Microsoft Defies Court Order, Will Not Give Emails To US Government

schwit1 sends this excerpt from a report about Microsoft: Despite a federal court order directing Microsoft to turn overseas-held email data to federal authorities, the software giant said Friday it will continue to withhold that information as it waits for the case to wind through the appeals process. The judge has now ordered both Microsoft and federal prosecutors to advise her how to proceed by next Friday, September 5.

Let there be no doubt that Microsoft's actions in this controversial case are customer-centric. The firm isn't just standing up to the US government on moral principles. It's now defying a federal court order. "Microsoft will not be turning over the email and plans to appeal," a Microsoft statement notes. "Everyone agrees this case can and will proceed to the appeals court. This is simply about finding the appropriate procedure for that to happen."

customer-centric

[TubeSteak]

Microsoft's actions might seem "customer-centric," but really they're fighting for their lives.

If MS can be forced to give up European data, stored on European servers, that's game over for them.
Lawsuits and investigations will flourish in Europe, because their data protection laws are much stronger/stricter than ours.

This could kill MS's European business.

Re:customer-centric

You mean "Kill every company on the internet's business that serves customers in Europe and America."

Legal precedent would compel Google, and everyone else, to do the same stupid thing this judge has ordered, who is apparently unaware of international laws and seems to assume that US law is the only thing that exists or even should exist. If MS loses, everyone loses.

Re:customer-centric

[rtb61]

It's all just a matter of legal principle. Can any internet company be publicly ordered to break laws in other countries, regardless of where it is based. So M$ is challenging the order to publicly establish a principle and protect it and all other internet companies in this regard. Technically speaking all other internet companies are now getting a free ride on M$'s dime, so it seems sometimes they do pay back to the industry. This is an important principle of law and something the US Federal government should be paying attention to and legislating to ensure the future of all US internet companies is not severely threatened.

Re:customer-centric

judge has ordered, who is apparently unaware of international laws and seems to assume that US law is the only thing that exists or even should exist

A judge is demanding a United States company to play by the rules of the United States? And you have a problem with that? US law is and should be the only law the judge needs to consider. If US laws are incompatible with other nation's laws, then don't blame it on the judge, complain to your legislators.

Re:customer-centric

[PPH]

Its an American's data stored under a European account in European servers.

Perhaps. But if it was an American, residing on European soil, there would be extradition procedures to follow. And those would involve having the local (EU) police generate their own warrant and make their own arrest based upon a formal request. The aprehended suspect would then be turned over to the requesting country.

The same sort of thing should happen here. The USA should make a formal request to the Irish court to secure the evidence and turn it over to US authorities.

Re:customer-centric

[bloodhawk]

Can any internet company be publicly ordered to break laws in other countries, regardless of where it is based?

Why shouldn't they? MS is a United States company. Why should MS, or any other corporation, be able to only abide by US law when it is convenient for them, and break it other times? If the laws of two jurisdictions are incompatible with each other, the corporation should have to make a hard choice and only operate in a single jurisdiction, and use other avenues to expand business to the other.

This is not a case of the US trying to compel a European Company into doing something, it is compelling Microsoft, subject to US law, to turn over data it holds, albeit in a different company. If an American individual is subpoenaed for information relating to a crime, resisting turning it over because it's held in a safe deposit box abroad, is no more an acceptable excuse than "it's in my other pants".

An individual in the United States must abide by US law even when abroad, in addition to abiding by the rules of the foreign country. It's still illegal for an American to smoke weed or solicit 14 year old prostitutes abroad, despite those being legal in some places of the world. If American persons have to play by United States rules 24x7, why should a corporation get to pick and choose?

The US legal system starts and ENDS at the US borders. You seem to have completely misunderstood this situation, For example your safe deposit box example, if the US wanted the contents of a safe deposit box in Europe they cannot legally seize it, doing so would be a violation of europan law and the US officials doing it would be guilty of bank robbery and treated like any other common criminal. They must go through the countries legal system that holds the goods they want to seize, similarly the same applies to Data, the US can get access to it as long as it follows the appropriate laws and procedures. What the US government is trying to do is say other countries laws don't matter with data and therefore are asking a US companies to break another countries laws. You yourself said it that when in other countries you must abide by that countries rules, you cannot compel an individual or company to break the laws of another country. No one is suggesting that MS gets to ignore US laws, it is the US government saying that they get it ignore other countries laws and can compel US companies to do the same while they are in those countries.

