, the search is conducted by the British police, not the government of another country.

And a not so appropriate, yet still thought provoking one:

- You're a serial killer in the US, but every time you murder someone you drive to your Canadian cabin in the woods to hide the body; should the US be able to get search warrants for said cabin?

No... But it would make sense, if they told the Canadian police about it. The Canadian police can then decide, if they want to ask a Canadian judge for a search warrant. If a search warrant is issued, the cabin will be searched by the Canadian police, not the US.

Re:It's almost sane(really)

Everything I am aware of do exist in the physical world. A war loving US new born christian?

Re:It's almost sane(really)

What if Russia decides it's a crime to not praise Putin twice a day?

Re:It's almost sane(really)

[Culture20]

I thought Interpol existed to catch Carmen SanDiego.

Re:It's almost sane(really)

So Microsofts foreign offices are basically US embassies?

Re:It's almost sane(really)

[NatasRevol]

You might want to go look up what is a crime in those countries. You better be ok with ALL their laws.

Re:It's almost sane(really)

[Dredd13]

If an American citizen owns the house in Amsterdam, how is that any different than the American company owning the server in Europe?

As an American citizen, in that revision of the analogy, be could be compelled to allow US investigators to search his Amsterdam residence.

Would you support that? Cuz "hellz no" for my part

Re:It's almost sane(really)

[Dredd13]

No, they should not be able to get warrants for either. They should approach law enforcement in the country where they wish to execute a search and gain their cooperation. If there is a legitimate crime, and the search is in compliance with their local laws, they will happily assist.

Re:It's almost sane(really)

[Ghostworks]

But this is how it already works. For example, China could say to Google "give us access to G-Mail or we'll just block it completely, may be even kick your company out". Then it's a game of chicken. But China does have the right under their laws to block G-Mail or ban Google, as well as to demand unreasonable things from resident companies as the price of doing business. Laws everywhere have always worked this way. This is not new.

Now the question: if (beyond a certain point) businesses really have no choice but to deal with corrupt regimes, and customers have no choice but to deal with businesses that deal with corrupt regimes, what protects consumers in one jurisdiction from corruption in another? The answer is competing laws. If China imposes harsh penalties for failing to do X, but the U.S. or Europe impose equally harsh penalties for doing X, then businesses torn between them actually have some refuge through ceded responsibility.

This is exactly how U.S. bribery laws work: "We would love grease your palms, great Poo-bah, but U.S. law says that if we do then we can't do business there, which would mean we also don't have business to do here, so please don't even ask." When there is risk of cross-corruption in the market, it is the government's responsibility to step in and throw up a wall.

(As a side note, this notion of ceded responsibility is why there are some industries that actually petition for _stronger_ regulations. For example, it's common in some parts for large arms dealers to have to "sweeten the pot" with government buyers by agreeing to pay for side projects, such as the construction of a hospital, as a condition of sale. This is a cost arms dealers would rather avoid, so they petitioned Congress for years to have such "gifts" declared a form of illegal bribery.)

Re:It's almost sane(really)

[NatasRevol]

You might want to cite some reference for you position.

Make sure to include references where they're also operating in separate countries.

http://www.microsoft.com/en-gb...

Re:It's almost sane(really)

[NatasRevol]

http://www.microsoft.com/en-gb...

Re:It's almost sane(really)

[TRRosen]

Not at all relevant. We're talking about data that is controlled and accessible by US entities.

Re:It's almost sane(really)

[Ghostworks]

Is there any circumstance where you think USA prosecutors should not be allowed to force foreign entities to hand over evidence without going through that country's legal system?

Sadly, if you have a brick and mortar presence and employees in a country, operating under the legal auspices of a corporation under the laws of that country, you probably don't have much right to claim to be a "foreign entity". A better example would be "if an Amsterdam tourist is suspected of trafficking drugs, and the DEA gets a warrant to search his hotel room in the U.S." That's still not an example of what we're talking about in the article, but it's a more accurate version of a "foreign entity operating in the U.S." than your example.

Re:It's almost sane(really)

[JohnNemesh]

That is the best analogy I have seen so far. Moreover, it allows the US to search the house WITHOUT the consent or cooperation of the foreign government! The EU has laws protecting the data of it's citizens. By complying with US law, and allowing the data to be handed over to US authorities, they will be in violation of the EU laws! This puts MS (and every other American tech company) in a VERY awkward position! Do they break US law or EU law? Either way, they will be breaking SOMEONE'S laws, whether they hand over the data or not! This is also going to accelerate the decline of the use American tech overseas. Germany has already stated that they are moving to open source software, due in no small part to the NSA's overreaching spying programs...and the UK has also expressed interest in moving away from Microsoft products and services. Expect those governments, as well as other foreign and multinational corporations to move even more quickly away from US tech to keep their data secure and away from the prying eyes of the NSA, CIA and other US agencies! Another casualty here will be the "cloud". NO ONE outside of the US is going to trust their sensitive data with Amazon, Microsoft, or Google (or any others based in the US) if the US takes the position that all data, stored ANYWHERE IN THE WORLD, is subject to their laws and could be searched and/or seized at any given moment, with or without the consent, permission or knowledge of foreign governments! This court just, single-handedly, shot the entire American tech sector squarely in the balls. It's going to have ramifications that will take YEARS to sort out.

Re:It's almost sane(really)

[Dredd13]

And in my revised analogy, the residence is controlled and accessible by US entities (the US citizen who owns it).

Re:It's almost sane(really)

Well thats all fine and dandy but this bullshit is just going to drive all commerce and business and lively hood overseas or into the international NWO arena.

This is just the deterioration of the USA's ability to function as a National community.

Re:It's almost sane(really)

[DutchUncle]

Microsoft is an American company. The court is asking Microsoft for license and registration, whichever pocket it happens to be in at the moment (oops, I meant email and whichever server). That's different from you being a Dutch citizen (I assume if you are from Amsterdam) and being arrested for doing something *here*. The comparison would be, if a Dutch court wanted to talk to you about your account on a US game company's servers.

Re:It's almost sane(really)

[DutchUncle]

You've hidden bombs on public transit all over the country, and the list of where you hid them is stored on a server in the UK; should the government be able to get a warrant for that information?

On "24", someone would just hang you over the side of a building and threaten to drop you.

Re:It's almost sane(really)

[Jane+Q.+Public]

The leverage they have is that you're accused of committing a crime within the borders of the US, and evidence you have access to can be demanded under a warrant that covers details related to that crime.

Yes, but:

This may be true but it sidesteps one if the big points here: U.S. courts do not have jurisdiction abroad.

They might be able to sanction and punish the corporation for hiding its evidence, but it has no literal authority to otherwise force it to produce that evidence (like for example police action).

If the courts can punish Microsoft for not producing evidence in Ireland, why cannot it then punish Senators for not producing evidence of income hidden in the Bahamas?

Re:It's almost sane(really)

[CaptainDork]

Appreciate that no country is being served a subpoena to hand over data.

Microsoft has been served with a subpoena.

Microsoft is saying, "that data is being stored out of your jurisdiction."

The court is saying, "No matter, the defendant and you are within our jurisdiction."

Microsoft is the custodian of the data and, most likely, is the only entity that can comply with the subpoena.

Re:It's almost sane(really)

[CaptainDork]

Sorry, but servers don't have a bathroom. That's the difference.

Re:It's almost sane(really)

[CaptainDork]

"... stored on a server in the UK ... "stored" is vague. If the server belongs to Microsoft, then Microsoft can reach out to its assets and grab data.

Re:It's almost sane(really)

[Minwee]

- You're a serial killer in the US, but every time you murder someone you drive to your Canadian cabin in the woods to hide the body; should the US be able to get search warrants for said cabin?

This may sound a little bit crazy, but murdering people was recently declared illegal in Canada too. All Special Agent Scully would have to do is pick up the phone and call her counterpart with the RCMP (They recently had phone service installed at both of their igloos!) who would then search the cabin for her, looking for evidence of a crime as defined by Canadian law. Once that was found it there would be some discussions at the nearest Tim Horton's over poutine and coffee (double-double, naturally) about just who would be charged and tried under what laws and whether evidence would be canoed across the border to the USA or the suspect extradited to Canada, Eh.

It's almost as if this sort of thing has come up before. The situation gets more interesting when a US citizen does something which is only illegal in the USA but not Canada. Something like failing to volunteer to join the army, supporting an unpopular political party or copying music from CD to a tape.

Re:It's almost sane(really)

This is like Russia issuing warrants for data owned by a Russian company, stored on servers owned by that Russian company, that are physically located in the US.

The warrant is a requirement is for the company/person the receives the warrant to produce the data in question. That's all. How the subject of the warrant produces the data is not a concern of the courts.

Re:It's almost sane(really)

Not relevant. This warrant was issued to Microsoft in the US, ordering the company to produce the data.

Re:It's almost sane(really)

[Hotawa+Hawk-eye]

That is a completely irrelevant example. Were not talking about subpoenaing a foreign company or entity. We are talking about forcing companies operating in the US to turn over information that is in their possession (under there control).

I'm just playing devil's advocate here, but IS the data under Microsoft US's control? Or is the data on a computer under the control of Microsoft Ireland (which I'm guessing is a separate corporation, if for no other reason than tax purposes) to which they've granted Microsoft US certain access? If the latter, could Microsoft US be forced to use the access it's been granted by another corporation to access information owned by that other corporation to grab the data for the US government?

What's Microsoft's corporate structure look like, and does the DOJ have a different answer for that question than the IRS?

Re:It's almost sane(really)

[Aqualung812]

Let's run with that analogy:

You're presently in the US, the house you own is in Amsterdam.

You'd be correct that the US can't force the Dutch to execute a search warrant.

That is completely irrelevant, though. You're in the US and perhaps in jail awaiting trial. You've been issued a valid order by a US court to permit US law enforcement into your home in Amsterdam. If you interfere, are you not obstructing US justice?

Re:It's almost sane(really)

[TRRosen]

Actually doesn't matter if your US or Foreign a subpoena is a subpoena. You must produce the evidence if it is in your control. Where the evidence is irrelevant you are within the jurisdiction you are compelled to produce it. This has been applied to physical documents. Not this is not seizing evidence it is compelling an entity to produce it.

Re:It's almost sane(really)

[Dredd13]

No. Because the United States has no jurisdiction past the borders of its sovereign territory. It can certainly compel me to go there (and then hope that I don't flip them the bird as soon as I'm on another nation's soil), but it has no legal authority to compel any actions that cannot be wholly performed within its jurisdiction.

Re:It's almost sane(really)

[zlives]

don't be gay... i mean really or might loose your head

Re:It's almost sane(really)

[Aqualung812]

Ok, so we agree. I accept and agree that you could try to gain asylum in Amsterdam as soon as you walk off the plane.

Now, take your analogy to what TFA is actually talking about. You could SSH or RDP to your computer sitting in Amsterdam from a US government computer in the states, and hand it to them after logging in. As you said, the action (the command on the computer you are using) is wholly performed on US soil.

Agree?

Re:It's almost sane(really)

A judge in the US unilaterally decides to create a treaty to extend US warrants around the world! It's not arrogance, it's ignorance.

I'm convinced that our higher courts are decided by politics, and the ability for the justice to "whack the monkey". Nobody really knows what happens when you intentionally click on an internet pop-up ad, but it would explain our Supreme Court.

Re:It's almost sane(really)

[AmiMoJo]

The complication here is that supplying that data may well breech Irish law. The Irish employees probably couldn't supply it themselves legally, but it isn't clear what happens if they simply take no action to prevent US employees accessing it. The EU has fairly strong data protection rules that include a responsibility to protect data from authorized or illegal access.

I imagine the Irish subsidiary of Microsoft has already consulted their lawyers on this very point.

Re:It's almost sane(really)

[Archtech]

"But, in practice, it can only enforce them within its jurisdiction or via treaty".

Or by threats of overwhelming violence. A situation that comes close the obliterating the distinction between law and brute force.

Re:It's almost sane(really)

[jbolden]

Good point with the bribery analogy.

Re:It's almost sane(really)

Logically it would extend that DNA from a US Citizen found it's way onto the Crown Jewels, they could be impounded as evidence in a murder investigation.

It's kind of like how our courts and congress have found so many exclusions to the Constitution and the Geneva Conventions by reclassifying people.

So I think we've got at least a working formula of how jurisprudence in America goes;
A) You are a corporation -> YES you have rights and trade secrets.
B) You are a human without power - > NO you are lucky we don't call you an enemy non-combatant. Begone!
C) You are in another country and not a multinational corp, see B.

Re:It's almost sane(really)

[jbolden]

Hold on. Your analogy is missing something crucial.

Case 1: The bedroom is in a condo that belongs to your parents -- this ruling wouldn't apply even by analogy
Case 2: The bedroom is a rental and is owned by an American company -- then this ruling would apply by analogy. And yes USA courts should have jurisdiction.

Re:It's almost sane(really)

[Archtech]

"The basic concept here is that data does not exist in the physical world. Where the electrons are is irrelevant if the entity that controls it exists in the US".

That is a really, really lame idea. Whether or not "data" exists in the physical world, something physical must exist for anyone to be able to use that data. Where the electrons are, that is where the data is for all practical purposes.

If the corporation that controls the data were to be dissolved and cease to exist, the data would still be right there as long as the electrons continue to exist and do their thing.

Re:It's almost sane(really)

[jbolden]

What if the data was in my locked briefcase in Microsoft's London office.... Do you think they should just hand it over to USA prosecutors without going through the UK's legal process?

Yes. Microsoft USA has a legal obligation to get it from Microsoft UK even if the data is in the London office. Microsoft UK may not care but Microsoft USA must.

Re:It's almost sane(really)

[WatchMaster]

well this case has nothing to do with warrants, so the analogy is not valid. The legal action is a subpoena, which is a totally different thing. The subpoena directs microsoft representatives to produce documents under their control. No law-enforcement action or searching is involved.

Re:It's almost sane(really)

I look forward to the americans rationalizing how this is ok but the european right to be forgotten is overreaching.

Re:It's almost sane(really)

[Dredd13]

No. The "terminal" is wholly performed on the local screen. The *connection* crosses an international boundary to a place where the US has no jurisdiction.

Worse, circling back to TFA, the US LEO would be attempting to coerce me into violating the law in the EU, which itself would be a violation of US law (CFAA).

- The UK-based server is a "protected computer" (defined as a computer "used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States") [emphasis added]
- I would be violating section (2) ("intentionally accesses a computer without authorization or exceeds authorized access", because my authorized access cannot exceed the legal authorization for where the computer is located)
- I would then be obtaining "information from any protected computer;"

So by obeying law enforcement in this matter you have committed a prima facie violation of 18USC1030(a)(2)(c), punishable by up to ten years in prison, as well as committed a criminal act under EU privacy law.

Re:It's almost sane(really)

[i+kan+reed]

Because any federally elected office can only be tried by impeachment under the constitution.

Re:It's almost sane(really)

[jbolden]

Yes an American citizen owning a house in Amsterdam could be forced to turn over materials in this house. The American has an obligation to follow not flout USA law including answering warrants and subpoenas.

Re:It's almost sane(really)

If a corporation operating in Russia, and therefore subject to Russia's laws, is controlling the data on servers in $COUNTRY, why should Russia not be able to compel that corporation to cough up the data?

Re:It's almost sane(really)

[jbolden]

The legal situation has already been cleaned up, though Microsoft isn't happy about it. Microsoft has already published on this since the last ruling. What they are asserting is that the foreign customer (business) that uses Azure is knowingly transferring their data to the USA (regardless of where the physical servers are) when they use Azure and thus they are the ones legally responsible. So far that seems to be pasting muster with the EU.

I.e. Azure sells to company X in France. Company X has data that is subject to privacy laws. By company X using Azure they are the ones moving the data to the USA violating French law. Which turns this into a France / French company issue and not an Microsoft / France issue. Better for everyone to regulate.

Re:It's almost sane(really)

[jbolden]

They do that all the time. Why shouldn't they be able to regulate actions in foreign countries. The whole idea of diplomatic recognition is that governments recognize each other as legitimate and agree to some level of cooperation and coordination. Trade relations enhance this further. Other specific treaties extend it even further.

So for example American airlines (or any plane that flies to the USA) still have to follow USA maintenance schedules even if the plane is currently abroad.

Re:It's almost sane(really)

[Dredd13]

Those warrants and subpoenas have the value of toilet tissue as soon as you try to execute them off-shore.

And the execution of a search warrant happens "where the thing to be searched is", not "where people who have access to it are".

Re:It's almost sane(really)

[jbolden]

The structure is this
Microsoft Washington owns a Nevada corporation owns a Bermuda corporation owns Microsoft Ireland. The data is on Microsoft Ireland's physical servers but they hire Microsoft Washington for services and another subsidiary for licensing.

Re:It's almost sane(really)

Why would "the USA mind"? Any country is free to issue warrants for whatever it wants. But, in practice, it can only enforce them within its jurisdiction or via treaty.

The US can enforce its warrant against Microsoft because Microsoft operates within its jurisdiction. Microsoft has to decide whether it values more operating in the US or whether it values the privacy of its foreign operations more. I think it's pretty clear how that's going to shake out.

No they are demanding that Microsoft Ireland give data for a case with Microsoft USA which is a sepert company and in violation of European law, if they fallow through with the warrent they will be commiting a crime

Re:It's almost sane(really)

[jbolden]

If the courts can punish Microsoft for not producing evidence in Ireland, why cannot it then punish Senators for not producing evidence of income hidden in the Bahamas?

They can, they have (though I don't know about senators but certainly Americans) and they still do.

Re:It's almost sane(really)

[Dredd13]

Aha, but if American Airlines wanted to pick a particular 747 and only fly it in ${otherCountry}, and then only hold it to ${otherCountry}'s maintenance standards, that would be legal. The only time the FAA gets jurisdiction over the piece of equipment is when American Airlines decides it wants to fly it either in US airspace or to/from a US-controlled airport.

Let me turn that around on you: Should the Chinese government be able to compel a Chinese company, with operations in the US to turn over data, stored in the US, where doing so would be a violation of US law? If "ChinaCo" was a military contractor and had a bunch of classified material on servers here in the US, should the US just roll over and allow China to "subpoena" the US-based blueprints for the new Stealth weapon? Why or why not?

Re:It's almost sane(really)

[opus_magnum]

It's funny, almost the same happened years ago in Brazil with Orkut.
See http://slashdot.org/story/06/0...

Re:It's almost sane(really)

[Zero__Kelvin]

Really? So if the courts believe I have a gun stored in a lock box in another country they can compell me to go to that country, pick it up, and bring it to them? Are you sure about that? Maybe you want to think about it some more?

Re:It's almost sane(really)

No, Lupin III

Re:It's almost sane(really)

[silfen]

Or by threats of overwhelming violence. A situation that comes close the obliterating the distinction between law and brute force.

There is no violence more "overwhelming" than that possible by a state against an individual citizen, whether in the US, Europe, or Russia; and that is what all law at the national level is backed by. Therefore the "distinction" you want to draw between law and brute force doesn't exist: "law" is always, and can only ever be, what is ultimately backed up by brute force.

Re:It's almost sane(really)

No. Because the United States has no jurisdiction past the borders of its sovereign territory.

Based on the border situation, they can even control their own jurisdiction.

