Microsoft Defies Court Order, Will Not Give Emails To US Government

schwit1 sends this excerpt from a report about Microsoft: Despite a federal court order directing Microsoft to turn overseas-held email data to federal authorities, the software giant said Friday it will continue to withhold that information as it waits for the case to wind through the appeals process. The judge has now ordered both Microsoft and federal prosecutors to advise her how to proceed by next Friday, September 5.

Let there be no doubt that Microsoft's actions in this controversial case are customer-centric. The firm isn't just standing up to the US government on moral principles. It's now defying a federal court order. "Microsoft will not be turning over the email and plans to appeal," a Microsoft statement notes. "Everyone agrees this case can and will proceed to the appeals court. This is simply about finding the appropriate procedure for that to happen."

That's nice, but...

[SternisheFan]

Isn't there a NSA backdoor to MS?

Re:That's nice, but...

[PPH]

What, is this all just for show?

Its either plausible deniability or the need to demonstrate an unbroken and untainted chain of evidence. The NSA may in fact already have access to this data. But acting like they don't, or even loosing a minor case might set other criminals at ease about the security of their data within the Microsoft infrastructure. And they won't switch to a more secure platform. The chain of evidence might be needed to keep a subsequent trial from being thrown out due to tainted evidence. The NSA may already have the evidence (through questionable means), but getting a clean copy removes issues of it being fruit of the poisonous tree.

Re:That's nice, but...

[ShanghaiBill]

The government could almost certainly get this data by going through the proper procedures in Ireland.

Maybe not. If the Irish government caves in to American pressure, then data centers will start leaving Ireland, taking money and jobs with them, just like they are already leaving America. If Microsoft loses this case, and the extra-territorial reach of American Law is upheld, then, if you want privacy, you will need to not only store your data outside America, but not even with a company that does business there. The American government cares more about reading our mail than about keeping our jobs.

Re:That's nice, but...

[PPH]

Could you give an example of a more secure platform?

Sure. Any e-mail system which has users encrypt/decrypt their content locally and then use the storage and transport system solely for storage and transport Slap some directory and key management for (public keys only) on top of that and there you go.

You (the gov't) subpoena the content from the service provider? Sure, here's an encrypted copy. We don't have anything else. Need that decryption key? Go see the sender or recipient. We don't have that.

customer-centric

[TubeSteak]

Microsoft's actions might seem "customer-centric," but really they're fighting for their lives.

If MS can be forced to give up European data, stored on European servers, that's game over for them.
Lawsuits and investigations will flourish in Europe, because their data protection laws are much stronger/stricter than ours.

This could kill MS's European business.

Re:customer-centric

You mean "Kill every company on the internet's business that serves customers in Europe and America."

Legal precedent would compel Google, and everyone else, to do the same stupid thing this judge has ordered, who is apparently unaware of international laws and seems to assume that US law is the only thing that exists or even should exist. If MS loses, everyone loses.

Re:customer-centric

[PPH]

Its an American's data stored under a European account in European servers.

Perhaps. But if it was an American, residing on European soil, there would be extradition procedures to follow. And those would involve having the local (EU) police generate their own warrant and make their own arrest based upon a formal request. The aprehended suspect would then be turned over to the requesting country.

The same sort of thing should happen here. The USA should make a formal request to the Irish court to secure the evidence and turn it over to US authorities.

Re:customer-centric

[bloodhawk]

Can any internet company be publicly ordered to break laws in other countries, regardless of where it is based?

Why shouldn't they? MS is a United States company. Why should MS, or any other corporation, be able to only abide by US law when it is convenient for them, and break it other times? If the laws of two jurisdictions are incompatible with each other, the corporation should have to make a hard choice and only operate in a single jurisdiction, and use other avenues to expand business to the other.

This is not a case of the US trying to compel a European Company into doing something, it is compelling Microsoft, subject to US law, to turn over data it holds, albeit in a different company. If an American individual is subpoenaed for information relating to a crime, resisting turning it over because it's held in a safe deposit box abroad, is no more an acceptable excuse than "it's in my other pants".

An individual in the United States must abide by US law even when abroad, in addition to abiding by the rules of the foreign country. It's still illegal for an American to smoke weed or solicit 14 year old prostitutes abroad, despite those being legal in some places of the world. If American persons have to play by United States rules 24x7, why should a corporation get to pick and choose?

The US legal system starts and ENDS at the US borders. You seem to have completely misunderstood this situation, For example your safe deposit box example, if the US wanted the contents of a safe deposit box in Europe they cannot legally seize it, doing so would be a violation of europan law and the US officials doing it would be guilty of bank robbery and treated like any other common criminal. They must go through the countries legal system that holds the goods they want to seize, similarly the same applies to Data, the US can get access to it as long as it follows the appropriate laws and procedures. What the US government is trying to do is say other countries laws don't matter with data and therefore are asking a US companies to break another countries laws. You yourself said it that when in other countries you must abide by that countries rules, you cannot compel an individual or company to break the laws of another country. No one is suggesting that MS gets to ignore US laws, it is the US government saying that they get it ignore other countries laws and can compel US companies to do the same while they are in those countries.

Re:customer-centric

[Dcnjoe60]

You mean "Kill every company on the internet's business that serves customers in Europe and America."

Legal precedent would compel Google, and everyone else, to do the same stupid thing this judge has ordered, who is apparently unaware of international laws and seems to assume that US law is the only thing that exists or even should exist. If MS loses, everyone loses.

