Microsoft Agrees To Contempt Order So It Can Appeal Email Privacy Case

← Back to Stories (view on slashdot.org)

Microsoft Agrees To Contempt Order So It Can Appeal Email Privacy Case

Posted by Soulskill on Wednesday September 10, 2014 @12:12AM from the fighting-the-privacy-fight dept.

An anonymous reader writes: Microsoft made news some weeks ago for refusing to hand over customer emails stored on its Dublin, Ireland servers to the U.S. government. The district judge presiding over the case agreed with the government and ordered Microsoft to comply with its demands. On Monday, Microsoft struck a deal with the U.S. government in which the company would be held on contempt charges but would not be penalized for it until after the outcome of an appeal. The district judge endorsed the agreement (PDF) on Thursday.

123 comments

Min score:

Reason:

Sort:

About Time by dcw3 · 2014-09-10 00:17 · Score: 4, Insightful

First time I've wanted to actually compliment Mickeysoft on something in years.

--
Just another day in Paradise
1. Re:About Time by Anonymous Coward · 2014-09-10 00:26 · Score: 0
  
  You think they're doing this for the right reasons? Wakey wakey!
2. Re:About Time by rvw · 2014-09-10 00:37 · Score: 5, Interesting
  
  First time I've wanted to actually compliment Mickeysoft on something in years.
  You think they're doing this for the right reasons? Wakey wakey!
  Right or not - if the EU is too weak to force the US to back down with these laws, maybe money is the way to go.
3. Re:About Time by Anonymous Coward · 2014-09-10 00:38 · Score: 1
  
  Please clue me in. For what wrong reasons are they doing this, and in what way does that negatively affect me (as a non user) or any of the people who are users and may have been negatively affected had Microsoft complied with the order?
4. Re:About Time by Anonymous Coward · 2014-09-10 01:22 · Score: 1
  
  Right or not - if the EU is too weak to force the US to back down with these laws, maybe money is the way to go.
  It is out of EU's jurisdiction, what they can do is to fine Microsoft into bankruptcy until they start following the law. Microsoft is probably quite aware that this might be a problem and thus they decides to fight in the US courts.
  Many (if not most) governments around the world have laws in place that says that their agencies can't outsource services to companies that hands out sensitive information willy nilly. If Microsoft has to hand over the data then many of their large customers have to look for alternatives. (Or pretend to be ignorant of the law until one of Microsofts competitors points it out to them.)
5. Re:About Time by mwvdlee · 2014-09-10 01:38 · Score: 1
  
  Just because the reasons are wrong doesn't mean the results would be wrong.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
6. Re:About Time by Anonymous Coward · 2014-09-10 02:13 · Score: 0
  
  *puts on tinfoil hat*
  
  It's all a big show. Put on in the wake of the Snowden leaks to give the impression that government is still bound by the law. Fact is the government already has the information.
7. Re:About Time by drinkypoo · 2014-09-10 03:12 · Score: 1
  
  Just because the reasons are wrong doesn't mean the results would be wrong.
  I think these reasons are pretty damned right, actually. The reason is the ol' invisible hand of the free market finally doing the right thing for a change. Microsoft has no choice but to demand what their customers are demanding, which is pretty much what a corporation should actually do, rather than trying to fuck them over at every turn with the normal Microsoft EEE strategy.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
8. Re:About Time by Barlo_Mung_42 · 2014-09-10 03:15 · Score: 4, Insightful
  
  They know they won't win. I think MS is trying to force a clear judgment so everyone going forward knows what the rules are. My understanding is that they don't have a good case because the person in the case is a US citizen. If I commit a crime and the evidence is in a Hilton hotel room in the UK nobody expects Hilton to hold onto that evidence just because it happened to be in one of their hotels outside the US.
  So I think the concern by other countries is over done. In this case it's a US citizen and a US company. But MS wants that clearly spelled out to reassure people.
9. Re:About Time by jbolden · 2014-09-10 03:29 · Score: 1
  