Re:customer-centric

[silas_moeckel]

Actually they data is in Europe the judge is trying to say since they have access to it from the US they need to turn it over. The data is under the control of a division incorporated in Europe.

There is established procedure to get this it called ask the European courts.

Re:customer-centric

[Atryn]

A judge is demanding a United States company to play by the rules of the United States? And you have a problem with that? US law is and should be the only law the judge needs to consider. If US laws are incompatible with other nation's laws, then don't blame it on the judge, complain to your legislators.

Another great reason for an inversion besides taxes.

Re:customer-centric

[niftymitch]

Except it isn't European data, Its an American's data stored under a European account in European servers. Small difference.

It is not the data that is the issue.

It is a US Judge requiring a company to reach out across international borders and
as an agent of the judge grab the data and spirit it across international borders and
deliver it to the judge. This something that the US judge could not require of the
State Department, CIA or NSA any other government agency to do.

If it was not data the rule would be more obvious. If a storage company had
a large box of cigars perhaps from some random country close to Florida could that
company be compelled to ship that box of cigars to the judge to determine
if the owner of the box of cigars was engaging in the trade of and trade with
a foreign country that the US has issues with. Only by inspection of the
contents of the box would the judge know.

Now it is possible that Cuban cigars are no longer the smoking gun of illegal
trade with Cuba but the point is that this judge is forcing a company to reach out
across international borders and do the judges bidding.

What if the company name was Blackwater Security Consulting (since renamed Academi)
and that company was directed by a judge to import or export anything or anyone
at the behest of the judge (with or without payment for services BTW).

If it was a physical container the decision in my mind is obvious
that the judge is reaching, reaching, reaching well beyond charter and
jurisdiction.

It gets more interesting if the transport of the physical container crosses
other international borders. Most nations have laws that prohibit trafficking
in stolen goods. So a packet map showing how each and every fragment
of this container traveled could also be a topic of a United Nations inquiry.
Blood diamonds, ebony, ivory... trafficking in crime tainted desirables and
this judge covets this stuff.

Re:customer-centric

The data is owned and controlled by the US division of Microsoft. The judge issued a decree that the US division of Microsoft must produce the data. If Microsoft does it from foreign servers, or local copies, or by recording the farting of the birds, no one cares. All that matters is that the US division of Microsoft must produce the data.
The fact that the data is currently stored overseas is irrelevant.

Re:customer-centric

[Dcnjoe60]

But if an American visits a foreign country, they and their property are subject to the laws of that county. We expect the same of foreign visitors entering our country. And if that foreign countries data protection laws differ from those of the USA, they should still be honored.

Having some foreign government insist on the right to root around in their citizens possesions while in this country, either as a tourist or a refugee would open up a human rights as well as an intellectual property can of worms. Imagine an H-1B worker's home country insisting on receiving copies of all of their work product while employed here.

But the criminal in question didn't visit Ireland and leave his data there. Microsoft didn't visit Ireland, either, but it did send the data there. Also, this is not tangible personal property. It is a bunch of electrons.

As for the H-1B worker, that is a strawman argument and has nothing to do with this. Here is a concrete example of what is going on here. I steal a painting in the US and send it via FedEx to Amerstam where it sits in FedEx's hangar waiting to be picked up. The feds arrest me and ask FedEx to send the painting back for evidence. Should FedEx say no, because it is now in their possession in a foreign country? Before you answer, the courts have already answered it and said yes, FedEx would need to return it as long as it is still in their possession.

Or, lets say two child pornographers both store the pictures they have taken in the US (so US law is broken) on Google's servers and one of the pornographers pictures happen to reside on a server under Google's control in Ireland and the other on a server under Google's control in the US. Is guy who had the luck of his data being routed to Ireland off scott free while the other guy goes to jail, when both of these accounts and servers are under Google's control? While the courts haven't answered this question, they have done so with banking and found that US banks must still turn over seized assets of US bank holders even if those assets are now held in foreign countries. Most other countries also have the same laws, too.

