Judge: US Search Warrants Apply To Overseas Computers

← Back to Stories (view on slashdot.org)

Judge: US Search Warrants Apply To Overseas Computers

Posted by Unknown on Friday August 1, 2014 @02:06AM from the prepare-for-extradition-to-north-korea dept.

jfruh (300774) writes Investigators in a criminal case want to see some emails stored on Microsoft's servers in Ireland. Microsoft has resisted, on the grounds that U.S. law enforcement doesn't have jurisdiction there, but a New York judge ruled against them, responding to prosecutors' worries that web service providers could just move information around the world to avoid investigation. The case will be appealed.

28 of 502 comments (clear)

Min score:

Reason:

Sort:

It's almost sane(really) by i+kan+reed · 2014-08-01 02:12 · Score: 4, Interesting

Going to take a position I know will be unpopular in this thread, but:
The leverage they have is that you're accused of committing a crime within the borders of the US, and evidence you have access to can be demanded under a warrant that covers details related to that crime. Their physical inability to seize it by force(because it's in another jurisdiction) is about as relevant as their inability to unlock your bank safe. Either way they can punish you for not turning over evidence that is covered by the warrant.
1. Re:It's almost sane(really) by Anonymous Coward · 2014-08-01 02:18 · Score: 5, Insightful
  
  It's all well and good so long as the USA don't mind, say, a Russian court issuing a warrant for data held on servers in the USA.
2. Re:It's almost sane(really) by hawguy · 2014-08-01 02:22 · Score: 5, Interesting
  
  Going to take a position I know will be unpopular in this thread, but:
  The leverage they have is that you're accused of committing a crime within the borders of the US, and evidence you have access to can be demanded under a warrant that covers details related to that crime. Their physical inability to seize it by force(because it's in another jurisdiction) is about as relevant as their inability to unlock your bank safe. Either way they can punish you for not turning over evidence that is covered by the warrant.
  Is there any circumstance where you think USA prosecutors should not be allowed to force foreign entities to hand over evidence without going through that country's legal system?
  Like if I'm arrested for smoking pot in the USA and USA prosecutors want to search my bedroom back home in Amsterdam to collect proof of my drug habit, you think its ok for USA police to force my parents to let them search my bedroom back home (or enter their home by force)? Even if my "crime" is only a crime in the USA?
3. Re:It's almost sane(really) by disposable60 · 2014-08-01 02:23 · Score: 5, Insightful
  
  Or China, Iran, Pakistan, Myanmar or North Korea - you know, countries in which dissent of (heavens!) heresy/apostasy are capital offenses.
  
  --
  You're looking for quotes? See my journal.
4. Re:It's almost sane(really) by CanHasDIY · 2014-08-01 02:27 · Score: 4, Insightful
  
  Like if I'm arrested for smoking pot in the USA and USA prosecutors want to search my bedroom back home in Amsterdam to collect proof of my drug habit, you think its ok for USA police to force my parents to let them search my bedroom back home (or enter their home by force)? Even if my "crime" is only a crime in the USA?
  I'm having trouble determining whether this is a really good analogy, or a really bad one... Leaning towards the former.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
5. Re:It's almost sane(really) by drinkypoo · 2014-08-01 02:28 · Score: 4, Insightful
  
  It's all well and good so long as the USA don't mind, say, a Russian court issuing a warrant for data held on servers in the USA.
  There's nothing wrong with that, so long as they don't propose to use force to retrieve the data.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
6. Re:It's almost sane(really) by Anonymous Coward · 2014-08-01 02:35 · Score: 5, Insightful
  
  A Russian court issuing a warrant for data held by a Russian company on servers located in the US but controlled by the Russian company would be consistent with this ruling.
7. Re:It's almost sane(really) by TRRosen · 2014-08-01 02:41 · Score: 5, Insightful
  
  That is a completely irrelevant example. Were not talking about subpoenaing a foreign company or entity. We are talking about forcing companies operating in the US to turn over information that is in their possession (under there control).
  The basic concept here is that data does not exist in the physical world. Where the electrons are is irrelevant if the entity that controls it exists in the US.
8. Re:It's almost sane(really) by 0a100b · 2014-08-01 02:59 · Score: 5, Funny
  
  Using some force may be acceptable, like waterboarding Satya Nadella to get the data...
9. Re:It's almost sane(really) by Anonymous Coward · 2014-08-01 02:59 · Score: 5, Insightful
  
  The US should be able to get search warrants...
  wait for it...
  In Canadian courts. MIND BLOWN.
10. Re:It's almost sane(really) by Nemyst · 2014-08-01 03:02 · Score: 5, Insightful
  
  To both cases: this is why organizations like Interpol exist. So a police force from one country can work in tandem with another to solve a case that crosses national borders. If the US want data stored in an Ireland server, they should work with the police there to get it, instead of saying that their jurisdiction extends worldwide unilaterally.
11. Re:It's almost sane(really) by hawguy · 2014-08-01 03:14 · Score: 4, Insightful
  