  Exactly! (someone should mod this up he gets it). Microsoft wants this crystal clear so everyone understands the scope of US courts. If the data goes onto Azure it is subject to Washington State, Nevada State and Federal courts, period. Take it up with the US government not with Microsoft.
10. Re:About Time by manquer · 2014-09-10 03:58 · Score: 2
  
  If I commit a crime and the evidence is in a Hilton hotel room in the UK nobody expects Hilton
  Everybody however expects U.S. police to go the U.K. police and courts who will check if it was a crime in the U.K. in the first place then ask the U.K. Hilton to hand over the data, aka due process .
11. Re:About Time by Anonymous Coward · 2014-09-10 04:12 · Score: 0
  
  It's not okay for government to fuck around with your personal data but it's okay for Microsoft to do whatever they want with it since you signed a contract stating the obvious.
12. Re:About Time by Anonymous Coward · 2014-09-10 04:45 · Score: 0
  
  Nope.
  I expect the US police to go the UK justice system and tell them they have a warrant ... whether it is a crime in their country does not always matter if the person commited a crime in one country but evidence of that crime is in another country the other country has the right to decide if the warrant should be acted upon even if no crime has been commited upon their soil or by their laws.
13. Re:About Time by Anonymous Coward · 2014-09-10 04:48 · Score: 0
  
  The wrong reason is "it's Microsoft. I get off hatefucking them."
  Same with any positive action done by Walmart. Or Apple.
  Because corporations are eeeeeeeeeevil.
14. Re:About Time by TomV · 2014-09-10 05:00 · Score: 1
  
  If I commit a crime and the evidence is in a Hilton hotel room in the UK nobody expects Hilton to hold onto that evidence just because it happened to be in one of their hotels outside the US.
  The situation might be closer to the evidence being in a safety deposit box in a Hilton hotel in the UK. Or perhaps in a safety deposit box in a UK subsidiary of a US-owned bank. The hotel room analogy might carry too much implication of accessibility as a run-of-the-mill expectation.
15. Re:About Time by jbolden · 2014-09-10 05:09 · Score: 1
  
  I've used your analogy before. And USA law is that the USA corporation is legal obliged to instruct and take measures to get the data from the UK subsidiary. Nothing is changing here this has always been the case.
16. Re: About Time by Samantha+Wright · 2014-09-10 05:14 · Score: 1
  
  But this is typical for Microsoft; they never cooperate with the government if they don't have to; cf. the antitrust case. I do like the idea of "embrace, extend, extinguish" applied to the NSA, though...
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
17. Re:About Time by Opportunist · 2014-09-10 05:42 · Score: 1
  
  There is exactly one reason why they do that: If they don't, they can kiss the storage business abroad good bye. Nobody would ever even think about touching any of their storage services with a ten foot pole, and, if sufficiently security conscious, contemplate moving away from MS wherever possible. At the very least in the server area, if possible at clients, too.
  And I'm not that certain whether companies in the US would agree with it either.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
18. Re:About Time by Ravaldy · 2014-09-10 06:10 · Score: 1
  
  Lesson here is don't cause the US government to want to get into you data and they won't. Otherwise they will. Data out of your hands is not safe anywhere. This has been true of money for a long time with offshore accounts becoming less and less isolated from big government such as the US.
19. Re:About Time by Barlo_Mung_42 · 2014-09-10 07:45 · Score: 1
  
  Regardless, MS just wants this clearly spelled out so people know what the rules are and that they'll be the same rules for Google, Amazon, Apple etc.
20. Re:About Time by Rich0 · 2014-09-10 07:56 · Score: 1
  