Actually, this same scenario happened with the banking industry and what the judge is proposing actually follows the international law and treaties that came out of it. In short, it doesn't matter where the assets are stored as to who has jurisdiction, but as to who has control over them. For instance if the IRA had deposits in Irish Allied Bank, but the cash was stored in the US, then the Irish Government could still freeze the account. So, if the data is stored somewhere else, but the company is headquartered in their land, why not the same thing?

Re:customer-centric

[niftymitch]

Except it isn't European data, Its an American's data stored under a European account in European servers. Small difference.

It is not the data that is the issue.

It is a US Judge requiring a company to reach out across international borders and
as an agent of the judge grab the data and spirit it across international borders and
deliver it to the judge. This something that the US judge could not require of the
State Department, CIA or NSA any other government agency to do.

If it was not data the rule would be more obvious. If a storage company had
a large box of cigars perhaps from some random country close to Florida could that
company be compelled to ship that box of cigars to the judge to determine
if the owner of the box of cigars was engaging in the trade of and trade with
a foreign country that the US has issues with. Only by inspection of the
contents of the box would the judge know.

Now it is possible that Cuban cigars are no longer the smoking gun of illegal
trade with Cuba but the point is that this judge is forcing a company to reach out
across international borders and do the judges bidding.

What if the company name was Blackwater Security Consulting (since renamed Academi)
and that company was directed by a judge to import or export anything or anyone
at the behest of the judge (with or without payment for services BTW).

If it was a physical container the decision in my mind is obvious
that the judge is reaching, reaching, reaching well beyond charter and
jurisdiction.

It gets more interesting if the transport of the physical container crosses
other international borders. Most nations have laws that prohibit trafficking
in stolen goods. So a packet map showing how each and every fragment
of this container traveled could also be a topic of a United Nations inquiry.
Blood diamonds, ebony, ivory... trafficking in crime tainted desirables and
this judge covets this stuff.

Re:customer-centric

[nabsltd]

But if it was an American, residing on European soil, there would be extradition procedures to follow. And those would involve having the local (EU) police generate their own warrant and make their own arrest based upon a formal request.

If you had followed this case, you would know that this is exactly what the US tried to do.

The US asked an Irish court to issue a warrant to force production of the data. The Irish court refused to issue the warrant. So, the US issued a subpoena to Microsoft, who rightly told the US that although the data was on a Microsoft computer, the data was owned by a customer of Microsoft, therefore a warrant would be required. The US court then issued a warrant for Microsoft to produce the data. Microsoft refused, noting that the data was in a foreign country, and warrants are only valid when issued by a court that has jurisdiction over the location of the requested object/data/person. No US court has jurisdiction over Irish soil, thus we end up at today's story.

The actual point of Microsoft's appeal is that the US wants to have a court to be able to issue an order that has the all the advantages of both a warrant and a subpoena, while ignoring their limitatations. The problem with this is that subpoenas are allowed to be fairly vague and apply to anything that is "owned" by the target of the subpoena, regardless of where it is located. Warrants, OTOH, can force the target to hand over something they don't own but over which they have control, but can only request very specific items/data, and have to be issued by a court that has jurisdiction over where the item/data is located.

re I don't care

[jelizondo]

Frankly, I don't care if MS is standing up out of self-interest or for some other cause, the tyrants in D.C. need to be stopped. Period.

You can't apply U.S. laws to the world at large, regardless of your 'legal' standing.

Many U.S. organizations have presence and pay taxes in many different jurisdictions, making them subject to that particular territory's law. Will the U.S. allow some other country to violate U.S. laws because the subsidiary is present, in say, Aman and thus, by extension, the entire organization is subject to Aman's Law?

The answer is no, because jurisdiction is territorial. You can't apply Ireland's law to MS in the U.S. simply because they have a corporate office there, thus the reverse is true too: you can' t apply U.S. law to a subsidiary in Ireland.

Who owns it is irrelevant; corporations are legal entities of their own, regardless of ownership. Ships owned by, say Americans (most cruise ships for example), are registered in Panama, thus bypassing U.S. Labor laws because who owns them is irrelevant.

Trust me, you don't want to go there: it will open lawsuits against U.S. firms, under U.S. laws, against the owners of such ships and other corporations that use underage labor, exceed working hours / conditions, etc. in other countries.

It would basically make International Law obsolete as we know it.

It appears that the U.S. Government is bent in destroying the American economy while 'preserving' American security.

Stop the US-centric crap already

[msobkow]

The US needs to wake up to the fact that they are not "world law." Their law ends at the boundaries of the US.

It doesn't matter if the email account in question is owned by an American. It doesn't matter if the servers are indirectly owned by an American company.

They are in a foreign jurisdiction and the US government needs to go through the judicial and legal processes of that jurisdiction if they want access to the data.

Quite frankly, fuck the "war on terror", the "war on drugs", and every other tired old excuse the US government and it's subservient courts use to try to justify shoving the US legal system down the world's throat.

They are not defying an order

[debrain]

Notwithstanding some really rare cases (e.g. interlocutory), which this does not appear to be, an order is unenforceable while under appeal.

Doing what an order asks is grounds for dismissal of an appeal, notwithstanding cases where acts are made explicitly with the agreement of the parties and sometimes affirmation of the court to be without prejudice to the right of appeal. However in cases of disclosure of information, the disclosure is generally a form of prejudice (since it cannot be undone) that undermines appellate entitlement.

So it is wrong to say they are are defying an order. They are doing what everyone does on appeal.

If they were to defy an order they could be held in contempt of court. That would be an interesting story.