Re:It's almost sane(really)

[Joel+Cahoon]

If someone physically in Russia (or China, Iran, Pakistan, Myanmar or North Korea) allegedly violates the laws of their country, and the evidence of such resides on a server in the U.S., then no, I have no problem with, nor control over, said country imposing punishment on that person if they refuse to produce this evidence when lawfully required. My opinion on the laws of another state are irrelevant in this matter, if I am to respect their sovereignty. And if I don't respect their sovereignty, this issue is of least concern.

Re:It's almost sane(really)

[Joel+Cahoon]

...force foreign entities to...

That's simply not what's happening. Please RTFA.

Re:It's almost sane(really)

[Aqualung812]

Your case is only true if Dutch law PREVENTED YOU from accessing your own system.

You own the computer, therefore your access of the system is legal.

You are in US custody, and can be compelled to provide items under court order.

You then legally access your own system remotely, then retrieve the items in question.

Re:It's almost sane(really)

[Joel+Cahoon]

The EU has laws protecting the data of it's citizens. By complying with US law, and allowing the data to be handed over to US authorities, they will be in violation of the EU laws! This puts MS (and every other American tech company) in a VERY awkward position! Do they break US law or EU law? Either way, they will be breaking SOMEONE'S laws, whether they hand over the data or not!

I know, right? Poor Microsoft, they're just trying to operate a giant multinational corporation in peace...they can't be expected to comply with ALL the laws, now can they? How were they to know they might be putting themselves in an awkward position straddling jurisdictions? I mean, give them a break!

Re:It's almost sane(really)

[Dredd13]

Not at all. If EU law prevents me from turning over data (as it would in this case) then I have exceeded my statutory authority by doing so.

The data physically sits in the EU, so my property rights over that data are subject to EU statutory limitations. Under EU law, I don't have an absolute property right to use and distribute that data as I deem fit, I can only do so in compliance with EU law. As EU law would NOT allow me to release that information, any attempt to do so is a violation of my legal authority, which puts me in violation of the CFAA.

Re:It's almost sane(really)

If you were served with a subpoena to produce something you had stored in an overseas residence and didn't comply you would be in contempt. The court doesn't care where it is, only that you have control of it.

Re:It's almost sane(really)

[Aqualung812]

As EU law would NOT allow me to release that information...

Is that a true statement?
My understanding, which may be wrong, is that EU law would not compel you to release that information. However, if you chose to (because you wanted to be released from jail in the US), then the EU would not prevent you.

Re:It's almost sane(really)

[jbolden]

Should the Chinese government be able to compel a Chinese company, with operations in the US to turn over data, stored in the US, where doing so would be a violation of US law?

Absolutely yes. For example if Huawei USA had a cloud provider that should be regulated by China since that's the only government with real leverage over them.

If "ChinaCo" was a military contractor and had a bunch of classified material on servers here in the US, should the US just roll over and allow China to "subpoena" the US-based blueprints for the new Stealth weapon? Why or why not?

Yes which is why the USA military should never ever ever contract out secret weapons systems to a non-USA company.

Re:It's almost sane(really)

[Dredd13]

No. My understanding of the case at hand is that EU privacy laws do not allow for the release of the data without an EU-issued warrant/subpoena/equivalent.

Their privacy laws are much much stronger than ours. You can't simply do what you want with PII in the EU.

Re:It's almost sane(really)

[BobMcD]

Then let the Russian people either praise Putin twice a day or fix their law.

They are adults, too, you know. Perfectly capable of running their own affairs.

Re:It's almost sane(really)

[jbolden]

Those warrants and subpoenas have the value of toilet tissue as soon as you try to execute them off-shore.

Not really. That's precisely the point you are arguing against the USA is executing them off-shore. And in the case of the search of the Amsterdam house someone who refused to comply could get charged with obstruction of justice, and go to a USA jail. That's how you get compliance.

And the execution of a search warrant happens "where the thing to be searched is", not "where people who have access to it are".

Search warrant, yes. Search warrants don't usually ask for active cooperation. Subpoena on the other hand require cooperation. You are required to go get the records and turn them over to X. Most companies facing a search warrant actively cooperate since failure to actively cooperate can be taken into account in assessing damages. So the warrant itself doesn't compel cooperation but it comes just short.

Re:It's almost sane(really)

[Dredd13]

{agree(disagreement)}

Re:It's almost sane(really)

Such a warrant better be ultra-specific. Say they insist you are hiding data overseas but aren't - Will the accused be in contempt of court for not producing "evidence" which doesn't exist? When you are accused of murder falsely, you aren't held in contempt when you don't produce a murder weapon. This seems like a violation of the 5th Amendment. If the court can go get it, let the court go get it. Producing this information isn't the accused job. There shouldn't be any punishment to the accused for not complying here.

Re:It's almost sane(really)

[Aqualung812]

So, the crux of the issue is what the EU laws apply to: Their citizens only, all people in their borders, or all people and objects in their borders.

Very interesting.

Re:It's almost sane(really)

If an American citizen owns the house in Amsterdam, how is that any different than the American company owning the server in Europe?

As an American citizen, in that revision of the analogy, be could be compelled to allow US investigators to search his Amsterdam residence.

Would you support that? Cuz "hellz no" for my part

No, it is not about US investigators searching the house.

It is about US investigators telling the American citizen, who is physically in America, "produce this document that we know you have access to". The US investigators do not step into the foreign house/computer at all.

The fact that a person (citizen or not) is physically in in the US means that they are subject to US laws and courts (and court orders).

In this case Microsoft has control and access to servers in Ireland. As another example, I used to officially work for "Softco Canada Ltd", but the parent company was "Softco Inc" whose HQ was in California; my manager and a team mate or two were also in California and work for Inc. A US court could not order me to produce anything, but they could tell my co-workers to SSH into a Canadian server--or go to jail if they didn't.

The only way to prevent this would be for companies to have independent subsidiaries with firewalled networks between legal entities, and have the 'chain of command' not be tied to the US company besides at the board level.

Re:It's almost sane(really)

I think this is a decent analogy. If the court is able to obtain this evidence legally under US law concerning evidence, I see no problem with it. The line is drawn in forcing the accused (or representatives of the accused) to be complicit in the search. I think that clearly violates the 5th Amendment. In other words, if the courts can get it, they can go get it, but forcing Microsoft to produce it is wrong.

Re:It's almost sane(really)

[BobMcD]

Those warrants and subpoenas have the value of toilet tissue as soon as you try to execute them off-shore.

So, Microsoft is moving off-shore, then?

Because if for some reason they decide to remain in the jurisdiction, it might reveal a flaw in the analogy. Namely, a person has less at stake in expatriating to Amsterdam than a massive corporation.

Re:It's almost sane(really)

Okay folks. The data, the servers, the employees, what ever else Microsoft has in Ireland are subject to the laws of THAT land, not the US of A's.
Microsoft can transfer the data only to the extend that Irish law allows. If Ireland is a member of some law saying something like
"Because of privacy, you can't send the data to another country without a court order." And the court order will have to be obtained from the country where the data, the servers, the employees reside - Ireland in this case, not the good ole US of A.

Re:It's almost sane(really)

They couldn't, but believe it or not there is a lot of international cooperation when it comes to investigating and prosecuting dangerous crimes and criminals. If your lock box was in Canada, you can bet on Canada approving and executing the search. If your lock box was in Somalia, they may have some problems. This isn't as uncommon as one may think. The difference in the posted article is forcing the ACCUSED to produce the information. This violates self-incrimination very clearly.

Re:It's almost sane(really)

Seems like 90% of the comments here really do not get the issue. The fact that the data is in another country is a red herring, and has nothing to do with the ruling.

The "person" (corporate entity in this case) committed a crime in one jurisdiction, they are being tried in that jurisdiction and so the the authorities there can compel the person to produce the evidence required.

This has nothing to do with a foreign government, foreign servers, etc. They are simply telling the person you must turn over this data/item/whatever that is in your control, or we will hold you in contempt of court. The fact that the person may have stashed it overseas is no different than if they put the data on an encrypted thumb drive in their bank. The court can't / won't retrieve it on their own, they will simply take actions against the person in there control if their request isn't met.

Re:It's almost sane(really)

The laws of the United States to not force companies to comply with United States law when they operate outside of the United States. Companies always comply with local laws & customs. For instance, in some counties, we don't hire women because the neanderthals that buy the product don't believe they should be in the workplace. This is a clear violation of US law, but the operation is outside the jurisdiction of the United States. If a company is accused of sexual harassment on-shore, those foreign operations simply cannot be used against them.

Re:It's almost sane(really)

All of this is moot... "random item" in another country is to "random data"... as "Stealing" is to "Piracy".

One is real and the other is digital, and both are vastly different.

Re:It's almost sane(really)

[jbolden]

Sorry not sure what you are saying.

Re:It's almost sane(really)

[orlanz]

Separate company or not, controlling interest is with Microsoft USA. This isn't the US demanding Iresoft, an independent Irish company with no US presence, turn over data. It is the US demanding something of a US company's subsidiary.

Re:It's almost sane(really)

[Dredd13]

We'll agree to disagree. . :)

Re:It's almost sane(really)

[HiThere]

Well, yes...but if it's illegal (under Irish law) for the company in Ireland to transmit the data to the US, they they are demanding that the company chartered in Ireland under Irish law comit a crime.

I don't know that that applies in this particular case, but there is much information that the EU forbids export of to any country that doesn't protect the information. And that definitely includes the US, where personal information is seen as a corporate asset over which the individual has no right.

In fact, I find it quite plausible that the demanded information might be illegal for the Irish company to transmit. (This goes contrary to the assertion made earlier that the agent of MS merely needs to push a button located in the US and the information will appear...unless there's criminally sloppy systems design.)

Re:It's almost sane(really)

hey, all 'murricans are the property of Land of the Fee, Home of the Slave. Jurisdiction is irrelevant, all that matters is King Hussein Obama's directives. Fucking Oceania, always starting shit.

Re:It's almost sane(really)

[jbolden]

Fair enough.

Re:It's almost sane(really)

[Frobnicator]

Actually doesn't matter if your US or Foreign a subpoena is a subpoena. You must produce the evidence if it is in your control. Where the evidence is irrelevant you are within the jurisdiction you are compelled to produce it. This has been applied to physical documents. Not this is not seizing evidence it is compelling an entity to produce it.

That is all very correct.

Note that first off, this is a warrant rather than a subpoena. This was covered in depth when the magistrate ruled on it. If they are looking for specific information and the company can review it and provide the information then a subpoena is the correct tool. The police stated in both reviews that they are searching for a broad range of documents and that they want their own discretion to review all of them associated with the email address. You wrote "This is not seizing evidence it is compelling an entity to produce it". If they could have just seized a US server, they would have gladly stormed the office and taken the entire box, as is the custom with a warrant. In this case they could not seize a specific computer and they could not justify attempting to seize all of Microsoft's mail servers. A subpoena would normally be the correct implement, but that is not what the police are using. They want a huge amount of stuff rather than specific stuff, which is why they are using a warrant.

Next, you are correct about things being in your control. Microsoft Corporation is a US based company. Microsoft Ireland is a different company. It is more along the lines of an umbrella company. Much like you have Viacom as the big NASDAQ traded company, then you have Viacom International, Paramount Pictures, BET Networks, and the rest. You don't sue Viacom (the parent) when you want documents from Paramount Pictures. Viacom owns Paramount but they don't control Paramount's documents. Similarly the police are going against Microsoft Corporation in Seattle when they should have been suing Microsoft's Irish subsidiary. The US based corporation owns the Irish subsidiary, but they don't control the documents of the subsidiary.

So as has been written, they are using the wrong tool, on the wrong company, in the wrong country. There is a proper way to do things, and this is not it. Microsoft is going to win this one in the long term. The judge may understand some aspects of law, but he clearly doesn't understand corporate organization and ownership.

Re:It's almost sane(really)

[suutar]

If I understand it right, they're telling MSUSA "we want this info." MSUSA says "It's in Ireland." The court says "You can get it, therefore you have to get it and give it to us." They're still leaning on MSUSA, not MSIreland; MSUSA just has to coordinate with MSIreland to get the data. If MSUSA is unable (which really means unwilling, unless MSIreland is trying to screw MSUSA over) to get the data, then they get in trouble.

None of this (so far) seems to mean that the court can compel MSIreland _directly_ to do anything.

Re:It's almost sane(really)

[taustin]

If the accused is in Russia, and can access the data from there, then why would the US have a problem with it? The warrant applies to Microsoft, not the data.

Re:It's almost sane(really)

[Jane+Q.+Public]

Um, JUST NO. I really don't know where you might have gotten that idea, but it's false.

Re:It's almost sane(really)

and if the bedroom is in canada, and the bedroom is RIGHT ON the border, where I can reach through the fence and into the bedroom window?

'cause that's how accessible that data is to microsoft.

Re:It's almost sane(really)

[Krishnoid]

This is exactly how U.S. bribery laws work: "We would love grease your palms, great Poo-bah, but U.S. law says that if we do then we can't do business there, which would mean we also don't have business to do here, so please don't even ask."

"Let's take a short break from this conference call to get some coffee. We'll be back in the room in about 10 minutes."

[company's on-site agent provides consideration to Poo-bah]

[conference call resumes]

"I'm glad we both understand our situation."

Re:It's almost sane(really)

Is there any circumstance where you think USA prosecutors should not be allowed to force foreign entities to hand over evidence without going through that country's legal system?

Microsoft isn't a foreign entity.

Which part of it?

There's a reason companies incorporate different branches in different countries. Its to avoid having to worry about complying with conflicting laws. MS UK only has to worry about complying with UK laws, MS US worries about US laws.

The US government is taking the wrong people to court. But since they have the ability to coerce the people they do have in court, they are trying to force the people they can coerce into getting them what they want from the people they can't.

The analogy were looking for is me hauling you into court because I don't have access to your friend who lives over seas, but knowing your close relationship to your friend, I demand you go and get things I want from him. And if you don't help me, I get to punish you for contempt of court, or obstructing justice, or whatever else I can think of that means "not doing what I say".

Re:It's almost sane(really)

[Darinbob]

The jurisdiction though seems irrelevant. Microsoft can retrieve the email at any time. The fact that this one subset of "the cloud" actually resides in Ireland is just a handy excuse so that Microsoft doesn't have to type in a command into a computer in the US. I can bet that if they got a subpoena from an Irish court that Microsoft would still not comply (Irish police can't compel someone in the US to type in a command). If at any point Microsoft wanted to, a Microsoft employee could transfer all the requested data out of Ireland and into another country, without leaving the desk.

Re:It's almost sane(really)

[Darinbob]

I don't see a problem with that. Corporations have been saying that our data is all really in the cloud, not any particular nationality (we know it's a fiction but...). However of a Russian court demanded that a Russian Microsoft employee retrieve some email by typing commands into a Russian computer, then Microsoft in the US only has to cut the data link to Russia and it becomes ineffective, or transfer that data to another country. In this case, a US court is asking a US company to have a US resident type a command into a US based computer.

And don't forget, this is not about data fishing, this is not about spying, this is about a criminal investigation.

Re:It's almost sane(really)

[suutar]

as soon as you say bomb, you hit "public safety" exceptions to a lot of stuff, which means your analogy is less parallel than you may think.

Re:It's almost sane(really)

[roman_mir]

I see a lot of negativity in your post directed at Microsoft and I wonder what kind of confusion of ideas turns a person into what you are, you are absolutely on the side of governments and against the individual freedoms and liberties. What happened, did you get beat up a lot as a child or something?

Re:It's almost sane(really)

[Applehu+Akbar]

If I were Microsoft I would use the IRS defense: "Oops, I just bricked the hard drive you wanted! And I accidentally recycled it so you peone will never get to even see it. My bad!"

Re:It's almost sane(really)

[david_thornley]

Huh? While you're in the US you do not have direct control over your Amsterdam bedroom. Microsoft US does have direct access to the emails. (Or it did, at least, and the courts aren't going to look kindly on a party that deliberately hides evidence.)

Re:It's almost sane(really)

[Darinbob]

It's irrelevant to the US though. No one is saying Russia invades the US to get the data. That data can be retrieved from within Russia without having to even leave a desk. If it's some law we think is immoral we still get no say in it. We can send around diplomats all we want but if there's a physical ability within Russia to access the internet then the data can be retrieved.

The only times this is not the case is if the data is not accessible from the internet and is instead stored on archival media only in a way that a person must physically retrieve it.

Re:It's almost sane(really)

[Darinbob]

It's more like a Chinese company has data stored on one of ITS OWN computers in the US, which it can retrieve at any time whether or not the US agrees. The only way the US could prevent this is if it cut the data lines, and that's too much disruption just to foil a benign and legal criminal investigation.

Re:It's almost sane(really)

But this is how it already works. For example, China could say to Google "give us access to G-Mail or we'll just block it completely, may be even kick your company out". Then it's a game of chicken. But China does have the right under their laws to block G-Mail or ban Google, as well as to demand unreasonable things from resident companies as the price of doing business. Laws everywhere have always worked this way. This is not new.

It seems though that this is opening up an entirely new legal precedent, one which USA companies may not like at all. If a judge in the USA can apply a search warrant to overseas computers, what is to stop a judge in France from issuing a warrant for company records in the USA? For example, say Dailymotion files a civil complaint against Google/YouTube. If this legal precedent stands then Google's legal team is going to have a hard time arguing that a judge in France has no standing to issue warrants for their records. Or, so it would seem to me.

Re:It's almost sane(really)

[david_thornley]

I don't think it's legal for EU companies to export some data to the US anyway. Microsoft Liechtenstein might have to maintain its own servers in the EU that are not under the control of Microsoft US. If Microsoft US doesn't have control, Microsoft US can't be compelled to produce it. Of course, a EU court might require Microsoft Liechtenstein to hand over data.

Basically, every cloud service is controlled from somewhere on the planet that is under some country's jurisdiction, and that country can issue legal orders to get that data. This isn't just a US thing.

Re:It's almost sane(really)

[CaptnZilog]

What if the data was in my locked briefcase in Microsoft's London office.... Do you think they should just hand it over to USA prosecutors without going through the UK's legal process?

Yes. Microsoft USA has a legal obligation to get it from Microsoft UK even if the data is in the London office. Microsoft UK may not care but Microsoft USA must.

So if MSUSA gets the demand for the data, and they ask MSUK for it, and MSUK says "no, it's against UK law for us to give you that" - does MSUSA sue MSUK in a UK court, spending MS money on lawyers on both sides (US & UK) to basically sue themselves for access? Or should they simply tell the government "MSUK says it's against UK law, you'll have to take it up in the UK courts" and the US govt then takes MSUK to UK court to try and get it?

Re:It's almost sane(really)

[TampaBay]

Let's move this from the digital realm. What if this was a series of letters stored in a safe deposit box in an Irish bank, which was a wholly owned subsidiary of Bank of America? I'm not a legal mind, what does case law say about this?

Re:It's almost sane(really)

[CaptnZilog]

The legal situation has already been cleaned up, though Microsoft isn't happy about it. Microsoft has already published on this since the last ruling. What they are asserting is that the foreign customer (business) that uses Azure is knowingly transferring their data to the USA (regardless of where the physical servers are) when they use Azure and thus they are the ones legally responsible. So far that seems to be pasting muster with the EU.

I.e. Azure sells to company X in France. Company X has data that is subject to privacy laws. By company X using Azure they are the ones moving the data to the USA violating French law. Which turns this into a France / French company issue and not an Microsoft / France issue. Better for everyone to regulate.