  If I commit a crime and the evidence is in a Hilton hotel room in the UK nobody expects Hilton
  Everybody however expects U.S. police to go the U.K. police and courts who will check if it was a crime in the U.K. in the first place then ask the U.K. Hilton to hand over the data, aka due process .
  The problem here is that the evidence is the property of a US company. The US can't send in police to seize the evidence overseas, but it can punish the owner of the evidence until they voluntarily turn it over.
  It is like refusing to hand over an encryption key - they may not have the ability to seize it without cooperation, but they can still beat you with a hose.
21. Re:About Time by kwbauer · 2014-09-10 09:09 · Score: 1
  
  No, the evidence is not the property of a US company. The evidence is the property of a US citizen and is being held by a foreign subsidiary of a US company and is, therefore, exactly like the hotel example.
  The world really would be simpler if we stopped trying to define how information on computer is the same as information on paper in some circumstances and different in others and just say that correspondence is correspondence, personal effects are personal effects, etc.
22. Re:About Time by kwbauer · 2014-09-10 09:13 · Score: 1
  
  Which is why people have mentioned that Microsoft is pushing to the bitter end. They want it painfully obvious that the same rule applies to their major competitors as well so customers won't leave Microsoft for Amazon or Google.
23. Re:About Time by CaptnZilog · 2014-09-10 11:58 · Score: 1
  
  No, the evidence is not the property of a US company. The evidence is the property of a US citizen and is being held by a foreign subsidiary of a US company and is, therefore, exactly like the hotel example.
  The world really would be simpler if we stopped trying to define how information on computer is the same as information on paper in some circumstances and different in others and just say that correspondence is correspondence, personal effects are personal effects, etc.
  Which is, I would think, what MS is trying to do... get the courts to rule on it, one way or another, from the highest court possible.
24. Re:About Time by CaptnZilog · 2014-09-10 12:01 · Score: 1
  
  I've used your analogy before. And USA law is that the USA corporation is legal obliged to instruct and take measures to get the data from the UK subsidiary. Nothing is changing here this has always been the case.
  Which is, in effect, saying that MS then would have to take their UK subsidiary to a UK court to get a ruling, spending their own money taking themselves to court, in essence. That really should be for the US courts (prosecution) to take up with the UK court, shouldn't it? I mean, the whole concept of "me suing myself, and having to hire *both* prosecuting & defense attorneys" is ludicrous...
25. Re:About Time by Anonymous Coward · 2014-09-10 12:58 · Score: 0
  
  You think they're doing this for the right reasons? Wakey wakey!
  Ah the slashdot conspiracy machine is hard at work to find a way to paint this as Microsoft being evil!
26. Re:About Time by Rich0 · 2014-09-10 13:23 · Score: 1
  
  No, the evidence is not the property of a US company. The evidence is the property of a US citizen and is being held by a foreign subsidiary of a US company and is, therefore, exactly like the hotel example.
  No argument there. However, if I leave evidence in a US hotel chain's London hotel, a US court can certainly order the hotel chain to fly it back to the US and threaten to fine it until it complies.
  I'm not arguing morality here - just practicality. If a guy walks into your house and manages to hold you at gunpoint and you're unarmed, as far as you're concerned, he's the boss and he gets what he wants until somebody else shows up and bails you out. As Augustine pointed out, pirates and emporers are the same thing on different scales, but in the case of the emporer there usually isn't a bigger fish who is going to come bail you out if you can hold out long enough.
27. Re:About Time by Anonymous Coward · 2014-09-10 14:10 · Score: 0
  
  All these arguments are good, but irrelevant. The crux of the matter is, can a US court force a company to deliberately violate the laws of other nations? In this case the EEC's privacy protection laws.
28. Re:About Time by jbolden · 2014-09-10 15:51 · Score: 1
  
  They don't have to take them to court. What is the court going to do other than order the UK people to do something. They are a subsidiary. The executives in the subsidiary work directly for the USA company, i.e. they are hired directly by them. They either do what they are told, probably by cooperate in some way to eliminate liability on both sides, or they get fired and replaced with people who would.
29. Re:About Time by Anonymous Coward · 2014-09-10 16:24 · Score: 0
  