  OK, thought of a good counter analogy:
  - You've hidden bombs on public transit all over the country, and the list of where you hid them is stored on a server in the UK; should the government be able to get a warrant for that information?
  Of course they should... Through a UK court, not a USA court.
12. Re:It's almost sane(really) by Culture20 · 2014-08-01 03:40 · Score: 4, Funny
  
  I thought Interpol existed to catch Carmen SanDiego.
13. Re:It's almost sane(really) by Dredd13 · 2014-08-01 03:42 · Score: 5, Insightful
  
  If an American citizen owns the house in Amsterdam, how is that any different than the American company owning the server in Europe?
  As an American citizen, in that revision of the analogy, be could be compelled to allow US investigators to search his Amsterdam residence.
  Would you support that? Cuz "hellz no" for my part
14. Re:It's almost sane(really) by Ghostworks · 2014-08-01 03:46 · Score: 4, Informative
  
  But this is how it already works. For example, China could say to Google "give us access to G-Mail or we'll just block it completely, may be even kick your company out". Then it's a game of chicken. But China does have the right under their laws to block G-Mail or ban Google, as well as to demand unreasonable things from resident companies as the price of doing business. Laws everywhere have always worked this way. This is not new.
  Now the question: if (beyond a certain point) businesses really have no choice but to deal with corrupt regimes, and customers have no choice but to deal with businesses that deal with corrupt regimes, what protects consumers in one jurisdiction from corruption in another? The answer is competing laws. If China imposes harsh penalties for failing to do X, but the U.S. or Europe impose equally harsh penalties for doing X, then businesses torn between them actually have some refuge through ceded responsibility.
  This is exactly how U.S. bribery laws work: "We would love grease your palms, great Poo-bah, but U.S. law says that if we do then we can't do business there, which would mean we also don't have business to do here, so please don't even ask." When there is risk of cross-corruption in the market, it is the government's responsibility to step in and throw up a wall.
  (As a side note, this notion of ceded responsibility is why there are some industries that actually petition for _stronger_ regulations. For example, it's common in some parts for large arms dealers to have to "sweeten the pot" with government buyers by agreeing to pay for side projects, such as the construction of a hospital, as a condition of sale. This is a cost arms dealers would rather avoid, so they petitioned Congress for years to have such "gifts" declared a form of illegal bribery.)
15. Re:It's almost sane(really) by JohnNemesh · 2014-08-01 03:52 · Score: 4, Insightful
  
  That is the best analogy I have seen so far. Moreover, it allows the US to search the house WITHOUT the consent or cooperation of the foreign government! The EU has laws protecting the data of it's citizens. By complying with US law, and allowing the data to be handed over to US authorities, they will be in violation of the EU laws! This puts MS (and every other American tech company) in a VERY awkward position! Do they break US law or EU law? Either way, they will be breaking SOMEONE'S laws, whether they hand over the data or not! This is also going to accelerate the decline of the use American tech overseas. Germany has already stated that they are moving to open source software, due in no small part to the NSA's overreaching spying programs...and the UK has also expressed interest in moving away from Microsoft products and services. Expect those governments, as well as other foreign and multinational corporations to move even more quickly away from US tech to keep their data secure and away from the prying eyes of the NSA, CIA and other US agencies! Another casualty here will be the "cloud". NO ONE outside of the US is going to trust their sensitive data with Amazon, Microsoft, or Google (or any others based in the US) if the US takes the position that all data, stored ANYWHERE IN THE WORLD, is subject to their laws and could be searched and/or seized at any given moment, with or without the consent, permission or knowledge of foreign governments! This court just, single-handedly, shot the entire American tech sector squarely in the balls. It's going to have ramifications that will take YEARS to sort out.
16. Re:It's almost sane(really) by Minwee · 2014-08-01 04:14 · Score: 5, Funny
  
  - You're a serial killer in the US, but every time you murder someone you drive to your Canadian cabin in the woods to hide the body; should the US be able to get search warrants for said cabin?
  This may sound a little bit crazy, but murdering people was recently declared illegal in Canada too. All Special Agent Scully would have to do is pick up the phone and call her counterpart with the RCMP (They recently had phone service installed at both of their igloos!) who would then search the cabin for her, looking for evidence of a crime as defined by Canadian law. Once that was found it there would be some discussions at the nearest Tim Horton's over poutine and coffee (double-double, naturally) about just who would be charged and tried under what laws and whether evidence would be canoed across the border to the USA or the suspect extradited to Canada, Eh.
  It's almost as if this sort of thing has come up before. The situation gets more interesting when a US citizen does something which is only illegal in the USA but not Canada. Something like failing to volunteer to join the army, supporting an unpopular political party or copying music from CD to a tape.
Applies oversea or applies to local access? by Carewolf · 2014-08-01 02:13 · Score: 4, Interesting

If the local branch of Microsoft has access to and control over the servers, they only need to demand the local branch to do so, that doesn't mean they are extended juristiction. If the data could only be accessed from outside the US it would be more interesting.
1. Re:Applies oversea or applies to local access? by Anonymous Coward · 2014-08-01 02:28 · Score: 4, Interesting
  