So, in essence, everyone in the world should stop using US services entirely.
I'm sure that helps the US economy greatly. (/sarcasm)

Re:It's almost sane(really)

[CanHasDIY]

as soon as you say bomb, you hit "public safety" exceptions to a lot of stuff, which means your analogy is less parallel than you may think.

Well, considering how many computers involved in "public safety" run some variant of Windows... perhaps it's more parallel than you realize.

Mind you I'm playing Devil's Advocate at this point, as I've already conceded that it's better to err on the side of less government power rather than more.

Re:It's almost sane(really)

[NatasRevol]

You may not call it invading. The US may not call it invading.

Russia, or especially North Korea, might.

Re:It's almost sane(really)

[Darinbob]

This case does NOT involve asking foreign entities to hand over evidence. Read the article and the attachments. Microsoft can get this data from within the US at any time. No one has to go overseas. This is a crime in the US and the evidence for all practical purposes exists in the US. The Irish police have no easier access to this data locally unless they went to grab the physical servers (far exceeding the limited scope of the warrent).

Your analogy has absolutely not resemblance to this case. Except perhaps if you had a briefcase full of drugs that was locked, and you claim that you can't unlock it because your combination to the lock is on the phone in your pocket but you can't use the phone because the account is with a Dutch provider.

Re:It's almost sane(really)

[Darinbob]

That's an interesting aside, but it has nothing to do with this particular case. In your example there is no access to the data within the US, so UK must get involved. In the actual non-hypothetical case Microsoft can get the requested data within five minutes without leaving Redmond.

Re:It's almost sane(really)

[CaptnZilog]

OK, thought of a good counter analogy:

- You've hidden bombs on public transit all over the country, and the list of where you hid them is stored on a server in the UK; should the government be able to get a warrant for that information?

And a not so appropriate, yet still thought provoking one:

- You're a serial killer in the US, but every time you murder someone you drive to your Canadian cabin in the woods to hide the body; should the US be able to get search warrants for said cabin?

First case, yes, since we have treaties with the UK for such things they should be able to contact GCHQ or whoever in the UK and get a warrant for them to get that information and turn it over to the US authorities (assuming they have actual evidence that the server in question actually contains that information).

And yes to the second, again the US has treaties and a 'working relationship' with Canada and I'm sure they could get the RCMP to work with them to raid the Canadian cabin and search the woods for hidden bodies - again, assuming they have some actual evidence to warrant such a request.

Note that if it's a server in North Korea, or a cabin in North Korea the guy is somehow getting the bodies back to, this may be a moot point since we have no real diplomatic relations with NK - they may, however, comply anyways if requested, who knows - point being that it is up to the country in question to comply with our request, they are not "bound" by our laws, but in the interest of cooperation they might agree.

Re:It's almost sane(really)

[ihtoit]

dammit, you wrote pretty much what I was going to write. A warrant is used to gather evidence the nature of which is unknown but *potentially* pertinent to an investigation. A subpoena is a mandate to produce evidence which is known (usually as the result of an investigation) and specific.

MS don't have a leg to stand on here as I understand the situation. Because they ordinarily have access to the data, it stands to reason that there is no physical impediment to them producing it in response to a warrant. Ergo, no lawful excuse for them to not produce it. Because a warrant is a judicial direction, noncompliance is a summary contempt (in most jurisdictions).

A side note: to anyone arguing for MSEire being outside US jurisdiction, I would cite precedent if I could be arsed hunting it down but I have heard of at least one case where a subsidiary company operating to hide data from another jurisdiction was found by a local court to be in violation of local laws prohibiting such behaviour and basically handed jurisdiction over to the other guys - before they took the directorship in for racketeering.

Re:It's almost sane(really)

Nonsense, the US should immediately send Seal Team Six on a mission across national boundaries into Canada, violating your sovereign borders, to invade the Cabin in question and search for bodies. If the RCMP decides to get in their way, they should just start slaughtering your local police for getting in the way of their 'investigation'. While we're at it, we might as well blow away your government and put in a 2-bit puppet dictator like we do in other places around the world that don't agree with us, in the name of 'democracy and freedom'.

Re:It's almost sane(really)

[ihtoit]

this is what Interpol and local LEO is for. ALL that is needed is validation of the warrant. Which takes about three minutes over the phone.

Worn that t-shirt.

Re:It's almost sane(really)

[ihtoit]

that's called spoliation (assuming it is subject to a subpoena in which case there is no denying it exists or did exist).

Chasing data across jurisdictions is fun. Particularly when they don't know that you know precisely where it is.

Re:It's almost sane(really)

[sl149q]

The question is who controls the servers not where the servers are.

In this case a court in the US is instructing a US company that owns or controls servers to retrieve the data from the servers. In this case the servers may be located in another country and may even be owned by a subsidiary. But there is still a clear ownership from the parent through to the servers. So the US court can coerce and enforce a judgement.

Slightly more troubling is the recent example of the second scenario. A BC court has ordered Google to block some results worldwide. Google Canada does not control Google. And a Canadian court will have trouble hauling a US company into court. Google will appeal but it is a troubling decision where a court wants to exert world wide control over a non resident.

Re:It's almost sane(really)

[ihtoit]

summary judgement, and what's the name of the individual who shredded the hard drive? Send him to us, we'd like to put him in a deep dark hole for ten to fifteen.

Re:It's almost sane(really)

Wrong, you have no real concept of how multinational corporations are setup, MS in the US is a seperated entity from MS in Ireland.

Re:It's almost sane(really)

[CanHasDIY]

What is this? A well thought out comment that takes into consideration the relationships between different nations?

Get that crap out of here, this is Slashdot! If you can't respond with a knee-jerk reaction or sci-fi based reference, you're doing it wrong!

Re:It's almost sane(really)

[jbolden]

In the case of Azure the top administrative level is in the USA so they have direct access. MSUK doesn't need to even know or be involved. Which keeps them clean. If they didn't have direct access the courts would fine the heck of MSUSA until MSUK gave it up on the assumption that the parent company probably does have ways to get it if they really want it. Which of course they do

Re:It's almost sane(really)

[jbolden]

So, in essence, everyone in the world should stop using US services entirely.

If they don't want to subject to USA law, yes. Same way I shouldn't use Chinese services if I don't want to be subject to Chinese law.

Re:It's almost sane(really)

[jbolden]

this is what Interpol and local LEO is for. ALL that is needed is validation of the warrant. Which takes about three minutes over the phone.

Interpol does coordination primarily for arrests. They don't do warrants. The prosecutor would need to get the local court to agree to the search before local LE intervenes. Which is possible and done all the time. This has come up because US prosecutors are asserting they don't need to follow that procedure it is optional when it comes to US hosting providers and USA courts are agreeing. They have asserted that all of Azure is legally domestic and the courts agree.

Re:It's almost sane(really)

[suutar]

I was specifically thinking of the "public safety" exception to needing to read a detained suspect his Miranda rights before questioning him. Normally if a cop grabs you, throws you to the ground, and starts demanding answers, what you say can be excluded because he didn't read you your rights. But if the subject under discussion is a bomb that he thinks you planted on a car, what you say can still be used against you because public safety concerns allow him to not take the time.

Although rereading your example, it might be harder to actually skip UK government involvement due to public safety than to skip the "get a warrant" requirement to go after a safe deposit box in the US.

Re:It's almost sane(really)

Nonsense, the US should immediately send Seal Team Six on a mission across national boundaries into Canada, violating your sovereign borders, to invade the Cabin in question and search for bodies. If the RCMP decides to get in their way, they should just start slaughtering your local police for getting in the way of their 'investigation'. While we're at it, we might as well blow away your government and put in a 2-bit puppet dictator like we do in other places around the world that don't agree with us, in the name of 'democracy and freedom'.

Jeez, you're going to invade us? You retards can barely tie your shoes. How will Seal Team Six hold their guns and drool buckets at the same time?

Re:It's almost sane(really)

[NoKaOi]

Like if I'm arrested for smoking pot in the USA and USA prosecutors want to search my bedroom back home in Amsterdam to collect proof of my drug habit, you think its ok for USA police to force my parents to let them search my bedroom back home (or enter their home by force)? Even if my "crime" is only a crime in the USA?

I don't think that's what this ruling is saying. They're saying that you're obligated to produce the evidence. I don't know the details of how (the only thing that's certain is the articles lack of details), maybe give them remote access. Either way, there are ways to do this without stepping foot in Ireland or requiring the Irish police to do anything...the key here being that they're requiring somebody who his physically in the US to do something, and they can be in contempt if they don't. Otherwise, if they were trying to get the Irish police to do something, they'd have to request (not require, and maybe through the Department of State) that Ireland obtain the evidence and send it to them, which most countries are likely to do as long as it's a crime in both countries and they think it's important enough to spend their time on.

Even if my "crime" is only a crime in the USA?

Isn't that pretty much how extradition normally works? Yes, I realize this doesn't apply to this case, just academically interesting. CountryA will only send you back to requesting CountryB if the crime you're accused of is also a crime in CountryA, or it falls under a list of specific types of crimes.
For example, the extradition treaty between the US and Netherlands specifies:

b. Offenses, whether listed in the Appendix to this Treaty or not, provided they are punishable under the Federal laws of the United States of America and the laws [10] of the Kingdom of the Netherlands.

However, it's also listed under the specific types of crimes:

28. Offenses against the laws relating to the traffic in, or the possession, production or manufacture of narcotic drugs, cannabis, psychotropic drugs, cocaine and its derivatives, and other dangerous drugs and chemicals.

Not the same thing as your analogy, but it's interesting that if you're accused of possessing weed in the US and flee to the Netherlands, the Netherlands is obligated to send you back to the US to face prosecution.

Oh, and there's also a kicker that could apply to somebody like Snowden:

1. Extradition shall not be granted when in the view of the Requested State the offense for which extradition is requested is of a political character, is connected with an offense of a political character, or it is established [12] that extradition is requested for political purposes.

Re:It's almost sane(really)

One thing that points towards the latter, with this analogy searching for physical evidence is being compared to searching for virtual evidence. They can retrieve the virtual evidence without ever setting foot in Amsterdam, while the physical evidence would require being physically there. Now this could become more interesting if Amsterdam (and potentially every other country in the world) passed laws stating that search warrants for data located on servers physically located in the country shall not be honored without the search being justified under the country's laws.

Re:It's almost sane(really)

If your main residence is in the USA then yes. Microsoft may operate worldwide but their main base is right here in Murika, that said Murikan companies should be bound by Murikan laws.

Re:It's almost sane(really)

No they cannot! It's called the 4th and 5th amendments. They can search my premises, but they cannot compel me to turn over evidence that may incriminate me Including emails and passwords, unless it's in plain site, or unencrypted on a physical medium, that would be covered in the search.

Re:It's almost sane(really)

[akozakie]

If you are right, then this lawsuit is simply one of several steps it will take to make Azure (and others) a complete failure in the EU market. If by using Azure you're subjecting yourself to US jurisdiction and accept responsibility for any breaches of EU law that result from this... Bye bye US-owned cloud services.

Go ahead, shoot yourselves in the foot. The US is burninig goodwill like there's no tomorrow...

Re:It's almost sane(really)

[countach]

"The US can enforce its warrant against Microsoft because Microsoft operates within its jurisdiction. "

I dare say Microsoft operates within almost every jurisdiction on earth, in some form or another.

Re:It's almost sane(really)

[countach]

And what if this contravenes EU privacy policies, and if Microsoft UK obeys it, those employees would be risking jail time?

Re:It's almost sane(really)

[countach]

But what if obeying the subpoena would contravene dutch law?

Re:It's almost sane(really)

[countach]

At a bare minimum this applies to citizens and people in their borders. In a case like this, the company in the borders offering services must comply with the law. Now if a pure US company offered a service to EU people without a legal presence, but happened to store their server in the EU, that would be very unusual, and interesting legally.

Re:It's almost sane(really)

[countach]

Well... not necessarily if the data is encrypted with the pass phrase in the head of an employee.

Re:It's almost sane(really)

[jbolden]

Its more than that. Remember this would apply to cloud services operating in the United States. So probably what it means is fragmented cloud services for consumer applications or EULAs in Europe where people consent that they have made their information international and thus semi-public.

Or who knows. Your worst case doesn't sound that bad that European cloud providers become able to play at the level of Azure, AWS, SoftLayer... Where is the downside for Americans in that?

The US is burninig goodwill like there's no tomorrow...

What goodwill? I don't see a lot of goodwill in Europe ever for the USA. Mostly we get opposition even for stuff that benefits Europe. I'd love to see European powers step up to the plate and handle stuff once in a while. I'm sick of the USA always being called on. If Germany or France or someone wants to deal with Syria, go for it. If by "burning goodwill" you mean the result is less internationalization, well good.

That being said, I think the average European is more concerned about multi-nationals being unaccountable than them being accountable. It is the United States taking a step towards ending corporate oligarchy which originates from these companies being able to freely flee jurisdictions whenever there is a crime. The USA government is better than anarchy even for most Europeans and thus I think this will be seen as a net positive.

Re:It's almost sane(really)

[silfen]

Well, nobody said it was easy to be a global corporation.

If a company can't comply with conflicting legal requirements in some jurisdictions, it has to make a choice which markets are more important to it.

I don't see that as a bad thing, honestly. Do you?

Re:It's almost sane(really)

[jbolden]

Here is the situation.

Company X has data subject to EU privacy rules. Company X exports this data to the USA. That data get subpoenaed by a USA court. No one questions Company X is responsible.

Situation with Azure. When uploading to Azure Company X has agreed to export their data to the USA and subject it to USA rules. There shouldn't be any data on Microsoft UK Azure that is subject to EU privacy policies since Azure does not provide a service compliant with EU privacy policies and says so openly. So it is effectively the same as the above.

Now Microsoft USA is going to shield their UK employees further by just doing the transfer themselves so there are no employees to jail.

Re:It's almost sane(really)

[JohnNemesh]

That was exactly my point. Governments and foreign companies are NOT going to want their data to be available to the US Government, which, by the way, not only has been found spying on ALLIES, but also found to engage in COMMERCIAL espionage...stealing secrets to benefit American corporations! This is going to cement the idea that American tech companies must not ever be trusted with sensitive information...or any information at all. Say goodbye to the BILLIONS of dollars in Windows and Office revenue that these provide, and say goodbye to any revenue they were counting on for "cloud based" services!

Re:It's almost sane(really)

[ihtoit]

you can't execute an arrest without either probable cause or a warrant (which as part of the procedure is also required for a rendition). Interpol necessarily do liaise to execute warrants since "probable cause" isn't enough to arrest someone across national boundaries nor to obtain an extradition.

Re:It's almost sane(really)

[ihtoit]

anecdotal: I have witnessed Spanish authorities render a woman back to England based on a warrant issued by the High Court. This after a local police force basically asking the Spanish police to arrest the woman and put her on a plane, to which the Spanish replied, probably in so many words, "fuck off - she's broken no law here, we're not touching her".

Re:It's almost sane(really)

Well, yes...but if it's illegal (under Irish law) for the company in Ireland to transmit the data to the US, they they are demanding that the company chartered in Ireland under Irish law comit a crime.

Well, so Microsoft will have to make an interesting choice.

I don't know that that applies in this particular case, but there is much information that the EU forbids export of to any country that doesn't protect the information. And that definitely includes the US, where personal information is seen as a corporate asset over which the individual has no right.

That's just typical European ignorance and chauvinism speaking.

Re:It's almost sane(really)

[silfen]

No they are demanding that Microsoft Ireland give data for a case with Microsoft USA which is a sepert company and in violation of European law, if they fallow through with the warrent they will be commiting a crime

They are demanding that Microsoft USA comply with a US court order or face the consequences. Microsoft may well be in a situation where they are forced to violate the laws of either the US or Ireland. I don't see why either the US court or Americans in general should give a sh*t. If Microsoft doesn't want to be in this situation, they shouldn't set up shop in companies with conflicting legal requirements. And if Ireland wants to continue to attract US corporations, they better figure out how to make their laws compatible with US laws.

Re:It's almost sane(really)

Microsoft UK cares a lot. Or Microsoft might just as well shut down any and all cloud services they have an just exit the market completely.

If for nothing else, this would mean Microsoft would no longer be able to provide any sort of cloud service in the european market that complies to european law. If microsoft still tries to offer their "cloud", competitors that lost the bid can just threaten to sue either microsoft or their customers in europe. Customers will reevaluate and reassign the contracts to non-US business.

This is an amazingly BIG DEAL. And will have enormous consequences unless the ruling is reversed.

I am certain does not wish to take the next shareholder meeting and talk about "why we thought it was a good idea to exit from the european market.".

Re:It's almost sane(really)

We are talking about forcing companies operating in the US to turn over information that is in their possession (under there control).

But it is NOT under their possession or control. It is under the control of Microsoft Ireland, which under International Law is a completely separate legal entity. This is how scams like the Double Dutch Irish Sandwich tax dodge works (which according to Wikipedia, Microsoft uses). My personal opinion is, while I really don't like the idea of multinational corporations playing a shell game with criminal evidence I am sick and tired of the US government trying to force US jurisdiction on foreign countries. Countries that have strong privacy laws. Countries where if you obey the US orders YOU are now committing a crime in that country.

Obviously this must be a typical Injustice Department fishing expedition with no evidence of an actual crime, otherwise if they had a legally valid reason they would get the Irish officials to raid the servers like they have done in the past. I'm really hoping that this bad decision is overturned at the next level as I really don't want to see US corporations completely locked out of the European market, which is exactly what will happen if this decision stands. Remember, all the Snowden revelations has A LOT of countries pissed off at us right now. Our economy is currently very fragile, lets not allow the government to take a sledgehammer to it.

Re:It's almost sane(really)

Sorry, but this is US courts applying US Corporate law to the international realm. There are paths that this sort of situation should address. THIS ruling, is not that path, as it preempts international treaties, agreements, and other joined unions.

Sorry, but there's no situation where US Corporate law, should extend beyond US borders and territories. There are international bodies and courts for that.

Re:It's almost sane(really)

Three igloos you miscounting bastard!

Re:It's almost sane(really)

To both cases: this is why organizations like Interpol exist. So a police force from one country can work in tandem with another to solve a case that crosses national borders. If the US want data stored in an Ireland server, they should work with the police there to get it, instead of saying that their jurisdiction extends worldwide unilaterally.

Because to work with Interpol you have to have actual evidence of a crime being committed and probable cause that the individual who's email you want to snoop through committed it. Neither of which has been required for search warrants in the US for a decade or more.

Re:It's almost sane(really)

The "person" (corporate entity in this case) committed a crime in one jurisdiction, they are being tried in that jurisdiction and so the the authorities there can compel the person to produce the evidence required.

WRONG! If the justice department had actual proof of a crime, and probable cause that the person in Ireland committed it, they could work through Interpol and get the data legally. But the US can't do that because they have no evidence and no probable cause, this is just a "but we want..." fishing expedition which is illegal in Ireland.

Re:It's almost sane(really)

[jbolden]

There are plenty of cloud services not subject to European privacy laws, the overwhelming majority. To pick an example I was working a few weeks ago on a SQLServer database which lists parts and suppliers for home repairs. Where to get which bolt ain't exactly confidential.

The ruling isn't going to be reversed. For example, take a look at this thread. Remarkably for /. the Americans: Democratic to Republican to Libertarian seem pretty united it was the right ruling. The Europeans just disagree.

Re:It's almost sane(really)

[Samizdata]

Well, the main thing that popped into my mind when I read about this was "How will this impact companies with tax inversions?"