So, the question really is whether or not a criminal should be able to use a US company to hide it's data just because the US company has a server farm somewhere other than the US?

Re:More accuratly "self preservation"

[queazocotal]

By a not too unreasonable extension of the theory that allows the judge to compel microsoft to deliver things they control on a computer in another country - I see no reason exactly the same would not apply to compelling them to deliver a personalised update to one particular computer and deliver access to that computer - wherever in the world it was, and whoever owned it.

Re:More accuratly "self preservation"

[arbiter1]

Well its not just MS, ANY company. Google, Apple, etc would be effected by this as well.

And on a side note...

[MindPrison]

...anyone who seriously store sensitive information on a cloud service like free-email, should be spanked with a trout over and over again.

Globalization

[jmd]

I'm suspecting the zeal MS is showing in challenging the US gov't has more to do with laying the groundword of "nation-states" being neutered. This is about power in the future. If they win against the US gov't this is just one more nail in the coffin of the battle to make governments useless. This goes hand in hand with the Trans Pacific and other trade agreements. These things are designed to strip power from government.

This is just one more step in the march of capitalism that will likely destroy civilization in the long run.

Stop the US-centric crap already

[msobkow]

The US needs to wake up to the fact that they are not "world law." Their law ends at the boundaries of the US.

It doesn't matter if the email account in question is owned by an American. It doesn't matter if the servers are indirectly owned by an American company.

They are in a foreign jurisdiction and the US government needs to go through the judicial and legal processes of that jurisdiction if they want access to the data.

Quite frankly, fuck the "war on terror", the "war on drugs", and every other tired old excuse the US government and it's subservient courts use to try to justify shoving the US legal system down the world's throat.

Re:That's nice, but...

[russotto]

The government could almost certainly get this data by going through the proper procedures in Ireland. That they can also get it surreptitiously doesn't matter; they're trying to establish precedent that they can legally get any data held by any US company anywhere in the world without involving any other government; that precedent is the important part, not the particular data involved.

Re:That's nice, but...

[s.petry]

Dunno, the Russian FSB has actually wrung Windows code reviews out of Microsoft so if they didn't find any back door in that code I'd say there are none to find..

A viable alternative is that they found and use the same back doors available to the NSA. It's speculation either way, because there are no independent reviews of Microsoft's source code and shipped binaries. The released binaries may not even match the source they provided for review.

code reviews are perfect and impossible ?

[raymorris]

> Russian FSB has actually wrung Windows code reviews out of Microsoft so if they didn't find any back door in that code I'd say there are none to find...

So it's entirely possible to do a code review of an entire operating system and be sure that there are no vulnerabilities?
Of course, you can't be sure that something as simple as an ssl library is safe, but an entire OS is no problem. Despite the fact that there's no way to know if the code you're reviewing matches the installed binaries.

> there is always the option of doing a personal code review of what is it now, 200 million plus? lines of Linux source code and then compiling your own Slackware
Yep, that'd be even easier than the Windows code review, especially since thousands of other people have already done some initial review for you. You can then compile it yourself and know that the source code matches the binary, unlike Windows.

(The trojaned compiler attack is fairly trivial to defeat, so don't bother going there .)

Re:Since when did Microsoft become a EU company

[drinkypoo]

Microsoft is headquartered and incorporated in the US and thus subject to US law.

Yep. That's completely true. So if there were some data held on a server in the EU, and a judge decided it was relevant to a lawsuit and demanded that it be presented, they could reasonably hold some representative of the corporation to be in contempt of court until such time as they produced the data in question. However, it would not actually establish any entitlement to that data, nor make it not a violation of various laws if they were to seize it be force.

QED.

QED, what you have said is irrelevant.

Re:That's nice, but...

[Kijori]

Will they? There are a lot of advantages to running this in Ireland: low tax rates without the negative publicity of operating in a tax haven, other favourable financial and tax rules that allow foreign companies to book their profits there to further reduce their tax bills, a skilled workforce, good infrastructure, and all the up-front costs that come from building and equipping the data centre in the first place have been paid already. Call me cynical, but I'm not convinced that many data centres will move if Irish law allows the authorities to get this data.