  I expect the US police to go the UK justice system and tell them they have a warrant ...
  That works if there is an actual warrant, which there isn't in this case and hence the lawsuit to force MS to comply via court order. Actual warrants based on probable cause are accepted by Interpol, but pompous federal agents saying "we want this information, but don't have enough evidence to obtain a warrant" probably aren't.
30. Re:About Time by bubo · 2014-09-10 20:44 · Score: 1
  
  No, the evidence is not the property of a US company. The evidence is the property of a US citizen and is being held by a foreign subsidiary of a US company and is, therefore, exactly like the hotel example.
  Precisely. The evidence IS the property of a US citizen. If the government want to see it then they should demand it from the US Citizen. Simultaneously they should request Microsoft to take a copy of the evidence for safe keeping so that the US citizen cannot delete the evidence. If the US Citizen refuses to provide the evidence then the US government should then request the evidence through the European courts, citing the fact that their own citizen has refused to provide it.
31. Re:About Time by Anonymous Coward · 2014-09-11 05:18 · Score: 0
  
  Actually it's not. It's property of the UK company called Microsoft UK or similar - it is a wholly separate corporation in a wholly separate sovereign nation.
  The entire claim by the government is that of "control" which at some level is valid - Microsoft USA is a majority shareholder of Microsoft UK but strictly being a shareholder does not mean you get or have control of operational details of the company as a legal matter or right. The US government is making a blanket claim that being a shareholder gives operational control and thus operational liability and obligations.
  It's pretty dubious actually because if you do down that rabbit hole, a lot of very basic business and economic activity becomes very risky.
32. Re:About Time by Anonymous Coward · 2014-09-20 02:59 · Score: 0
  
  It is out of EU's jurisdiction, what they can do is to fine Microsoft into bankruptcy until they start following the law.
  First of all, they cannot 'fine' Microsoft into bankruptcy because Microsoft wouldn't let that happen, and even then, Microsoft would just lobby a few busload of Congressmen and Senate'rs to enact a law to contrary this ruling. If you don't believe me, watch this space.
I don't see how MS can comply by Anonymous Coward · 2014-09-10 00:19 · Score: 0

It would be committing an offence in the country that holds jurisdiction. It appears that the US court is overstepping its reach.
If the US court ruling is upheld, it looks like Microsoft will have to leave the United States, since no other country is going to tolerate this kind of behaviour from a single rogue state.
1. Re:I don't see how MS can comply by jbolden · 2014-09-10 00:26 · Score: 3, Interesting
  
  The ruling applies to anyone doing business in the United States. So it would apply to European companies having a cloud that included the USA as well. What it will mean is either:
  a) Europe and the USA create a treaty covering this so there is black letter law
  b) There are not global clouds
  c) There is de-facto situation where the USA rules governing warrants are enforceable for most everyone and anyone not wanting to be subject to USA warrants needs to stay on Europe only cloud services.
  Microsoft has already hedged themselves in Europe by informing their customers that using Azure is agreeing to export and to not upload any data for which would be illegal to export. So legally they should be fine in Europe. I think they are very worried about (b) becoming the outcome. I just don't see it though. Apple, Google, IBM, Amazon... all face the same issue. Corporations want global clouds. They are probably on balance hostile to European privacy laws. The pressure is going to be applied to European governments to go towards (a) or (c).
2. Re:I don't see how MS can comply by terjeber · 2014-09-10 00:29 · Score: 1
  
  Better yet: D) Microsoft incorporates (entirely or just the relevant business areas) outside of the US and tells overstepping US judges to go f#ck them selves.
3. Re:I don't see how MS can comply by Ronin+Developer · 2014-09-10 00:44 · Score: 1
  