Re:It's almost sane(really)

If I was Irish I'd politely tell the US to fuck off. Most countries are doing that anyway so they wouldn't be the first.

Re:It's almost sane(really)

[jbolden]

I was talking about search warrants, but the same thing applies to arrest warrants. Interpol themselves don't issue warrants or enforce them. They just coordinate.

Re:It's almost sane(really)

Does anyone remember MegaUpload Kim dotcom? The borders didn't stop the US from raiding the servers in NZ.

Re:It's almost sane(really)

False.

Every customer of Azure gets a legal document stating Microsoft is compliant with EU data protection laws. That includes the fact that the proprietor of data is the customer and data can not be given to a third party without consent.

The non existence of this legal safeguard until recently is what prevented a lot of institutions/enterprises in my country from using Azure.

Get your facts right. Microsoft can not be compliant with US laws without breaking EU's

Re:It's almost sane(really)

[ihtoit]

police don't issue warrants, period, they don't have the authority - warrants are issued by courts. I know what Interpol do, I work with them.

Re:It's almost sane(really)

[jbolden]

What are you talking about? Microsoft is crystal clear on that one:

For instance, organizations covered by the E.U. Data Protection Directive should have their own policies, security, and training program in place to ensure their personnel do not use Azure in a way that violates the Directive. We will do our part by abiding by the promises we have made, thereby helping you remain compliant. ( http://azure.microsoft.com/en-... )

Re:It's almost sane(really)

[jbolden]

I haven't heard of commercial espionage by the US government. I think it makes sense for Europe to operate their own cloud services. You guys keep throwing this around as a threat. Its a good thing. American services subject to American law, French services subject to French law, Chinese services subject to Chinese law. That's all good.

Re:It's almost sane(really)

[jbolden]

Well then if you know what they do, you know they are not how the USA enforces the law on people who live here primarily and you wouldn't have brought them up. They are a coordination service when the USA has no leverage and is cooperating with a foreign government.

Re:It's almost sane(really)

Going to take a position I know will be unpopular in this thread, but:

The leverage they have is that you're accused of committing a crime within the borders of the US, and evidence you have access to can be demanded under a warrant that covers details related to that crime. Their physical inability to seize it by force(because it's in another jurisdiction) is about as relevant as their inability to unlock your bank safe. Either way they can punish you for not turning over evidence that is covered by the warrant.

I think the salient point is Microsoft does business within US borders, so ultimately they will want to comply with the law as the judges here in America interpret it.

Re:It's almost sane(really)

[rtb61]

You seemed to have confused the law with privacy. It is not privacy they are protecting, they are simply adhering to constitutional law on other countries. So companies are stuck, either adhere to the two laws and where they conflict simply leave operations in the conflicting country or face prosecution and penalties, plus loose all local trust making being kicked out of the country for purposefully breaking laws seem rather the same penalty.

Re:It's almost sane(really)

You seemed to have confused the law with privacy

No, I haven't. I simply assumed that any moron could figure out that when we are talking about "violating privacy laws", "protecting privacy" is simply synonymous with "adhering to the law".

So companies are stuck

Yes, they are, if they insist on doing business on both countries. They can always leave on or the other country. Or Ireland or the US can change their laws if they value the presence of Microsoft. Your point being?

Re:It's almost sane(really)

It's all good and well to try to force the data to be retrieved in a criminal case, but in reality, it is not so trivial, when you start taking international law into account.
The EU law forbids the export of personal data stored on computers, media or otherwise, in a processed form, or processing of personal data (that includes pen and paper) outside EU, without the strict consent of the individuals concerned.
It is a criminal offence to export data outside the EU unless there is consent and a clear exception to this, not just a warrant from the US, but actually having a specific court order from a country within the EU, for doing so, and it is very unlikely that this will be granted, taken the current legislation.

Microsoft has found themselves in a bit of a pickle here - do we follow the US court order, handing over third party data from within EU, to what EU considers a third party, honoring the US warrant, and at the same time, breach EU data protection directive, likely to result in prosecution, and potentially the loss of legal status to operate in EU, (especially as they are already under close scrutiny by the EU for breach of other regulations, and for which they have been subjected to susbstantial fines in the billion dollar class), or do we keep the EU sweet, following the EU law, denying the demand from the US judge, for servers and data that clearly resides on EU soil and falls under EU legislation, not US...

The EU legislation does not care who OWNS the servers, media or data, only about the fact that it concerns an individual, and even if that individual were to be american, (s)he would enjoy the same rights from the EU data protection act as anyone else would, that is, if the data has been created/establish or assembled in the EU, it stays in the EU, unless there is an express consent for it's export or processing elsewhere.

This data protection extends to legal entities within EU as well, even if wholly owned and operated by foreign third parties, and the authorities in EU takes a very dim view of breaches of the data protection acts.

This is why Microsoft takes such a hard stance to having to follow this order, appealing it, and most likely because someone simply says "No." and does not consent to the data being exported.

It's a bit of damned if you do, and damned if you don't, but what is a little more worrying in this case, is that the issues seems to be a crime in US, and the US courts thinking that they can railroad their decisions onto other jurisdictions, putting the middlemen in a position where they, regardless of what they do, will end committing a criminal offense by the order of a judge, which is set to uphold the law, all due to the differencies in the jurisdictions.

While the US seems to think it's OK to break laws elsewhere, as long as their law is followed, they seem to forget that the other side, may take an offense to this, and question why they should be helping them (US) in the future, if they show no regard for the other parties laws?

It's not a one-way road where one side takes it all and does what they want, and the EU law is pretty clear and on this issue - that unless you do it the right way, get an EU warrant first (if you can), then demand production, forcing someone to commit a criminal act by force, is a criminal offense in itself, and while i doubt that this may cause arrests, it will certainly cause some serious strains on the relations between EU and US, with EU becoming more and more unwilling to tend to the (sometimes heavyhanded) demands from the US, and it is not something that will put either US or Microsoft in any better position with either EU or the US, anyway they do it.

Re:It's almost sane(really)

Correct, only that the servers where the data is held (Ireland), falls under the EU Data protection directive, which makes it a criminal offense to export the data without consent from all and everyone involved, to a third party (US).
Any and all operations performed by Microsoft on EU soil, has to abide the laws and regulations in EU.

I am pretty sure that the US demands the same recognition if it was the other way around, and would go through the roof if not adhered to, so why should EU bend over just because US says says so, when their demands goes strictly contrary to one of the more fundamental laws of EU?

The data may not be physical in the sense that you can touch them, but physical in the form of being interpreted as information, and this is what falls under the data protection act.

Re:It's almost sane(really)

[Starport]

The other little problem is that if the email was to/from an EU citizen, this would require their permission to as per EU DPA, before it can be handed over to someone else.

Re:It's almost sane(really)

[Starport]

You can release data from EU, in respect of the EU Data Pprotection ACT, if the data only concerns yourself, and you agree to do so, voluntarily. However, if the information contains identifiable items of another individual (email, name or other items), then you no longer have that authority without the consent of the other party, as releasing the information would break two rules in the law. 1) Export of data from EU without express consent of all parties involved, and 2) Processing of personal information relating to EU individuals outside EU.

Re:It's almost sane(really)

[Starport]

This is a correct statement. EU data protection laws, are fundamental in EU, and once a law has been written up by EU and put into effect, it overrides national laws of the member states, to the extent that it becomes the minimum standard where countries has not (yet) implemented the directive, or where implemented, and the national law is weaker, the EU directive overrides, strengthening the national law to meet minimum requirements. That said, there is nothing stopping individual countries from extending on the EU directive, making national protection laws even stronger, and many nations has done just that. For someone in US, the EU laws on this subject will seem strange and sometimes inconceivable, in that someone would have these far-reaching rights of protection by default, with the member states, companies, organisations and individuals actually being punished (often quite severely) for breaches. As a note on the subject, any company processing personal information would have to have an appointed data coordination manager, known to the authorities, that oversees the companies operations, makes sure that their operations does not violate the law, and reports any breaches (accidental or intentional) to the authorities. As long as the nominee reports any violations, (s)he can not be held personally responsible for the actions of the company, unless it can be shown that they themselves tried to conceal, or partook in the violation, which then would be dealt with under criminal law and public prosecution. The data is effectively divided into three classes, non-sensitive, sensitive and forbidden. Irregardless of class, the data can not be exported to third parties (extra-EU) without express consent to do so. The non-sensitive data is considered to be information such as name, address, business contractual information, gender, contact details etc. Any kind of financial data (credit history, credit scoring and reports etc), other personal information medical records etc, falls under sensitive data, which more often than not, requires specific authorization from the authorities to handle and / or process (read, write or alter in any way, even if by pen and paper). The third class is prohibited data, which is a criminal offense to keep, unless specifically consented to, and this contains information such as sexual orientation, religious belief, political affiliations and alike, that can be considered direct harmful to the individual if revealed, unless provided by the individual him/herself. ` There are a few exceptions to this, but they are very very rare, and you can not be legally forced to provide the information. I know from having been a data coordinator.

Re:It's almost sane(really)

If Microsoft doesn't want to be in this situation, they shouldn't set up shop in companies with conflicting legal requirements. And if Ireland wants to continue to attract US corporations, they better figure out how to make their laws compatible with US laws.

They are in Ireland for the lower taxes and the bigger EU market, so actually what you said is the reverse, And if the USA wants to continue to attract possible future ex-US corporations, they better figure out how to make their laws compatible with European laws.

Re:It's almost sane(really)

[Starport]

The data protection acts of EU, applies to any kind of information relating to individuals, however created, or whoever owns it. If there's a name or ANY OTHER INFORMATION that can be used to identify an individual, either on it's own, or in combination, in a document or any other kind of record, the EU data protection applies. It may sound far-reaching, and it really is. It was intentionally written to be, for the protection of the people in an ever-more global world, preventing abusive use of personal data.

Re:It's almost sane(really)

[Starport]

It's quite irrelevant who owns the servers and where they are. If the servers are located in EU, and they data they contain, in any shape or form contains data about an EU individual, then no, that data can not be legally exported to the US, without the consent from all parties involved. Not without either a EU warrant for the information, or the EU citizen agreeing to do so. In this case, it's about emails, and the EU receiver/sender would have to agree to this data being exported, from the EU law perspective.

Re:It's almost sane(really)

Worse, circling back to TFA, the US LEO would be attempting to coerce me into violating the law in the EU, which itself would be a violation of US law (CFAA).

That should be modded (5: Interesting) because the judge in question should be forcefully disbarred from the US system for not knowing the system and have his qualifications questioned.

Re:It's almost sane(really)

What if the data was in my locked briefcase in Microsoft's London office.... Do you think they should just hand it over to USA prosecutors without going through the UK's legal process?

Yes. Microsoft USA has a legal obligation to get it from Microsoft UK even if the data is in the London office. Microsoft UK may not care but Microsoft USA must.

What if there were no internet or other remote retrieval methods? Would MS UK have to cooperate? Highly doubt it per EU law.

Re:It's almost sane(really)

[jbolden]

It is not that MS UK has to cooperate it is that MS USA has to use their leverage to get them to cooperate.

Re:It's almost sane(really)

It is not that MS UK has to cooperate it is that MS USA has to use their leverage to get them to cooperate.

Which given the situation I said earlier, that would risk jail time so it would be incredibly unlikely to go ahead.

Re:It's almost sane(really)

[jbolden]

You are using too many pronouns. Who is throwing who in jail for what?

____

Anyway the point is in reality that Azure is designed so that MS USA can do what they need to do. The agreement is designed to notify customers of that fact that they are effectively exporting data to the USA when they use Azure. Which makes this whole thing moot.

Re:It's almost sane(really)

You are using too many pronouns. Who is throwing who in jail for what?

Ireland would be throwing MS Irish Employees in jail for knowingly allowing MS USA to come inside and grab the data, this of course being if there were no internet or dial-up methods.

Re:It's almost sane(really)

[jbolden]

Oh I see. Well then we have good cases from previous decades where there were physical files. The USA ownership avoided these complications by having their own sets of keys and access badges. No one from the foreign subdivision did anything other than not interfere. The foreign employees didn't knowingly do anything because they weren't in the loop.

Re:It's almost sane(really)

Except that for the purposes of storage, MS's servers aren't owned by an american company - my empoloyer (and others) chose MS for mail handling over Google specifically because MS EU is a Luxemburg company which is not subject to the Patriot act - and should MS comply with the court ruling they'll be in breach of contract (yes, we specifically put a sevarability clause in case this ever happened - and they signed it).

FWIW IBM do the same thing

This ruling is going to have interesting financial ramifications for MS if they choose to roll over and play dead - the stampede of companies moving to mail handlers based entirely outside of the USA will be interetsing to watch.

Re:It's almost sane(really)

"Is there any circumstance where you think USA prosecutors should not be allowed to force foreign entities to hand over evidence without going through that country's legal system?"

The Kim Dotcom fiasco already showed that the USA thinks it can breach other countries' laws (with the collusion of naive officials) with impunity.

As does this case. This is a classic case of judicial overreach.

Re:It's almost sane(really)

The usual method for crossborder stuff is that an order is sought in one country's courts and permission must be sought from the other country's courts to execute the warrant.

In this case, it would be thrown out of irish courts for lack of jurisdiction unless the actions being charged are criminal in ireland, and even then substantive proof would need to be presented in order to sway the irish court - non-USA courts do NOT like fishing expeditions.

Applies oversea or applies to local access?

[Carewolf]

If the local branch of Microsoft has access to and control over the servers, they only need to demand the local branch to do so, that doesn't mean they are extended juristiction. If the data could only be accessed from outside the US it would be more interesting.

Re:Applies oversea or applies to local access?

If the local branch of Microsoft has access to and control over the servers, they only need to demand the local branch to do so, that doesn't mean they are extended juristiction.

That could make it more difficult for multinationals to operate though. One of the reasons why companies put data centers in Ireland is to comply with EU rules about the locations of personal information. If the US can pierce EU rules regarding personal information simply because someone in the US has access to the servers, then that could lead to EU rules prohibiting such access.

During an earlier discussion I thought someone said that the information involved was owned by a US person or organization that was trying to hide by putting it in the EU. That would matter more to me than whether Microsoft had domestic access to the servers.

I'm not sure that a US court should be deciding this though. It might make more sense to have to appeal to an EU court to pierce this particular veil. That would support EU rights in protecting their data while offering a method for US litigants to gain rightful access to data. Of course, it would also be rather clumsy. But I would rather put clumsiness on litigants than on multinational businesses.

Re:Applies oversea or applies to local access?

[Trepidity]

That appears to be the argument, yes. The court isn't claiming authority to send police officers to Ireland and physically seize the data, or authority to force Irish police to conduct a search. Instead they're demanding that Microsoft (a U.S.-based company) produce the requested evidence, if indeed its U.S. staff have access to it (which they probably do).

I think it's problematic from a practical perspective, but I could see how someone could reach that conclusion. Usually jurisdiction of U.S. persons does extend to their overseas assets, e.g. in an investigation of fraud a U.S. court can demand that you turn over your Swiss bank account records, even though these accounts are (of course) in Switzerland.

The main problem IMO is that it puts companies operating in multiple jurisdictions in a bit of a bind. For example, Microsoft Ireland may have responsibility under EU law to not release data except in certain cases, while Microsoft U.S. is required to release it, meaning the company will violate the law somewhere no matter what they do. I'm not sure whether it's possible to avoid that by really firewalling the access, e.g. make Microsoft Ireland an operationally separate subsidiary whose servers cannot be directly accessed by Microsoft USA staff. But that would certainly complicate operations in other ways.

Re:Applies oversea or applies to local access?

[umghhh]

I think, US authorities by coming to MS to get data from servers in Ireland, demand data not from individuals who own them (alleged criminals), but from organisation that owns the servers on which it is stored. The very reason why the bloody serves are in Ireland is to avoid such warrantless (in context of EU law) search yet that is exactly what US authorities demand. It may even be that because the legal system in US is so broken as to execute random people in extremely cruel and lengthy manner or put people in prison for life w/o parole for smoking a joint 3 times and this in prisons that are known for their violence and inhumane treatment of some prisoners, for all these reason it may be that courts in EU would be reluctant to let any data go. I am not saying that this would be the case of course - NSA may have enough on judges and politicians to make it happen anyway but it would be a cumbersome process that would let the world think that US authorities respect legal systems of other countries. This of course is not going to happen as US authorities do not have all too much respect for own legal system, for justice and some such abstract concepts so why they should show respect for legal systems or perception of justice in other countries? We know that US lawmakers and authorities think they have jurisdiction over all of the word (FATCA is one good example) and where that is not the case a silent drone can do the job too.

Quite frankly I am really surprised that MS is fighting it. It seems to me that either they are afraid of the financial consequences of bending over or EU for all its incompetence, overreaching and bureaucracy has some uses after all. Or as far reaching speculation that may be, MS is not all evil. I guess I stick with first two arguments as they are good enough.

Re:Applies oversea or applies to local access?

[Richard_at_work]

The problem is that this isn't the US piercing the EU rules, its the US judicial system saying the EU rules do not apply to it, which is entirely correct.

This is the US judicial system putting US companies between a rock and a hard place - the company has to comply with EU laws or face penalties, while also complying with a US court order or face penalties.

This is, however, actually how it should be - EU rules do not apply to the US judicial system, they only apply to those entities operating within the EU, and the US judicial system should not care about other countries or jurisdictions laws it is not bound by.

That doesn't mean its not a difficult situation, but it does mean its an interesting case to watch.

Re:Applies oversea or applies to local access?

[silas_moeckel]

The problem is that is a direct analogy this is a third party. This is forcing a neutral third party to potentially commit a crime because a us court ordered them to.

Re:Applies oversea or applies to local access?

The main problem IMO is that it puts companies operating in multiple jurisdictions in a bit of a bind. For example, Microsoft Ireland may have responsibility under EU law to not release data except in certain cases, while Microsoft U.S. is required to release it, meaning the company will violate the law somewhere no matter what they do. I'm not sure whether it's possible to avoid that by really firewalling the access, e.g. make Microsoft Ireland an operationally separate subsidiary whose servers cannot be directly accessed by Microsoft USA staff. But that would certainly complicate operations in other ways.

You can't have your cake and eat it too. That's the cost of being a multi-national corporation, if you don't like it then don't incorporate in those jurisdictions.

Re:Applies oversea or applies to local access?

This is the US judicial system putting US companies between a rock and a hard place - the company has to comply with EU laws or face penalties, while also complying with a US court order or face penalties.

A decades-long analogous situation exists where US laws prohibit companies from complying with the laws of specific foreign countries when those foreign laws require companies to certify they are not selling anything sourced from Israel.

Do you comply with US law and not do business in much of the Middle East or do you comply with local law and risk prosecution under US law (or, worse, risk being cutoff from lucrative Govt contracting)?

This is, however, actually how it should be - EU rules do not apply to the US judicial system, they only apply to those entities operating within the EU, and the US judicial system should not care about other countries or jurisdictions laws it is not bound by.

That doesn't mean its not a difficult situation, but it does mean its an interesting case to watch.

So you believe that subsidiaries of US companies should help Saudi Arabia enact a commercial blockade against Israel?

Re:Applies oversea or applies to local access?

[Archtech]

"This is the US judicial system putting US companies between a rock and a hard place - the company has to comply with EU laws or face penalties, while also complying with a US court order or face penalties".

As far as I can see, the only way out for the company is to cease trading in the EU immediately. (Do not pass GO, do not collect 200 euros). If applied on a large scale, that would do nothing for the US GDP or balance of payments.