  If the local branch of Microsoft has access to and control over the servers, they only need to demand the local branch to do so, that doesn't mean they are extended juristiction.
  That could make it more difficult for multinationals to operate though. One of the reasons why companies put data centers in Ireland is to comply with EU rules about the locations of personal information. If the US can pierce EU rules regarding personal information simply because someone in the US has access to the servers, then that could lead to EU rules prohibiting such access.
  During an earlier discussion I thought someone said that the information involved was owned by a US person or organization that was trying to hide by putting it in the EU. That would matter more to me than whether Microsoft had domestic access to the servers.
  I'm not sure that a US court should be deciding this though. It might make more sense to have to appeal to an EU court to pierce this particular veil. That would support EU rights in protecting their data while offering a method for US litigants to gain rightful access to data. Of course, it would also be rather clumsy. But I would rather put clumsiness on litigants than on multinational businesses.
2. Re:Applies oversea or applies to local access? by Trepidity · 2014-08-01 02:37 · Score: 5, Insightful
  
  That appears to be the argument, yes. The court isn't claiming authority to send police officers to Ireland and physically seize the data, or authority to force Irish police to conduct a search. Instead they're demanding that Microsoft (a U.S.-based company) produce the requested evidence, if indeed its U.S. staff have access to it (which they probably do).
  I think it's problematic from a practical perspective, but I could see how someone could reach that conclusion. Usually jurisdiction of U.S. persons does extend to their overseas assets, e.g. in an investigation of fraud a U.S. court can demand that you turn over your Swiss bank account records, even though these accounts are (of course) in Switzerland.
  The main problem IMO is that it puts companies operating in multiple jurisdictions in a bit of a bind. For example, Microsoft Ireland may have responsibility under EU law to not release data except in certain cases, while Microsoft U.S. is required to release it, meaning the company will violate the law somewhere no matter what they do. I'm not sure whether it's possible to avoid that by really firewalling the access, e.g. make Microsoft Ireland an operationally separate subsidiary whose servers cannot be directly accessed by Microsoft USA staff. But that would certainly complicate operations in other ways.
  
  --
  10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Re:Finally! by i+kan+reed · 2014-08-01 02:13 · Score: 4, Insightful

Unfortunately, no. Jurisdiction for the crime isn't the same as jurisdiction for evidence.
Bye bye US cloud by johanw · 2014-08-01 02:22 · Score: 5, Insightful

Microsoft always sold their cloudservices in the EU with the argument that the data is physically located outside the US so the Patriot Act doesn't apply. Now that this has been proven false, EU-based cloudfirms will use this argument to choose a non-US based firm even more in their commercials than they do already. Good for the non-US based firms.
Re:Finally! by LordLimecat · 2014-08-01 02:24 · Score: 4, Informative

So would you be in favor of China being able to subpoena any / all of Microsofts records, regardless of where they are stored?
Murica by korbulon · 2014-08-01 02:31 · Score: 4, Insightful

I never fail to find the bravado and hubris underlying American exceptionalism... exceptional.
Land of the free... as long as you're not in one of our many many prisons ( http://nomadcapitalist.com/201... ), which has a higher per capita incarceration rate than Cuba, which is second on the list. Oh, and speaking of Cuba, there's always http://en.wikipedia.org/wiki/G....
Home of the brave... because you'd be pretty brave too if your military budget was larger than the nearest eight other countries combined ( http://pgpf.org/Chart-Archive/... )
Where all men are created equal... except, of course, when they're not ( http://www.pbs.org/newshour/ru... ) and a man can make something from himself even if he starts out life with nothing (but probably not): http://money.cnn.com/2013/12/0... )
And where the rule of law is universal and sacrosanct... except in those cases where it's not convenient ( https://www.globalpolicy.org/u... ) and ( https://www.eff.org/nsa-spying... )
Oh well, enjoy your "freedoms".
Re:Finally! by retchdog · 2014-08-01 02:31 · Score: 5, Insightful

yeah, i would. it would be a nice reminder about why not to do business with totalitarian states.
and, yes, i also think that this case is a nice reminder for other countries not to do business with the US for exactly the same reason.

--
"They were pure niggers." – Noam Chomsky
Don't do business with the USA by green1 · 2014-08-01 02:45 · Score: 4, Insightful

This is one more reason to make extra sure that companies that you deal with have zero US presence. In fact in many jurisdictions it would be illegal to follow these US laws due local privacy laws. By doing business in the US, any data on individuals that you have, even stored in other jurisdictions is subject to their laws, meaning you'll often have the choice of breaking US law, or breaking the laws of the country you're in.
Much safer to just avoid all dealings with the USA.
Re:Like extradition, but for evidence by silas_moeckel · 2014-08-01 03:00 · Score: 4, Insightful

Yea it's called asking a judge in Ireland.

--
No sir I dont like it.
Clearly you're not Canadian. by BitterOak · 2014-08-01 06:29 · Score: 4, Informative

The parent post was clearly not written by a Canadian, as any good Canadian knows that Tim Horton's does NOT serve poutine. Otherwise though, your post is spot on.

--
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?