Re:Applies oversea or applies to local access?

[Archtech]

"That's the cost of being a multi-national corporation, if you don't like it then don't incorporate in those jurisdictions".

Best news EVER!!!! At a single stroke, we get rid of McDonalds, Starbucks, Microsoft, Facebook, Twitter...

Oh wait. How are we going to get by without Amazon and Google???

Re:Applies oversea or applies to local access?

[Whorhay]

Meh, such is the risk of being a multinational corporation. Hell it's actually the same risk any corporation or individual takes on by living in any country. Regardless of where you are from you are subject to the current laws of that jurisdiction. In the case of multinationals they have deliberately made the decision to operate in many jurisdictions. They have small armies of lawyers to help keep things straight but there is always the risk that they will have to choose one jurisdictions laws over another and be liable for the consequences. The only thing they stand to potentially lose is what little positive repuation and physical assets they have in the jurisdiction that they don't pick. I've never seen a cake that let you eat it entirely and still posses it in all it's preconsumption glory.

Re:Applies oversea or applies to local access?

It seems to me that you have the relatively simply *third* option of obeying US law, and *not* operating in a country which puts contrary legal requirements upon your ability to operate there (presumably Saudi Arabia based on your example).

If as a condition of operating in Country A are required to *not* do something, but as a condition of operating in Country B you are required to do that same thing, then you're not between a rock and a hard place, or at risk of being prosecuted by *either* country unless you chose to operate in both countries, despite the contradictory legal requirements. If you do that, then you're a dumb-ass who built your own catch-22.

Re:Applies oversea or applies to local access?

[david_thornley]

True, the EU has strong privacy laws, which is fine. So, what is a server located in the EU doing automatically accepting data requests from US entities? If I have legitimate access to a server in the EU that holds data that I could not legally access or publish in the EU, and I'm in the US, I can do all sorts of things with the data that would be illegal in the EU. While sitting here, I'm not in EU jurisdiction, and I'm subject to US law only.

If an EU business is allowing somebody in the US free access to confidential data, then it seems to me the EU business is violating the law, not me in the US. Since I'm under US jurisdiction, a US court could order me to get the data, since I've got access. If I had to submit a request that would be granted or not based on EU law, the US court could order me to make the request, but obviously has no jurisdiction over the EU business.

The key piece of information about the data is not where it is physically stored, but where people with immediate access to it are. In this case, Microsoft US has such access. Whether this is legal in Ireland is a matter between Microsoft Ireland, the Eire government, and the EU.

Re:Applies oversea or applies to local access?

If the local branch of Microsoft has access to and control over the servers, they only need to demand the local branch to do so, that doesn't mean they are extended juristiction.

That could make it more difficult for multinationals to operate though.

Tough shit, that's the law. If you don't like push to have it changed.

After this ruling, if an non-US company/subsidiary wants to be protected from US courts they'll have to treat the US parent like an external entity and firewall things off and have a completely independent reporting structure/chain of command. If a US citizen can RDP/SSH into a server, then that US citizen can be ordered to produce a document on pain of being in found in contempt. It's no different that a state-level court (e.g. NY) ordering someone to produce a document that's physically in a different state (e.g., FL). NY can't allow police to go into a home in FL, but if it knows you have a document it can say "we want it, so produce it with-in two weeks".

All news reports say the word "warrant", but there are actually different types:

https://en.wikipedia.org/wiki/Warrant_(law)

A warrant authorizes something that would normally be illegal. A "search warrant" allows the police to enter private property, which is normally illegal.

Similarly the police trying to get some information from Microsoft would normally be illegal (i.e., Microsoft is with-in their rights to say 'screw you'). I'm guessing this "warrant" tells Microsoft that they have to provide all information asked for about e-mail account "foo@hotmail.com".

Re:Applies oversea or applies to local access?

No you stunned piss wad this means that the US judge is a moron that doesn't want to order the investigators to follow proper procedure when dealing with international discovery .... ie ask the counterpart judicial system for a warrant for the evidence in the other country.

Oh noes I don't want to follow the international rules cause I is a murican judge!

FUCK that shit. Follow the rules stupid judge.

Re:Applies oversea or applies to local access?

"That could make it more difficult for multinationals to operate though. One of the reasons why companies put data centers in Ireland is to comply with EU rules about the locations of personal information. If the US can pierce EU rules regarding personal information simply because someone in the US has access to the servers, then that could lead to EU rules prohibiting such access."

This is already being looked at....

Good

[CanHasDIY]

That's good news, since it's one step closer towards closing the gap between the haves and have-nots.

Being rich enough to shuttle assets to other countries shouldn't mean you get away with breaking the law, because that's an inequal application of justice, and therefore unconstitutional.

Re:Good

[i+kan+reed]

On the other hand, it's only becoming precedent in an era where the common person actually has the ability to move things(specifically data) overseas with ease.

Re:Good

[CanHasDIY]

On the other hand, it's only becoming precedent in an era where the common person actually has the ability to move things(specifically data) overseas with ease.

The "common person" who can afford that crap.

When your application of justice become predicated on the income level of the accused, it's not justice anymore.

Re:Good

[LordLimecat]

No, its a bad precedent, and you can now look forward to China / Russia / India issuing subpoenas for things like email inboxes and documents stored on the cloud for US citizens.

Ive never really gotten how slashdot has so many people with apparent astigmatism, only able to see the close up things and always missing the bigger picture.

Re:Good

[canadiannomad]

The "common person" who can afford that crap.

Sorry buddy, but moving data around internationally can cost as little at $0.

Re:Good

[thaylin]

There are a host of free services you can use overseas to do this, so any common person with an internet connection can afford it. And since libraries offer free internet connections, that means anyone.

Re:Good

[CanHasDIY]

How? Details, please.

You know, just in case I commit some heinous crime and need somewhere to stash the evidence.

Re:Good

[CanHasDIY]

No, its a bad precedent, and you can now look forward to China / Russia / India issuing subpoenas for things like email inboxes and documents stored on the cloud for US citizens.

Now, now. This isn't PRISM we're talking about, it's a specific, 4th Amendment sound warrant for information regarding a US company's actions in the US, the evidence for which they've hidden on a foreign server. There's no need for hyperbole

Ive never really gotten how slashdot has so many people with apparent astigmatism, only able to see the close up things and always missing the bigger picture.

The irony of this statement is not lost on me.

Re:Good

Ive never really gotten how slashdot has so many people with apparent astigmatism, only able to see the close up things and always missing the bigger picture.

I wear glasses you insensitive clod!

Re:Good

My local library doesn't offer free nor pay-by-the-hour Internet.

Re:Good

[thaylin]

Glad your exception breaks the general rule....

Re:Good

So, no other country in the world has email or filesharing servers?

Or are you just being particularly dense today?

Moving information for Freedom....

"...responding to prosecutors' worries that web service providers could just move information around the world to avoid *dictatorships suppressing said information*".

Fixed it for ya.

If country X bans something, I happily move somewhere else where it's allowed assuming it was important to me.

Now what if this worked the other way. Some muslim country gets to search people's US computers even if they know they can't store their Porn on their Muslim country computer. Now they can say that storing that data in the USA isn't enough reason to avoid getting thrown in jail.

Re:Moving information for Freedom....

[CanHasDIY]

Now what if this worked the other way. Some muslim country gets to search people's US computers even if they know they can't store their Porn on their Muslim country computer. Now they can say that storing that data in the USA isn't enough reason to avoid getting thrown in jail.

If said accused person is a citizen of the aforementioned Muslim country, and even moreso if they are operating a business there, then yes, all their shit very well should be accessible to their government with a legal warrant, no matter where they try to hide it.

Otherwise, you start having the issue of, "if you're rich enough, you can skirt the law."

Re:Moving information for Freedom....

[thaylin]

No, our government should be required to go through the other government to get that information. Our government does not have jurisdiction in other countries PERIOD.

Re:Moving information for Freedom....

Yeah. This.

I don't get these comments that think just because its possible the law being avoided is a bad law that it makes hiding all evidence on remote servers ok.

What if it was a serial killer that stores videos of all the murders on a remote server.

If the USA based person in question cannot in any way access the information on the remote server then I don't think the USA should be able to search it (say a hard disk was mailed to another country or the server was taken offline after the transfer of information). But if you are using a remote server as a "safe" to hide information in but you have on demand access to that information in the USA then it should subject to search.

Re:Moving information for Freedom....

[thaylin]

There is no evidence that they are using it as a "safe" to hide information. There is just evidence that it is on the other servers. The problem is this means that our servers are open to other countries who dont want to have to follow our laws, and we all lose security and privacy.

Re:Moving information for Freedom....

[CanHasDIY]

Our government has jurisdiction over its citizens, and businesses that operate within its borders.

Basically, what you're saying is that you think that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without jumping through a crapton of legal hoops?

Re:Moving information for Freedom....

[thaylin]

Most defiantly yes. The government does not have free reign to just enter into our lives when it wants to and how it wants to, it has to follow local and global laws. Getting a warrant in the US is crazy easy, and there is little oversight. Requiring them to actually follow the law is not a bad thing. The law is there to protect the citizens, and allowing them to break it adds to the probably that innocents will be harmed.

Re:Moving information for Freedom....

What you keep missing is that what if I live in multiple different countries and travel between them frequently?

When I'm in the USA I can legally watch porn.
When I'm in Amsterdam I can legally smoke pot.
When In a Muslim country both are things that would get me killed.

So just because I live in all these countries at various times in the year doesn't mean the Muslim country gets to search my US computer for porn and suddenly sentence me to death. Then the US country searches my Amsterdam computer and finds images of me smoking pot there....

The point was that the document (evidence) would be in the country where I'm doing the stuff..... (where it's legal). I'm not intentionally moving anything around. I just do whats legal in the place I currently am.

According to this ruling, now my perfectly legal activities abroad, are subject to US law. Essentially no escaping their grasp now.

Re:Moving information for Freedom....

[silas_moeckel]

No it should not. Getting a warrant in the country the data is stored is not a high bar. Yes this means in most civilized countries you can not get a warrant to look for something that is legal there. This is a good thing.

In this particular case it looks like the DOJ is fishing as getting a court order in Ireland for a legit criminal case should be easy.

Re:Moving information for Freedom....

[swillden]

No, our government should be required to go through the other government to get that information. Our government does not have jurisdiction in other countries PERIOD.

True, but irrelevant in cases like this. The US government does have jurisdiction over Microsoft's US operations, and Microsoft's US operations have the ability to retrieve the information from Microsoft's servers in Ireland. The mere fact that the data is in Ireland is no reason that the US company can't be ordered to retrieve the data they control and have access to.

Similarly, if you were being investigated for a crime you could be required by the courts to turn over the records of you Swiss bank account. The court couldn't issue orders to the Swiss bank (though they could make a request, which the bank might choose to honor, or they could ask the Swiss authorities to issue an order to the bank, which the bank would have to honor if the Swiss government chose to cooperate), but it absolutely could issue orders to you, a US person in the US, and your failure to comply would result in you being held in contempt of court, and jailed or otherwise punished until you do comply.

Re:Moving information for Freedom....

Our government has jurisdiction over its citizens, and businesses that operate within its borders.

Basically, what you're saying is that you think that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without jumping through a crapton of legal hoops?

So if you ever visited Russia (or any other foreign country for that matter), you wouldn't have any problem if Russia (or whatever other country, we're talking about) asked your US-based server host for your data?

Re:Moving information for Freedom....

[NatasRevol]

Basically, what you're saying is that you think that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without jumping through a crapton of legal hoops?

That's (legally) how the world has worked for hundreds of years.

Why is this a surprise to you?

Change government entities and see how good it sounds for ANY other government to come into your country without legal basis there and take what they deem needed in their courts.

Re:Moving information for Freedom....

Basically, what you're saying is that you think that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without jumping through a crapton of legal hoops?

Yes.

Re:Moving information for Freedom....

Then the US companies need to set up subsidiaries and have protocols that prevent the US parent corp access to the subsidiaries servers.

If the information can be readily accessed by the US company and the US company owns the servers then it is a "safe" for all intents and purposes. In other words, if the police raided the USA office and had full access as the employees do then they would also have full access to the foreign information. This is akin to walking into the room with a safe while it is unlocked vs. walking in when it is locked.

It is a technical problem that they can't complete a raid in that manner. They "key" to the "safe" is the fact that the raid would be worthless without usernames and passwords to the proper accounts and knowledge of where to look.

A different way of looking at it would be that a police raid on on the USA location might be able to result in the procurement of the requested "foreign" documents if completed without obstruction. i.e. obstruction by employees is required to prevent access to the evidence in the event of a USA based search.

Re:Moving information for Freedom....

Glad to see someone here actually understands the situation, and can explain it in simple terms the readers might understand.
+1!

Re:Moving information for Freedom....

[CanHasDIY]

Yea, as you've probably already noticed from another response I made, I've decided the wisest course of action is that of least privilege, at least when our government is concerned.

Re:Moving information for Freedom....

[CanHasDIY]

Also, not sure if this was a typo:

Most defiantly yes

But I dig it.

Re:Moving information for Freedom....

[Archtech]

"Basically, what you're saying is that you think that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without jumping through a crapton of legal hoops?"

No, what we are saying is that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without respecting the legal systems of whatever foreign nations are involved. Just as those nations wouldn't come rummaging around in the USA without asking for the permission and cooperation of its legal system.

I understand that you might resent all the extra time and trouble. But it is the difference between being ruled by law and being ruled by a guy with a stone club.

Re:Moving information for Freedom....

[thaylin]

Except that is not the claim here. The claim here is for a search warrant of those computers, not a subpoena for the the data, which is what you are talking about. I have no issues with the subpoenas, as that would not violate the other countries rights, but a search warrant does.

Re:Moving information for Freedom....

Not at all. According to this ruling, the entity accused of committing a crime *in the US* can be required to turn over the existing evidence of the activity which is *illegal* in the US. Documents showing you smoked pot in Amsterdam would be immaterial to prosecuting for smoking pot in the US. (If you were dumb enough to claim that you *never* smoked pot, however, it would completely and utterly destroy your credibility.)

Using your own analogy, you smoked pot in the US, but kept your meticulously organized receipts for your pot purchases, and self-made videos of the activity on a server in Amsterdam. You are arrested in the US, for smoking pot in the US. The investigators and/or prosecution has obtained a warrant for all of your records relating to smoking pot in the US. This ruling simply says that the *location* where you store those documents is immaterial. If you have access to them, you can be required to hand them over.

This is no different than if you smoked pot in Texas, but kept the documents on a server in New Jersey. A state court in Texas can require that you hand over the documents you keep in New Jersey, despite not having jurisdiction in New Jersey, because the crime was committed in Texas, and you have access to those documents.

Re:Moving information for Freedom....

[JesseMcDonald]

...your failure to comply would result in you being held in contempt of court, and jailed or otherwise punished until you do comply.

And this is pretty much the entire problem, right here. The very concept of "contempt of court"—arbitrary punishments handed out by judges at their sole discretion, with no consideration for proportionality or due process—runs counter to the principle of rule of law. I have no problem with a court saying that if you refuse to turn over relevant documents then they will be assumed to be as damaging as possible to your case. I do have a problem with them saying that if you don't turn over the documents you'll be subject to potentially indefinite jail time and fines in excess of whatever damages you were accused of inflicting on the other party.

Well, that and the fact that they seem to be trying to apply subpoena rules to a search warrant. A search warrant doesn't impose any obligations beyond staying out of law enforcement's way while they search the place. A subpoena, on the other hand, is an order for someone within the court's jurisdiction to testify or produce evidence. This is being described as a search warrant for reasons that are not at all clear to me, but the court apparently wants the company to perform the search itself and produce evidence as if it were subpoenaed.

Re:Moving information for Freedom....

[radarskiy]

Your strawman arguments are about actions that took place in a different country than where the law is from.

The real case in question is about actions that took place in the same country as where the relevant law applies. Information about those actions has been moved to another country, but the original party in the original jurisdiction still claims control.

Re:Moving information for Freedom....

[swillden]

I have no problem with a court saying that if you refuse to turn over relevant documents then they will be assumed to be as damaging as possible to your case. I do have a problem with them saying that if you don't turn over the documents you'll be subject to potentially indefinite jail time and fines in excess of whatever damages you were accused of inflicting on the other party.

You have the former option as well, if you prefer. You can simply stipulate in court to the prosecution's allegations regarding the evidence. Where this is tantamount to pleading guilty, you can do that, too.

Re:Moving information for Freedom....

[david_thornley]

The US government has no jurisdiction over non-US citizens who are not in the US. If somebody in the US has free access to the data, then a US court can require them to hand it over. If this is illegal according to the jurisdiction where the data is actually stored, then it's up to the people in that jurisdiction to limit access to the data. If it's illegal in Ireland to allow certain data to be disseminated, and I can access it from here in the US, then I can legally disseminate that data. The business in Ireland may be breaking the law in allowing me access, but I'm staying legal over here.

Re:Moving information for Freedom....

[CaptnZilog]

Our government has jurisdiction over its citizens, and businesses that operate within its borders.

Basically, what you're saying is that you think that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without jumping through a crapton of legal hoops?

There is no more of a 'crapton' of legal hoops than there is here... if the data is in the US, they go to a US judge with their evidence for a warrant,and once they have the warrant they get the information. If the data is in the EU/UK, they take their evidence for the warrant to a EU/UK judge/court and ask for authorization to get the data, and if the EU/UK judge ok's it as being within the laws of their country, they get approval to get the data.

No more "hoops" then they have to go through here, just a different judge.

Re:Moving information for Freedom....

[JesseMcDonald]

I'm not sure that's exactly the same thing. First, perhaps I'm just reading too much into your wording, but it sounds like you would have to admit guilt, as opposed to the court ruling against you for failure to comply while you continue to maintain your innocence. Second, and more importantly, only the defendant can "stipulate in court to the prosecution's allegations". What about subpoenas issued to third parties who would otherwise not have anything at stake? Like Microsoft in this case—they aren't the defendant, they're just holding the data.

The only reasonable way to handle this, so far as I can see, would be for the court to order the actual defendant in the case to direct Microsoft to turn over the data, or in extreme cases to do so in the defendant's stead. Microsoft would then be following the directions of their customer according to the terms of their contract, and not under the duress of a court order.

Re:Moving information for Freedom....

[CaptnZilog]

Not at all. According to this ruling, the entity accused of committing a crime *in the US* can be required to turn over the existing evidence of the activity which is *illegal* in the US. Documents showing you smoked pot in Amsterdam would be immaterial to prosecuting for smoking pot in the US. (If you were dumb enough to claim that you *never* smoked pot, however, it would completely and utterly destroy your credibility.)

Actually, if you were dumb enough to claim *in court* that you never smoked pot, you could be held in contempt for lying in court and tossed in jail until the judge decides to let you out, regardless of if you ever smoked anything in the US.

Re:Moving information for Freedom....

[ihtoit]

who the hell modded this insightful??

Your perfectly legal activities abroad are still perfectly legal where they are. Nothing has changed, you can still watch dogs fucking in Kentucky and you can still chow down on Kush cakes in Amsterdam without fear of the DEA ramming down your door - because you are not doing skunk on US soil - or twenty Arab commandos sailing in through your Louisville apartment windows because what you're doing there isn't offending them 6,000 miles away.

Re:Moving information for Freedom....

[dnavid]

What you keep missing is that what if I live in multiple different countries and travel between them frequently?

When I'm in the USA I can legally watch porn. When I'm in Amsterdam I can legally smoke pot. When In a Muslim country both are things that would get me killed.

So just because I live in all these countries at various times in the year doesn't mean the Muslim country gets to search my US computer for porn and suddenly sentence me to death. Then the US country searches my Amsterdam computer and finds images of me smoking pot there....

The point was that the document (evidence) would be in the country where I'm doing the stuff..... (where it's legal). I'm not intentionally moving anything around. I just do whats legal in the place I currently am.

According to this ruling, now my perfectly legal activities abroad, are subject to US law. Essentially no escaping their grasp now.

There is no US law that makes it illegal for you to smoke pot in Amsterdam. Conversely, if, say, money laundering is illegal in the US but not illegal in some other country, then while you are in the US if you conduct money laundering and use an overseas computer to store your records, when you are arrested in the US you can be demanded to turn over your electronic records. The US is not conducting an illegal search or seizure of your overseas computer. They are demanding that *you* produce those records, and they can find you in comtempt of court or obstructing justice if you do not. There's no need to apply for a search warrant in that overseas country unless the US government wants to actually go there and perform a search. There is no reason they need to do that if they do not want to conduct a search. They can still demand you turn over material evidence of a crime. I have no problem with that whatsoever.

Re:Moving information for Freedom....

[swillden]

You can also plead no contest, which has the same result as pleading guilty, but without admitting guilt.

As for the point about Microsoft not being a defendant, you're right that third parties don't have the same options... but they also don't have the same justification for refusal, since compliance will not implicate them in anything, unless, of course, it would implicate them in something else, in which case they can negotiate a deal for qualified immunity.

Re:Moving information for Freedom....

[JesseMcDonald]

...they also don't have the same justification for refusal, since compliance will not implicate them in anything...

In that particular case, perhaps, but they have their own interests and obligations outside the case which may be harmed by turning over the documents. For example, in this case compliance with the order could conceivably place Microsoft in violation of foreign data privacy laws, which this court cannot grant immunity from as it lacks jurisdiction.

...unless, of course, it would implicate them in something else, in which case they can negotiate a deal for qualified immunity.

Given that you're compelled to comply regardless, under threat of more or less whatever punishment the court happens to deem fit, there isn't much scope for negotiation. The court holds all the cards. You can ask for consideration, but there isn't much you can do about it if they refuse.

In case it wasn't obvious, I am wholly opposed to dragging third-parties into a case against their will when they haven't even been accused of any wrongdoing. That includes both compulsory testimony and the involuntary production of evidence. The courts exist to resolve disputes and protect rights, not to create new disputes and violate rights.

Re:Moving information for Freedom....

"Microsoft's US operations have the ability to retrieve the information from Microsoft's servers in Ireland. "

Your proof for this assertion is where, exactly?

MS UK has made several categorical statements that this is NOT the case in order to win business.

If it was the case, a whole bunch of EU privacy laws would be breached and criminal sanctions would probably be applied. (Deliberiately misrepresnting things is vastly different to accidentally letting data out)

Where is the user located?

There doesn't appear to be any reference to where the email accounts user is located. If it was a US user trying to hide their data on overseas servers there might be some reasoning behind it, but if US courts are trying to get a hold of non-US users data on non US servers there is a serious issue here.

Cuts both ways

[jmv]

It's going to be interesting when the Chinese government issues Google a warrant to get data from the US.

Re:Cuts both ways

[CanHasDIY]

Is Google a Chinese company?

Re:Cuts both ways

[tomhath]

I didn't know Google was a Chinese company.

Re:Cuts both ways

I also did not know Microsoft Ireland was a U.S. company.

Re:Cuts both ways

[thaylin]

Itis a multinational with headquarters in China, so yes, so the same degree that it is a US company.

Re:Cuts both ways

[CanHasDIY]

Then I would say, if China has evidence that the Chinese Google office has done illegal things in their country, and hidden the evidence on US servers, then yea, they should be able to get a warrant for that information, and vice versa.

Re:Cuts both ways

[thaylin]

You are using this "hidden the evidence" phrase as though this is the issue happening here. It is not. There is data of some possible issue on the other servers. There is no evidence that they hide it there as a direction action. And in any case, NO, China should be required to go to the US courts and ask permission to get that information, otherwise, as I stated previously, our privacy and freedom takes a direct hit. There is a reason for sovereignty of nations.

Re:Cuts both ways

[CanHasDIY]

To be honest, I'm kind of up in the air on this one; on the one hand, I hate the fact that rich people and corporations use national borders to commit crimes (like hiding assets from taxation); On the other hand, I know that if the precedent is set, our government will abuse the holy living shit out of the privilege.

I suppose the wise decision would be to err on the side of caution and limit the government's ability to access information. Better 10 guilty men go free than one innocent suffer, right?

Re:Cuts both ways

[tomhath]

Microsoft Ireland wasn't ordered to turn over the data. Microsoft in the US was ordered to turn over data that's available to them from the US.

Re:Cuts both ways

Then Microsoft in the U.S. was given an order it cannot fulfil.

Re:Cuts both ways

[swb]

Is Microsoft Ireland an independent company with its own ownership, or is it a wholly owned subsidiary of Microsoft?

Re:Cuts both ways

Then I would say, if China has evidence that the Chinese Google office has done illegal things in their country, and hidden the evidence on US servers, then yea, they should be able to get a warrant for that information, and vice versa.

How hard do you think it would be for the Chinese government to get a search warrant from a Chinese judge?

Evidence? Sure, we got some "evidence" right here...

Re:Cuts both ways

Well given how corporations usually set up to escape taxation, I expect MS Ireland to own Microsoft US soon enough, yes.

Re:Cuts both ways

[Attila+Dimedici]

The question is, does Google, China have the ability to access data stored on Google. U.S. servers (assuming that Google has a separate corporate entity operating in China the way in which Microsoft has a separate corporate entity operating in Ireland).

Re:Cuts both ways

[zlives]

the issue is not of Goggle the company having done wrong but rather a Chinese criminal (dissenter?) may be hiding data outside China and Google must then open access for prosecution according to the laws of China.

Re:Cuts both ways

[Richy_T]

China should be required by who exactly? They are a sovereign nation and make their own laws.

Sure, they can't march into a US datacenter and start carting out servers but they can gather up the company employees within their borders and do unpleasant things to them. That is the heart of the matter.

Re:Cuts both ways

[Whorhay]

That's easy to answer:

Google refuse to comply and accept whatever consequences the Chinese Courts were able to enforce on them. Which at the worst would be seizure of all Google assets in China and any other nation that China could convince to side with it.

If Google complied with the Chinese Courts and provide information that might violate US law, then they would have to accept the legal consequences of doing so here in the US. Which would likely mean being open to a civil lawsuit and possible criminal charges. The civil lawsuit could be for huge sums of money, although that is very unlikely. The criminal charges would at worst amount to some slap on the wrist fines and some negative publicity.

Either way I have no sympathy for any multinational that ends up in a legal bind like this. They made the choice to operate at a multinational level and part of that is the risk of conflicting laws and jurisdictions.

Re:Cuts both ways

That's only true if Microsoft (US) does not have access to those documents.

If Microsoft (US) *does* have access to those documents (directly, or through standard, existing protocols), then they *can* fulfill it, and any decision *not* to will, and should, be treated exactly like any *other* decision not to hand over evidence covered by a valid warrant.

Re:Cuts both ways

Considering those 10 guilty men will most probably commit new crimes and make more innocent victims, I'd say it's mathematically better if only one innocent suffer because of a justice error than many more because of letting criminals free.

Re:Cuts both ways

It's going to be interesting when the Chinese government issues Google a warrant to get data from the US.

Depending on the firewalls and ACLs, the Google.cn employees may not have access to it. dotCN employees may have only been granted access to docCN Google data, and not the docCOM stuff in the US.

Re:Cuts both ways

Wrong. It incorporated in California in 1998. That makes it an American company, with multinational sites around the globe.

Re:Cuts both ways

Considering those 10 guilty men will most probably commit new crimes and make more innocent victims, I'd say it's mathematically better if only one innocent suffer because of a justice error than many more because of letting criminals free.

I'm sure you'd agree especially if they are death penalty cases, right? Better to kill one innocent along with the 10 guilty men than let the others go free right? Hey, maybe he's got a wife and kids, we can let them watch the botched lethal injection that has their innocent husband/father suffer in pain for 2 hours before he finally expires... hey, whats a little 'justice error' here and there, right?

Bye bye US cloud

[johanw]

Microsoft always sold their cloudservices in the EU with the argument that the data is physically located outside the US so the Patriot Act doesn't apply. Now that this has been proven false, EU-based cloudfirms will use this argument to choose a non-US based firm even more in their commercials than they do already. Good for the non-US based firms.

Re:Bye bye US cloud

[Trepidity]

Yeah they've been really playing that up angle when competing against Google Apps for Business in particular.

Re:Bye bye US cloud

[Nemyst]

Problem is that this case could repeat itself for any company operating in the US, even if the entire hosting is in the EU. EU-based cloud hosts would have to NEVER do business in the US in order to be off-limits, basically (and even then I'm sure they could find a reason).

Re:Bye bye US cloud

[johanw]

They should indeed stay out of the US entirely. There was a huge fuzz here about AMS-IX (Amsterdam internet exchange) starting a US company. Although they went to great lengths to make it independent and assure no Americans (who cannot be trusted due to their totalitarian laws) will have access to any sensitive information it remains to be seen how this will work out.

Re:Bye bye US cloud

[Jahta]

Microsoft always sold their cloudservices in the EU with the argument that the data is physically located outside the US so the Patriot Act doesn't apply. Now that this has been proven false, EU-based cloudfirms will use this argument to choose a non-US based firm even more in their commercials than they do already. Good for the non-US based firms.

Yes indeed. In my current job, we are currently looking at cloud providers. We'll be watching this case (and the appeal) with great interest!

Re:Bye bye US cloud

[david_thornley]

So why is Microsoft US allowed to access the data? If you want to keep your data in the EU, keep both the servers and the direct access in the EU. Certainly Microsoft can have a European subsidiary run its own cloud.

Re:Bye bye US cloud

Microsoft always sold their cloudservices in the EU with the argument that the data is physically located outside the US so the Patriot Act doesn't apply. Now that this has been proven false, EU-based cloudfirms will use this argument to choose a non-US based firm even more in their commercials than they do already. Good for the non-US based firms.

No, it hasn't been proven false, the US really do not have the jurisdiction they claim, Ireland are a part of the EU which has data protection laws far superior to the USA, breaking them can lead to prison sentences for MS Ireland, If MS Ireland had any sense, they'd pull a spamhaus and laugh at them. Meanwhile Microsoft USA have the finances to run the US government into the ground (not joking) or at least keep them tied up in court for YEARS if they try coming after them, this actually happens.

Re:Bye bye US cloud

This ruling also applies to EU companies. SAP is German based yet it has global operations either under the SAP corporate umbrella or wholly owned subsidiaries. Since SAP has operations in the United States, a US court could order them to turn over data from a data center under their control anywhere in the world.

Like extradition, but for evidence

[MobyDisk]

Is there something equivalent to "extradition" laws, but that apply to overseas evidence instead of oversees defendants?

Re:Like extradition, but for evidence

[silas_moeckel]

Yea it's called asking a judge in Ireland.

Re:Like extradition, but for evidence

Is there something equivalent to "extradition" laws, but that apply to overseas evidence instead of oversees defendants?

Yes, assuming for a moment some kind of specific treaty doesn't establish what happens, the default would be US DoJ contacts US State Department, US State Department contacts State Department of target country, State Department of target country does its thing and depending on how that countries government is organized eventually somebody will decide to help the US DoJ or not.

Most western nations do have some kind of treaty on how this kind of thing works, its why groups like Interpol are a thing.

Air through the fences

[malvcr]

This is like if you to go to a country border to talk with a friend you have at the other side. Each one will stay in their corresponding country without breaking any immigration law, but you can talk through the fences (the air is not restricted to one particular country .. yet). Then, your country authorities could demand the person, at the other side of the fences, to said them what you were talking about when you left the place. But this person has all the right to say nothing, because he/she is living in "another" country, with different rules and laws.

Also, this is co-related with what the Europe rules demand about information their citizen have in other countries. So, this means that each country is not an independent one and that anybody can break the physical borders in their quest about what they think, with their current laws and though, that justice could be?

It seems that a basic international ruling on the Internet it is needed to clarify limits before any judge in any country be able to invent whatever thing that, obviously, will break the other country laws.

Re:Air through the fences

[CanHasDIY]

This is like if you to go to a country border to talk with a friend you have at the other side. Each one will stay in their corresponding country without breaking any immigration law, but you can talk through the fences (the air is not restricted to one particular country .. yet). Then, your country authorities could demand the person, at the other side of the fences, to said them what you were talking about when you left the place. But this person has all the right to say nothing, because he/she is living in "another" country, with different rules and laws.

No, it's like if you take a bunch of information to a country border and hand it off to someone on the other side.

Now, say that information you passed to the foreign national was stolen nuclear launch codes, or a list of where you hid the bodies. Do you really think the government should not be able to get a warrant for that information, just because it's not on US soil anymore?

Re:Air through the fences

[thaylin]

Again with this strawman. This is not what is happening here, this is the slippery slope argument the government is presenting, but still no. What is on foreign soil the US has NO right to without going through the other government. PERIOD.

what other foreign laws do you think the US has the right to trample on just because it feels like it?

Re:Air through the fences

[Jason+Levine]

No, it's like if you take a bunch of information to a country border and hand it off to someone on the other side.

Now, say that information you passed to the foreign national was stolen nuclear launch codes, or a list of where you hid the bodies. Do you really think the government should not be able to get a warrant for that information, just because it's not on US soil anymore?

Of course, the government should be able to get a warrant for that information. The difference is that the government should go to the foreign government's court system to get said warrant. Issuing a warrant in the US for data stored on a server in Ireland makes as much sense as police from the US demanding to cross the border and search the house of a Canadian because he was suspected of a crime in the US.

Re:Air through the fences

Now, say that information you passed to the foreign national was stolen nuclear launch codes, or a list of where you hid the bodies. Do you really think the government should not be able to get a warrant for that information, just because it's not on US soil anymore?

Now, say that the North Korean government contacted your US-based hosting provide and told them they the had a warrant issued by the North Korean court system... You still want your hosting provider to hand over your data?

Re:Air through the fences

[malvcr]

Then this means "no absolutes" here.

If an US citizen let something in Ireland (or whatever other place), then the Ireland located service provider can't guarantee than that information "never" will be acquired by the US government, as the US government would perform an international request to Ireland to obtain such data. And "if" Ireland agrees, will provide the data to US. In fact, this is not new in any country in the world.

But if an US based company, as Microsoft is, has data stored in another country and pretends than that data is outside US law, it seems not too be the case and the US law allows the US government to ask for such data. This is new.

But if a foreign ISP (i.e. non US company) offers services that can be accessed by an US citizen inside US, and the US courts declare that the information must be accessed by the US legal system for whatever purpose without passing through all the international legal system and without the aid of the foreign country, then this could be legal for US but illegal for the other country, and even declared as spying if the US proceed to obtain the data.

And if something is illegal in the US but it is not illegal in the other country, then the US legal system has nothing to do there (legally).



At least a miniseries could be developed from this :-)

Re:Air through the fences

This is like if you to go to a country border to talk with a friend you have at the other side. Each one will stay in their corresponding country without breaking any immigration law, but you can talk through the fences (the air is not restricted to one particular country .. yet). Then, your country authorities could demand the person, at the other side of the fences, to said them what you were talking about when you left the place. But this person has all the right to say nothing, because he/she is living in "another" country, with different rules and laws.

No, it's like if you take a bunch of information to a country border and hand it off to someone on the other side.

Now, say that information you passed to the foreign national was stolen nuclear launch codes, or a list of where you hid the bodies. Do you really think the government should not be able to get a warrant for that information, just because it's not on US soil anymore?

Certainly I think they should be able to get a warrant for it... they just have to go to a judge on the other side of that fence (the non US country) and ask them for a warrant to search that other person's house (or whatever) for those stolen nuclear launch codes.

What if it was the reverse, if say someone from India handed over their nuclear launch codes to someone in the US, should India be able to execute a search warrant inside the US for those codes without involving the US legal system? What are they going to do, send in their equivalent of a Seal Team into the US to execute a search warrant? Do they have passports to enter the country? Do we let them bring their weapons in too?

Murica

[korbulon]

I never fail to find the bravado and hubris underlying American exceptionalism... exceptional.

Land of the free... as long as you're not in one of our many many prisons ( http://nomadcapitalist.com/201... ), which has a higher per capita incarceration rate than Cuba, which is second on the list. Oh, and speaking of Cuba, there's always http://en.wikipedia.org/wiki/G....

Home of the brave... because you'd be pretty brave too if your military budget was larger than the nearest eight other countries combined ( http://pgpf.org/Chart-Archive/... )

Where all men are created equal... except, of course, when they're not ( http://www.pbs.org/newshour/ru... ) and a man can make something from himself even if he starts out life with nothing (but probably not): http://money.cnn.com/2013/12/0... )

And where the rule of law is universal and sacrosanct... except in those cases where it's not convenient ( https://www.globalpolicy.org/u... ) and ( https://www.eff.org/nsa-spying... )

Oh well, enjoy your "freedoms".

Re:Murica

Oh well, enjoy your "freedoms".

I will enjoy my freedoms afforded to me by living in the greatest country in the world. I'm glad I don't live in the shit hole you live in.

Re:Murica

Wtf are you talking about. If you commit a crime you should be subject to search via a warrant. If you have routine access to information pertaining to the case in the USA then the USA should have jurisdiction over the information.

Everyone seems outraged but I can't seem to understand why? Are you afraid that as a US citizen you can't hide evidence overseas? I don't know why a foreigner would be afraid either.

Re:Murica

[thaylin]

Greatest country in what regards? there are other countries with more freedom, better education, better economies...I am a US citizen myself, but am having a hard time figuring out what we are the best at, besides war and being a blind patriot.

Re:Murica

[thaylin]

So Iran should be able to get evidence that one of its citizens is a Christian, off US servers? I mean it is not like they are persecuted over there or something.

Re:Murica

there are other countries with more freedom

What country would those be? Because It's certainty none in Europe or Asia. I guess Somalia has more freedom than the US but I wouldn't call it a great country.

Re:Murica

"If you commit a crime"

"Crime" is a pretty variable term anymore here in the US anymore, I think there have been books written regarding the fact that due to the complexity, broad language & even broader interpretation of our laws virtually every adult in the country is chargeable with multiple felonies a day. People have literally been arrested for standing on a sidewalk, in my own state there was a case not too long ago of an individual being arrested and charged for violating a "law" that turned out to not exist. Once upon a time people were only charged when their actions harmed or were intended to harm others, today you can be charged for doing something that harms no one, is done solely on your property and effects no one but you.

Re:Murica

[thaylin]

New Zealand, Uruguay, Costa Rica, Iceland, just to name a few

Re:Murica

[blackraven14250]

If a US company has a subsidiary in Iran, they have bigger legal problems to deal with.

Re:Murica

[thaylin]

What does that have to do with anything?

Re:Murica

All of those countries lack freedom of speech due to their anti hate speech laws.

Re:Murica

[thaylin]

Citation please

Re:Murica

New Zealand
Uruguay
Costa Rica
Iceland

Re:Murica

[korbulon]

They have you so well trained you don't even stop to *think* about all the real-world consequences of what you're saying. Oh sure, U.S. prosecutors should have carte blanche international access because, you know a *crime* possibly has been committed (somewhere. Oh, and "think of the children!" while we're at it).

Investigators in a criminal case want to see some emails stored on Microsoft's servers in Washington. Microsoft has resisted, on the grounds that Chinese law enforcement doesn't have jurisdiction there, but a Beijing judge ruled against them...

Not so nice when the shoe is on the other foot, is it?

Re:Murica

[thaylin]

After looking at the source material for those wiki article, particularly the Urugauy one, I see why wiki is not a reliable source. After all sourcing proposed laws as enforced laws are exactly the same thing..

But of course the US also has anti-hate speech:

In 1942, the Supreme Court sustained the conviction of a Jehovah's witness who addressed a police officer as a "God dammed racketeer" and "a damned facist" (Chaplinksy v. New Hampshire). The Court's opinion in the case stated that there was a category of face-to-face epithets, or "fighting words," that was wholly outside of the protection of the First Amendment: those words "which by their very utterance inflict injury" and which "are no essential part of any exposition of ideas."

Re:Murica

But of course the US also has anti-hate speech:

Which are unconstitutional and the courts can strike down at any time.

Re:Murica

People have literally been arrested for standing on a sidewalk

A sidewalk is for _walking_, not standing. Obstructing pedestrian traffic is a serious offense.

Re:Murica

Then don't live in Iran or don't hide evidence on offshore computers (or anywhere) or don't be a christian. This is an idiotic argument. You propose that you can't keep evidence in your home but you can keep it on an offshore server and there is some HUGE difference?

Re:Murica

[thaylin]

Did you miss the example from the SCOTUS that I gave you? Or are you just ignoring things that dont agree with you?

Re:Murica

[thaylin]

There is a HUGE difference. Being a Christian is not illegal in the US, so having evidence of being one is not a crime. Your argument, that there is no such thing as national sovereignty is the idiotic argument.

Re:Murica

Oh well, enjoy your "freedoms".

I will enjoy my freedoms afforded to me by living in the greatest country in the world. I'm glad I don't live in the shit hole you live in.

There. FTFY.

Re:Murica

First, where you keep the evidence of your crime does not negate that you committed the crime, so I don't understand where national sovereignty comes into play. What does the legality of being a christian in the US have to do with a search conducted in Iran, on an Iranian citizen that must follow Iranian law?

You are missing the bigger picture: Access to the information in the county, on demand, is practically the same thing as its presence in that country. Yes this is new territory and not completely similar to other physical objects. A search conducted at the right time (computer on with "evidence" on screen) could lead to the police finding the information anyway.

Re:Murica

[dunkindave]

So Iran should be able to get evidence that one of its citizens is a Christian, off US servers? I mean it is not like they are persecuted over there or something.

This ruling isn't claiming the US feels it has the right to reach into another jurisdiction and take information it thinks may be evidence, rather, the US feels it can compel people/businesses in its jurisdiction to produce evidence within the control of the entity, even if the information is currently in another jurisdiction. If Iran felt one of its citizens had committed a crime, and that evidence of it was stored on a foreign computer that the accused is known to have access, then you can bet dollars-to-donuts that they would demand the person produce it else, given their system of justice, either use the lack of production as proof that the evidence exists and shows the guilt of the person, or the person would be thrown in jail until such time as they change their mind and produce it.

Yes, I know to some degree the latter is also a possibility in the US since if the court knows the person has something being demanded under subpoena and the person refused to produce it, then they are in contempt of court, and as long as they choose to be in contempt the court can continue to hold them (the violation is self-renewing). A simple rule that the US court system employs (imperfectly) is that illegal actions taken to avoid being charged or convicted will normally have a worse penalty than the original crime. The crimes of destroying evidence, bribing judges or juries, perjury, etc., all have very harsh penalties. Refusing to produce items or information demanded by the court is considers an obstruction to the judicial system so can have a very harsh penalty as well. The main difference in this case is if the information resided on a computer system in the US and the party refused to produce it the court could order it to be seized, while here they cannot. They can still punish the person for not producing it.

Re:Murica

All we care about in America is drug legalization. We don't care about helping people, about stopping the war, about international aid,about bettering ourselves.

We just want to get high.

Re:Murica

[thaylin]

You seem to be having some issues, so I will help. No one is complaining about getting a search in your home country, it is the remote country, that has separate distinct laws.... So If you are an Iranian, and someone get to the US for a Christian conference because you are a Christian, should the Iranians have the right to bypass the US government to get information from US servers to prove that you are a Christian, while in Iran? It is the same situation as what you are supporting, just from another countries side. It seems you are OK for the US to do it, but not other countries.

Re:Murica

[fnj]

A goddam spectacular bunch of fucking drivel by the Supremes. Not unheard of. May the fascists rot in hell for that shit. Ya hear me, pigs?

Re:Murica

[thaylin]

Actually it is. this is not an subpoena compelling them to give them the information, this is a SEARCH warrant, which is giving them the right to actually physically look through those servers in another jurisdiction..

Re:Murica

[dunkindave]

I think the article is poorly written since it uses the term "warrant" but what it describes is a subpoena. Note the line in the article "requiring a company receiving the warrant to search multiple locations for the information". A search warrant is issued by a court and authorizes the police to enter a premise to search for something. If it was truly a search warrant, then we would be hearing about US authorities showing up in Ireland with a US warrant and demanding entrance in order to conduct a physical search, and potential confiscation of property. Instead, what is happening is the authorities are giving a court issued demand to Microsoft telling them they are compelled to produce the information. That is a subpoena, no matter what term the article's author chose to (incorrectly) use.

Re:Murica

No, the difference is that the information CAN be *obtained* from within the home county at any time it just is not permanently *stored* in the home county. All you need is a) to know where to look and b) have no one stopping you from looking. Those two conditions seem a lot like a normal search. In other words the search never needs to cross borders in a physical sense to being with. The search never needed foreign country permission/cooperation to begin with - it needs the cooperation of the citizen while under the laws of the home county. I do NOT advocate physically entering the second country.

I completely understand your position; "electronic bits are physically in another county". My point is that persistent potential to access these bits from the home county means they are effectively also in the home country at all times - you just need "help" accessing them in the same way you need help accessing a lot of other evidence (locked up, stored in remote location, etc). Further, remember, the home country person CONTROLS the foreign servers. This is not about Iran asking for information on servers not controlled from Iran. This is about an Iranian, under Iranian Law, controlling a server from Iran but is located in a foreign country that keeps evidence of a crime that is against Iranian Law, that can be accessed at any time from Iran, given one knows how.

NOT considering the information as in the home county, if it can be readily access from that county, is semantics and that is not how the legal system works. Further, all your position will do is change the search tactic. It will go from a request for the information to a request for access to home country based system used to access the foreign system so that the system can be used to access the foreign files directly.

You can't say "technically I didn't kill that person, the bullet did" you can't say "technically I didn't start that house on fire, I lit the gasoline" and you shouldn't be able to say "that information isn't in the USA, but I own the data and I can look at it in the USA at any time I want, but its not here"

Re:Murica

Funny. Over here, it's the exact opposite. "fighting words" counts as lessening because, well, you were fighting and probably didn't even think to choose the words nor meant them literally.

Re:Murica

Did you miss the example from the SCOTUS that I gave you? Or are you just ignoring things that dont agree with you?

Im saying the SCOTUS make stupid mistakes sometimes and that ruling will get over turned.

Re:Murica

[mhotchin]

The so-called "fighting words' doctrine has essentially been repudiated by the Supreme court, without being explicitly overruled.

For-real-and-for-true, the cases involved are now called "The motherfucker trilogy". Seriously.
http://www.langston.com/Fun_Pe...

Re:Murica

[mhotchin]

Well, *everything*. The US isn't forcing anyone in the EU to do anything - they are forcing a US company to do something, which incidentally involves data stored in the EU.

If a US company has a subsidiary in Iran, then *of course* that is under the jurisdiction of the Iranian courts, and can be compelled to release any and all data they have access to. The obvious solution is to make sure the subsidiaries don not have access to data that you don't want the foreign Gvt to have.

Re:Murica

[david_thornley]

Huh? Iranian courts have no jurisdiction over people not in Iran who are not Iranian citizens. If they do have jurisdiction over somebody, they can legally compel them to hand over information they have access to. As a US citizen currently in the US, I can ignore all Iranian legal directives until they get a US court to cooperate, so if I have control over a server I'm not going to give the Iranian government access. And, yes, it may be unwise to keep direct access, while in Iran, to some information in the US.

BTW, it's perfectly legal to be a Christian in Iran, although I suspect there's some social stigma, and maybe legal restrictions, attached. I believe the crime is converting from Islam to another religion, which I consider to be in gross violation of human rights.

Re:Murica

What does that have to do with anything?

Let me try and simplify it so you can hopefully begin to understand what the grown ups are talking about.

What's good for the goose is good for the gander.

Re:Murica

[NewYork]

And USA is the only country in the world that didn't ratify https://en.m.wikipedia.org/wik...

"If there is a country that has committed unspeakable atrocities.. it is the United States" --Mandela
http://www.huffingtonpost.co.u...

Obama administration says the world’s server

As said on http://arstechnica.com/tech-policy/2014/07/obama-administration-says-the-worlds-servers-are-ours/
> Companies like Apple, AT&T, Cisco, and Verizon agree. Verizon said (PDF) that a decision favoring the US would produce "dramatic conflict with foreign data protection laws." Apple and Cisco said (PDF) that the tech sector is put "at risk" of being sanctioned by foreign governments and that the US should seek cooperation with foreign nations via treaties, a position the US said is not practical.

Now, the tech sector is "at risk" of being sanctioned by foreign governments...

In other news...

[Type44Q]

In other news, judges in North Korea, Iran, Indonesia, Saudi Arabia, the UK and China all declare their rulings (regarding international jurisdiction of their respective nations' laws) to have jurisdiction internationally...

Re:In other news...

[Jason+Levine]

Sadly, North Korea, Iran, Saudi Arabia, and a bunch of other countries have wanted this for awhile. They want the "law of the Internet" to be that if you do X and you doing X is visible in their country where X is illegal, you've broken the law and can be prosecuted. They drool at the thought of being able to force their laws on the Internet at large. Sadly, this US judge is only helping their plan with his short-sighted ruling.

Re:In other news...

[kthreadd]

Yes they can do this. The bigger issue is if they can enforce this, which they can't.

Re:In other news...

[mhotchin]

But who cares? Unless you have an entity in that country that they can issue a court order to, they can blather all they want.

The US isn't invading the EU and seizing servers. It's compelling a *US* company to turn over data it has control over. It doesn't matter where the data is.

That the breaks for multi-nationals - if you don't want to deal with conflicting laws, then GTFO one of the jurisdictions. Otherwise, suck it up and accept that you will have legal liability somewhere, and it's just the cost of doing business.

Re:In other news...

Sadly, North Korea, Iran, Saudi Arabia, and a bunch of other countries have wanted this for awhile. They want the "law of the Internet" to be that if you do X and you doing X is visible in their country where X is illegal, you've broken the law and can be prosecuted. They drool at the thought of being able to force their laws on the Internet at large. Sadly, this US judge is only helping their plan with his short-sighted ruling.

Its even worse from an international business perspective. Nobody from outside the USA will ever considering building a datacenter in the USA now, nobody will want assets in reach of the US court system that don't absolutely have to be. Nobody will want anything hosted in US datacenters either.

Re:In other news...

[ihtoit]

a case I was involved in (peripherally) ended with a superinjunction. Yes, one of those. Come get me, motherfuckers. It involved the forced adoption of a little girl in England. The superinjunction is worded in such a way as it is intended to prevent, across ALL jurisdictions, discussion or even utterance of the existence of the superinjunction itself, never mind any facet of the case itself. If and when any details of the case come out to meet public scrutiny, it will cause major outrage.

(the scan of the superinjunction was posted on a blog, I don't know if it's available on wayback anymore. Nope, after much searching, even the major search engines all seem to be running active filters).

Re:In other news...

You have to consider the force behind this ruling, though. The judge isn't saying that American police can barge into Microsoft's server farm in Ireland and physically take possession of the drives containing the data. The judge is saying that since Microsoft can, in America, pull the data from their servers in Ireland, Microsoft can be held accountable in America for not doing so.

Microsoft could, theoretically, pull up its entire corporate holdings, move them all to Ireland and incorporate there, and then give this ruling the bird.

Say an American is running an American company's data server in the United States, and that data server hosts a website full of dolphin porn with Kim Jong Un's face badly photoshopped onto the dolphin, and upon discovery of this material, Un declares that the American admin is to be shot on sight.* This ruling implies that if the American admin then goes to North Korea, he is subject to punishment for the crime he committed against their law, but it does not imply that North Korea can send an assassin to kill the American admin on American soil.

*I recognize that this metaphor is largely unnecessary to illustrating the point, but there was something about the idea of dolphin porn with Kim Jong Un's face badly photoshopped onto the dolphin that I just had to share with the world.

Re:In other news...

No, the proper channel would be for the Feds or whoever; to ask the Irish police to intervene or at least try the matter in an Irish court as they're supposed to do.

Better yet, store it "nowhere"

[larwe]

Better still, web-based companies with datacenters in many jurisdictions could store your data in a completely distributed fashion, where it isn't possible to retrieve the original without access to all (or at least several) of the servers. So they could subpoena all the data held in the US, and the UK, and Australia, and all the other surveillance states, but without a copy of the complementary data in Switzerland and Belize and on a pirate barge in the middle of the Pacific, they won't be able to reconstruct what you actually have stored up there. Better yet, if they contract with third-party storage providers wholly resident in those other countries, the US (for example) would have zero basis to subpoena those other companies - they are not "doing business" in the United States.

Re:Better yet, store it "nowhere"

[tomhath]

Or just say the hard drive crashed and all the data was lost.

Re:Better yet, store it "nowhere"

[larwe]

Only applicable to the IRS.

Re:Better yet, store it "nowhere"

And the EPA.

Re:Better yet, store it "nowhere"

[thieh]

Don't worry, NSA got a copy already so it got you covered

Re:Better yet, store it "nowhere"

National Storage Archive?

Hard to see how it will work

[badzilla]

A modern corporate giant is not one big company across the planet just because their offices all have the same logo outside. Local offices are separate legal entities in each country.

Suppose MegaMultinational, Inc. has its headquarters in New York and it is legally (in NY) ordered to do something by the court. If it commands its German subsidiary MegaMultinational GmbH to "just hand stuff over" this will likely be in contravention of local German law. Why would the local CEO risk jail by complying?

Re:Hard to see how it will work

A modern corporate giant is not one big company across the planet just because their offices all have the same logo outside. Local offices are separate legal entities in each country.

Remember that the next time you rant against the amount of taxes corporations pay.

Re:Hard to see how it will work

yeah heaven for bid we protect privacy of other than american citizens AND expect large companies to pay tax.

what a ridiculous moron you are

Re:Hard to see how it will work

[david_thornley]

Look, MegaMultinational, Inc. can be ordered to do things by a US court. This may include making a request of MegaMultinational BmbH, who may reject it as illegal. If they have direct access to data, though, they can be compelled to hand it over.

Don't do business with the USA

[green1]

This is one more reason to make extra sure that companies that you deal with have zero US presence. In fact in many jurisdictions it would be illegal to follow these US laws due local privacy laws. By doing business in the US, any data on individuals that you have, even stored in other jurisdictions is subject to their laws, meaning you'll often have the choice of breaking US law, or breaking the laws of the country you're in.

Much safer to just avoid all dealings with the USA.

Re:Don't do business with the USA

This is one more reason to make extra sure that companies that you deal with have zero US presence.

Ha!

Hah ha ha ha ha. Ha ha ha ha hah ha!

No you don't.

Seriously

Re:Don't do business with the USA

Don't worry about it.

Any european competitor will threaten to sue the customer either already during the bid process or retroactively if the customer picks the us based company.

You would be surprised how effective a threat to sue is to make a customer avoid a vendor.

Yet Microsoft spies for the gov

[jader3rd]

As a reader of Slashdot, I know that Microsoft only exists for the sole purpose of spying on behalf of the US government. So I know that this story is pure fiction. I mean whoever made it up didn't even put much effort into good names; Brad Smith? Come on, that's so generic.

Re:Yet Microsoft spies for the gov

[ihtoit]

Brad Smith is probably actually pretty rare. Now, Mohammad Lee (the most common first name and the most common surname), that should ring alarm bells.

Damned if you do...

[Inf0phreak]

MS's employees in Ireland might be criminally liable in the EU if they transmit the data outside EU borders. They might really really like Microsoft, but to the point of being willing to go to prison for the company? I think not.

We could potentially end up in a situation where the main branch of MS screams at the EU branch from across the Atlantic and no one over here is willing to comply.

Re:Damned if you do...

[kthreadd]

Then someone would have to physically get to Europe and retrieve the data.

Re:Damned if you do...

[ledow]

Whereupon his European colleagues, knowing they might face charges of collusion otherwise, report his presence and intentions to the police, deny him access, and ask a court to bar his leaving the country with that data or access to transmit it.

Re:Damned if you do...

[kthreadd]

Then the US will simply have to go to war if they want the data.

Re:Damned if you do...

[ledow]

Ah, the American answer-to-everything.... :-)

Re:Damned if you do...

[jackspenn]

1). The majority of Europeans are lazy pussies who listen to terrible music and don't know how to drive (Poland and Baltic states are the exception, those people are awesome). So, I doubt the EU branch of MS would be willing to comply because of some higher moral reason, but I could see them dragging their feet or passing the buck (I mean Euro).

2). This is a terrible ruling and this judge is out of line, this will likely be struck down on appeal.

3). I keep reading all this postings with analogies of people taking something from the US to another country to avoid being charged or to hide evidence. Couple points. We don't even know if there was a crime, the warrant is to try and determine that. Secondly, who is to say whatever on that server was ever in the US? What if the spreadsheet or whatever, was created and saved entirely on the EU servers and never lived within the US?. I can see some people thinking, but but but the access was from the US, so the cache or the keystrokes or whatever was in the US, so therefore the US courts can issue a warrant. OK, then have them get a warrant to look at the computer(s) within the US and tell them to have fun.

4). This is why you should encrypt your data regardless of where you keep it and regardless of whether you are committing a crime or not. This area more than any other is protected by the rule of law in the US (for now). If the federal government gets your encrypted data, fuck 'em. You don't have the give the the secret according to the Constitution, if they can crack it on their own well, congrats, but nothing says we have to submit like subjects.

Re:Damned if you do...

[radarskiy]

You have assumed that the person(s) sent to Europe to retrieve the data aren't doing so by applying to the Irish authorities to get a warrant for said Irish authorities to seize the data without Microsoft's cooperation.
The point in this case is that Microsoft USA has stipulated that the information exists and that Microsoft USA can access it from the USA.

Re:Damned if you do...

[Samizdata]

Not so much anymore. http://www.computerworld.com/s... http://www.darkreading.com/ris...

What if Ireland seized the data?

[schwit1]

And told the US courts that it must make its request through them.

Re:What if Ireland seized the data?

[porsier]

Yes, they must

so if I say take a position that the CCP

[0xdeaddead]

is full of crap, which is of course illegal in china. so the CCP can get MS to give them all my incriminating 'speech' because it's saved in the US?

Yeah this is going to be a 'good thing'.

Re:so if I say take a position that the CCP

[i+kan+reed]

That evidence can't actually be used without charging you.

You're going to have to accept that the world is at least a little run by de facto power.

Re:so if I say take a position that the CCP

[jbolden]

so the CCP can get MS to give them all my incriminating 'speech' because it's saved in the US?

The analogy would be the CCP can get Huwaii to give you their incriminating speech even from their US based cloud (if they had one). And the answer would be yes they can and they should.

Covered under current law.

[sjbe]

but a New York judge ruled against them, responding to prosecutors' worries that web service providers could just move information around the world to avoid investigation.

IANAL but when information is subpoenaed the company is breaking the law if they move, destroy or hide any requested information. If the party receiving the subpoena is found to have hidden evidence then the judge can rule against them as if the evidence was available and damaging. (it's more complicated than what I'm saying but I think this is the basic process) So I'm not really sure what the prosecutors are worried about that isn't already adequately covered under current law. It would be no different than someone using Fedex to send a paper document to another country. We have that situation covered under current law.

Re:Covered under current law.

[radarskiy]

The idea would be to move incriminating data ahead of time. The classic IT example of this is limited backup retention policies to make sure you don't accidentally keep evidence of something.

Re:Covered under current law.

[ihtoit]

correct - it's called spoliation and is a specific federal offence.

Re:Covered under current law.

Why are laws about subpoenas, relevant to laws about search warrants?
We are discussing search warrants.
Not subpoenas.

From the linked article: "A U.S. district court judge has ruled against Microsoft in the company's effort to oppose a U.S. government search warrant for emails stored in Ireland."

IANAL, I believe your comment about subpoenas is correct, but it's not exactly relevant to this situation.

I suspect, though, that the article might actually mean that a U.S. district court judge has ruled against Microsoft USA in the USA company's effort to oppose a U.S. government search warrant for emails stored in and by Microsoft Ireland.

Two different - but closely related - companies in different jurisdictions.

And what happens if ...

[overshoot]

a European court issues an injunction under the European privacy laws against MS handing over the bits?

Re:And what happens if ...

[kthreadd]

Then Microsoft has to choose if they want to do business in the US or in Europe.

Re:And what happens if ...

What EU court can issue an injunction against Microsoft USA from accessing data owned by Microsoft USA?

Re:And what happens if ...

Europe would be the bigger marketshare, so they'd probably lean that way.

Jurisdiction

If the judge can find a person (or company?) in the US that has control of X outside of US jurisdiction,
    then maybe the judge can compel the person to bring that X before the court. (Where control means can get it without leaving US jurisdiction.)

If there is no such person, then I don't see how a US judge can compel somebody somewhere else to do anything.

Just wondering...

[s0litaire]

Is Microsoft UK the *SAME* company as Microsoft USA? I know they have the same marketing/brand and sell the same items, but one is registered as a UK/Eire/EU company for TAX reasons and the other is a registered US one.

In these days of 'Internal Marketplaces' and companies braking into subsidiaries, is the UK arm of a company technically the same company as the parent if they are both under very different jurisdictions ?

Could this ruling be used on a subsidiary of a foreign organisation based in the US to get access to the parent company's data?
Or, to turn it around, could this be used by another nation on a foreign subsidiary of an American company to access the Main companies data?

Re:Just wondering...

[kthreadd]

If they are different companies then why does the American company have access to the European comany's data?

Having two masters IS difficult

That could make it more difficult for multinationals to operate though. One of the reasons why companies put data centers in Ireland is to comply with EU rules about the locations of personal information.

So it's difficult. It sounds difficult when you translate all the legal gobbledegook into reality:

American boss [on phone]: "Irish underling, I have a guy here pointing a gun at my face. He wants you to release the data!"

Irish underling: "I understand, boss, but I have a guy here pointing a gun at my face, saying 'don't do it or else.'"

American boss: "Tough shit. Do it."

Irish underling: "No. He'll shoot me."

American boss: "I don't care about your problems, but I'm your boss so you better care about mine. Do it or else you're fired."

Irish underling: "Death or unemployment. Gee, that's a hard choice. NOT!![click]"

Amiercan boss: "YOU'RE FIRED!" [off phone] "I tried. I really tried. There's nothing I can do! I am unable to obtain the data."

American government: "Here's what you're going to do: you're going to show me that you have entered that guy as terminated in the employee records. Then you're going to hire a new datacenter admin and send him to Ireland."

American boss: "But the new guy won't be able to do it either! The Irish government will stop him, just like the last guy."

American government: "You're just going to have to be sneaky about it. Lie to that other government. Or have your guy shoot the the cop before the cop shoots him. Break their laws and get out before they can stop you. Or hire an Irish lawyer to persuade the Irish cops to lower their guns. I don't care how you do it, but you better do it, or else I will shoot you."

American boss: "I have an idea. I'll go to Ireland and do it myself!"

American government: "Nice try, but you're not going anywhere out of range of my gun."

Lazy @$$ investigators

[redelm]

A warrant is not something that requires cooperation. It is legal permission for investigators to break-in to a certain place, search for and take listed things. So if this is justified, let them do it!

The warrant should allow particular investigators to break-into whichever servers listed, grep around and download listed items. Done. If they cannot, find 1337r agents. If you need keys, get warrants for physical access to machines.

These "compell" warrants are quite a stretch -- they compell MS to violate EU law, to certify what they turn over, and to never be sure they've fully complied (how could they know they got it all)?

What about Ireland

[grheller]

Excuse me but doesn't Ireland get a say in the matter? The warrant being served involves something physically located on a foreign shore, or is it this administrations thinking it can do whatever it wants with another country like it has to it's own citizens. Ireland ought to tell Obama to kiss their shillelagh, that they have jurisdiction in this matter and if you want something you need to request it through diplomatic channels.

Re:What about Ireland

What Ireland cannot do:
Stop MS US employees who have access to data in Ireland from transferring it to the US and releasing it to US courts.

What Ireland can do:
Remind MS Ireland employees that they have a legal duty not to assist US MS employees accessing the relevant 'Irish' data if it is subject to data protection laws; also remind them that it would be illegal for MS to sack them for such actions (since the law overrides or nullifies any conflicting part of a a contract of employment).

The most interesting part is whether the Irish employees have any duty to *prevent* the US employees accessing the data if they have the technical means to stop them; or if their only duty is not to actively assist them. I.e. in a simple minded example, an MS Ireland employee is sitting next to 'the server' and knows the US employee is about to start the download. Does he have duty to pull the plug on the server to prevent the crime? What if the server is currently down for maintenance? Does he have the duty to refuse to bring it back up (assume manual local restart)?

Re:What about Ireland

[ihtoit]

no because the data is ordinarily and readily accessible by US citizens from terminals located on US soil. As MSUS have already admitted. There is no lawful or legal excuse for MSUS not to turn over the data, which is known to exist and the nature of which is also known. To move it in an attempt to hide it as from the moment the subpoena was issued is a criminal offence. This means that the Irish court would be compelled by treaty as a result of 300-odd years of negotiations, to simply hand jurisdiction in the matter to the US as a criminal matter, and to execute any seizures with the cooperation of US LEO and the Gardai and Interpol in their usual position as international liaison.

How convenient...

How convenient for the US that foreigners have all the obligations of our citizens, but none of the rights!

US

[ledow]

If Microsoft comply, they will be sued by their EU customers and maybe even the EU governments themselves.

There's a reason that jurisdiction applies. You can't be legally required to do something in one country, and then legally required by another country to not do it.

Sorry, US, but if Microsoft comply without getting it right, the EU are likely to fine them into oblivion, and the EU is JUST AS BIG, if not larger, a market as their US market.

Seriously, America, you do not own the world.

Re:US

Silly Europe with its inferiority complex. This is just as much their responsibility, they could solve this problem right now by simply not being so picky all the time.

Re:US

[Whorhay]

"There's a reason that jurisdiction applies. You can't be legally required to do something in one country, and then legally required by another country to not do it."

That is incorrect. It might not seem very fair but it is the way it is. Jurisdiction though does mean that one court can't force an action to take place in another courts jurisdiction like sending in the police for a raid. But they can certainly compel the concerned party to take action via penalties imposed within their own jurisdiction.

As an example there was a man who upon divorcing his wife was accused by her of hiding millions of dollars over seas. I seem to remember that there was no actual evidence that the money still existed but the judge ruled him in contempt of court for not producing it. He was then held in jail for a decade or more, with no possibility of release until he produced the money or evidence of it's non-existence.

Being a multinational does not exempt a company from abiding by all laws and legal requests of the countries where they operate. If such was the case Hobby Lobby would have just incorporated in a country that doesn't require healthcare for employees and called it a day.

Re:US

Please don't think all americans are like this. Some of us are trying to change it for the better, and hate the fact the USG is spying on everyone, and is a bully at all negotiation meetings.

Re:US

Silly Europe with its inferiority complex. This is just as much their responsibility, they could solve this problem right now by simply not being so picky all the time.

Silly America with their war bringer complex. This is all their fault, they could solve this problem right now by not having geography challenged judges serving in the courts.

Naturally

an American judge decides American laws apply to foreign lands. Could you ever imagine the a decision the other way?

It's very simple...

All your server are belong to us!

Or is it MS IRELAND

[Bruce66423]

the wholly owned subsidiary of MS, but subject to IRISH laws which require a court order from an IRISH court to release data.

Re:Or is it MS IRELAND

[suutar]

Is this then data which the wholly owned subsidiary would normally be required to tell MSUSA "you can't have it"? In that case I agree. If they would normally hand it over to MSUSA on request, then I see no problem with the court ordering MSUSA to make such a request.

The prosecutors are worried that they will hear:

[Bruce66423]

The disk crashed and we lost the data - like her at the IRS... terribly sorry...

Jurisdiction depends on residence

[Bruce66423]

If the data is physically in country A, then the court of country A can ban the company that owns it from releasing it, regardless of its 'ownership' by someone else. And it gets lots more interesting if the data is owned by MS Ireland, not MS USA...

What emails?

Why doesn't Microsoft just pull an IRS and say "the hard drive crashed, they are no where to be found"

An end run

[doginthewoods]

" One of the reasons why companies put data centers in Ireland is to comply with EU rules about the locations of personal information. If the US can pierce EU rules regarding personal information simply because someone in the US has access to the servers, then that could lead to EU rules prohibiting such access." And the US is attempting an end run around the established Interpol channels and other countries' laws. And, in typically ignoramus US fashion, the US is unaware of what precedent it will set, if this is successful, and how it will blow back in their faces, if another country tries it. As much as the US would like to ignore reality, the truth is the servers are in another country, and,no matter who owns them, they are subject to that countries rules and regulations. The US is attempting to impose its laws on the rest of the world. You are right- this is not a matter for the US courts, it is for the world court to decide. And my bet is the WC will decide that the laws of the country where the servers are located will prevail.

Yeah, because the US is powerful enough just yet

[JasonGoatcher]

(Title is ironic)

We really need to find a way to start over with the US. Don't know how that could work without being worse in the interim, but we are in dire straits.(sp?)

Sensational journalism

[Joel+Cahoon]

This was previously discussed ad nauseam; Microsoft has simply lost another appeal. To reiterate:

If the warrant had been a conventional search warrant Microsoft could have been right since there are territorial restrictions on those warrants, [magistrate judge James Francis of the U.S. District Court of the Southern District of New York] said.

However, a search warrant on electronic communications is not conventional but rather a hybrid: part search warrant and part subpoena, he said.

“It is executed like a subpoena in that it is served on the ISP in possession of the information and does not involve government agents entering the premises of the ISP to search its servers and seize the email account in question,” he said.

...

Moreover, if treated like a conventional warrant, “the burden on the government would be substantial, and law enforcement efforts would be seriously impeded,” Francis said. To obtain the contents of emails stored abroad, U.S. law enforcement would have to comply with treaties that require the cooperation of two governments. Such requests could be time consuming or even denied, Francis said, adding that the U.S. does not have such treaties with all countries.

Source: PCworld

To move data across jurisdictions is trivial. If it were made this easy to stymie law enforcement whenever the evidence in question is electronic data, we'd end up with much bigger problems. They should at least have to go through the trouble of setting up a shell company...

The one valid concern I've seen raised regarding this issue (which I have not seen raised in this specific case) is when such a warrant would be at odds with data privacy laws in the other jurisdiction; this is a lose-lose situation for the party on whom the warrant is served. I'd feel bad for them, but it was their choice to operate across jurisdictions in the firs place, and their responsibility to be in compliance with all parties; if that's not possible, and they choose to operate anyway, I don't pity them at all.

Headline Correction

Judge: US Search Warrants Apply to US Corporations.

There. FTFY.

Clearly you're not Canadian.

[BitterOak]

The parent post was clearly not written by a Canadian, as any good Canadian knows that Tim Horton's does NOT serve poutine. Otherwise though, your post is spot on.

GOOD!

[Thud457]

This will finally give the IRS the tools it needs to crack open the books on all those shady Swiss & Cayman tax dodges and make the 1% pay their damn taxes.

man, I crack me up...

Incorrect title is incorrect

[radarskiy]

The judge is not claiming jurisdiction overseas. The judge is claiming jurisdiction over Microsoft USA, who has stipulated that the data in question exists and that they have access to it.

CMDD: Can't move data, dummy

Another instance of unqualified people being stakeholders in things they know nothing about.

You can not move data, it can only be copied. ( Well, you could put the HDD in a car, but that's not what this ruling is arguing.)

The existing law works. If said data is stored in the US, then copied to UK and the data.US is deleted... that's destroying evidence. There are already laws for this.

Hoist by their own petard

[radarskiy]

"Seriously, America, you do not own the world."

But also the EU does not own the world.

The possibility that multinational corporation which has split itself up for the purpose of playing different legal jurisdictions off each other has put itself in a position where the pieces create legal liability for other pieces does not necessarily invalidate any of those laws. It may be that they really are running an multinational scam and now they are caught.

Re:Hoist by their own petard

"Seriously, America, you do not own the world."

But also the EU does not own the world.

Which is why MS should default to no action.

The USA is the aggressor here, I don't remember the last time the EU demanded that the US hand over contents stored on US servers.

Why is this news again?

[tapi0]

I may be having a bad case of deja vu, but wasn't this discussed in detail only recently?

Mexican Safe analogy

Another analogy. You have your office on the Mexican border with your office wall right on the border.
You build a save into that wall. The court orders you to turn over the contents of the safe.
You say no, and say they cannot get into it because it is in Mexico.
It is a BS argument, they will keep you in jail for Contempt of Court until you comply.

Re:Mexican Safe analogy

[techno-vampire]

I remember reading that back during Prohibition, there was a tavern that was built right over the US/Canadian border with the bar stools in the US and the bar itself in Canada. That way, if/when US law enforcement came in, all the customers needed to do was put down their glasses and lean back and there was nothing that could be done about it.

Re:Mexican Safe analogy

[countach]

A funny story, but presumably border protection could shut it down.

Re:Mexican Safe analogy

[techno-vampire]

How? Even if the border patrol blocked the entrances on the US side, the owners could always provide a door on the Canadian side and there's no real way to stop people from going into Canada and using them. And, as the tavern was a Canadian business, American LEOs wouldn't have had any jurisdiction as long as the sales were made on the Canadian side of the building.

Microsoft is a US corporation

[bussdriver]

US corporations or anything incorporated in the USA is going to fall under US law. To allow multinationals anymore exceptions above the law than they already have would be EXTREMELY foolish!

What wouldn't surprise me is how Microsoft could get away with stuff while humans in other countries can not... thinking of what they'll do to Assange or what they are doing to Kim Dot Com who are not under US jurisdiction but are/will be subject to it anyhow... along with anybody else the USA is upset with.

Re:Microsoft is a US corporation

[ledow]

Microsoft Ireland is incorporated in Ireland. Which is in the EU. They are therefore separate companies. And thus a binding agreement on one does not form a binding agreement on the other.

Even if it did, the act of exporting personal data of EU citizens FROM the EU without due EU process is a criminal offence in the EU. Which is where Microsoft Ireland are based. Thus anyone in Ireland that facilities or colludes to make this offence happens will stand before an EU court, for trying to comply with a US courts ruling that DOES NOT apply to them.

Re:Microsoft is a US corporation

[bussdriver]

Microsoft Ireland is STILL Microsoft -- it doesn't have it's own stock listing, it doesn't keep profits to itself etc.

THE Microsoft, USA Microsoft has to incorporate by law in Ireland to do the kind of business it wants to do in that nation. It is more akin to me having to get a permit, license to do something when I'm there that I already did in my home nation. They have different laws and regulations and if I want to do something in their nation I have to do whatever.

Multinationals should and need the complexities and limitations of trying to work over multiple boundaries... If they are big and powerful they can most definitely do this... and today they have so much they are above most laws.

Good

[WaffleMonster]

I think this is great news as this offers a huge incentive for other countries to stand up competing infrastructure to the US and decimate US domination over the Internet.

The Internet I signed up for was never intended to be controlled by a handful of global, massive content companies.

US regime gone crazy

US law certainly does not apply to other countries. If the US regime starts claiming this, then the regime in Washington has gone completely rogue, and must not be tolerated by the civilised world. If this is allowed to stand, then Saudi, Kuwait, Israel, and other nasty regimes with abysmal human rights records, will be able to start applying their laws to US citizens.

dear mr Putin

Can you please nuke these stupid and arrogant Muricans into oblivion so that we do not have to endure their all your bases are belong to us attitude anymore?
Thank you.

USA, Europe's frenemy

For us europeans is quite confusing to have USA as our military ally and surveillance enemy.-Ignacio Agulló

Re:USA, Europe's frenemy

I don't honestly think the EU and USA will get along very well at all, this story as well as the Snowden bombshell, relations between the two continents will never be the same again.

Conflict between laws of different nations

[contrarywise]

I assume the US judge applied US law to this case. I assume there are laws in Ireland that place limits on the transfer of data.
So, in Ireland, Irish Microsoft might not be allowed to transfer relevant data that authorities in the USA are legally demanding from USA Microsoft.
This seems to be a trivial example of the complexity of international law which hitherto has gone unnoticed because nobody questioned the practice (don't say, don't ask). (Or, just for fun, the NSA simply got the data without the need to ask anyone).
So this is a test case to see who wins - Ireland/EU standing up for their rights, Microsoft hiring the best legal brains, the Congress insisting that existing US law must be followed.
Clear the ring and place your bets.

Re:Conflict between laws of different nations

US can sink Ireland if they wanted to.

But we had a warrent!

The problem arises when the NSA or CIA get them selves a nice secret court to appoint them warrents to snoop about foreign intelligence servers and computers . All in the name of counter terrorism of course.

What's new?

Eg. G8 Geneva 2008, Indie News servers in London.

He's Middle Eastern...

ish :)

That's good enough for Guantanamo so it should be good enough for you and me, right? :-D

Stupid.

[Black+Dragon]

Honestly, it's as if they want to wreck the US tech industry. I wouldn't be surprised if 20 years from now there was no longer an internet but instead just a bunch of regional intranets and national nets, each one totally disconnected to anything outside. We're already seeing the beginnings of this right now what with China's "Great Firewall" or whatever they call it and Iran's moves in that direction. The US' "What's yours is mine, BEEYOTCH" attitude is only gonna accelerate things.

And the reverse will apply?

[aybiss]

Did they happen to rule on whether Nigerian princes who use cloud services in the US would be covered by the same thing?