  The previous poster implies that the law applies to ANY company doing business in the US. If that is the case, Microsoft would have to stop doing business in the US.
  There needs to be a clarification of the law as to the scope of jurisdiction and whether it is domestic or international law that applies.
4. Re:I don't see how MS can comply by jbolden · 2014-09-10 00:49 · Score: 3, Informative
  
  The scope of jurisdiction in the ruling is clear cut. Physical presence on the USA. BTW there is no law. This has been existing law for two centuries. It is just being applied to computer data the same way it was to objects and paper historically. The difference is that law enforcement agencies didn't ask for multiple shipping containers full of paper documents but with big data search tools are perfectly comfortable asking for those kinds of quantities of electronic data.
5. Re:I don't see how MS can comply by Anonymous Coward · 2014-09-10 01:38 · Score: 0
  
  The difference is that law enforcement agencies didn't ask for multiple shipping containers full of paper documents but with big data search tools are perfectly comfortable asking for those kinds of quantities of electronic data.
  I think you just found the proper solution to a major data 'request.' Just imagine the fun of sending over 40 truck-loads of email printouts (on cheap recycled paper, both for the environmental benefit and so the stuff will fall apart if it's not treated very carefully). Expensive, inefficient, completely at odds with the intent of the request and an entirely fitting for a government that is expensive, inefficient, and completely at odds with the intent of its establishment.
6. Re:I don't see how MS can comply by mwvdlee · 2014-09-10 02:16 · Score: 3, Informative
  
  Microsoft has already hedged themselves in Europe by informing their customers that using Azure is agreeing to export and to not upload any data for which would be illegal to export. So legally they should be fine in Europe.
  Just because they put something in a license, doesn't make it legal.
  For instance, EULA's are meaningless in a number of European countries.
  Also, contract do not trump law. So if there are laws that prohibit this, the contract (or atleast those specific terms) is invalid.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
7. Re:I don't see how MS can comply by VTBlue · 2014-09-10 02:29 · Score: 1
  
  They already do this. Microsoft Ireland, Microsoft UK ltd. Etc.
8. Re:I don't see how MS can comply by Anonymous Coward · 2014-09-10 02:49 · Score: 0
  
  This has been existing law for two centuries. It is just being applied to computer data the same way it was to objects and paper historically.
  So you are saying that there is absolutely nothing wrong with the Japanese government ordering Sony of Japan to hand over data stored on the US servers of Sony Computer Entertainment America? And then holding Sony of Japan in contempt because Sony Computer Entertainment America told Sony of Japan that if they were to comply, the US government would crack down on them?
  
  (Yes I am aware that TFA is about Microsoft and the US government. I am merely providing an alternative example where the "innocent" company is a US company)
9. Re:I don't see how MS can comply by jbolden · 2014-09-10 03:17 · Score: 1
  
  Yes that is what I'm saying. The US government in fact has notified American companies and customers that is the rule. That Huawei answers to the Chinese government and they should not store things they wouldn't want China to make use of for its own purposes. This isn't a situation where the USA is being hypocritical this is a situation where Europeans want to apply a geographical model and the USA wants to apply a financial model. In addition to just factually asserting this is the law I think a financial model makes more sense on the internet because "where" is quite slippery when we talk about networked computers; while who is usually still able to be determined.
10. Re:I don't see how MS can comply by jbolden · 2014-09-10 03:18 · Score: 3, Informative
  
  It is actually illegal. You can't deliberate engage in activities to make it more expensive or complex for law enforcement to search subpoenaed records. That's contempt of court.
11. Re:I don't see how MS can comply by jbolden · 2014-09-10 03:21 · Score: 1
  
  But where did the crime occur? No one argues that gmail is subject to these privacy laws because gmail is known to copy information to the USA. The problem here is that Europeans believed that Azure Europe wasn't part of a global system. Now Microsoft has informed that isn't true. Uploading to Azure is transferring data to the USA. It is not Microsoft doing the transfer but their customers. Their customers are now prohibited from uploading data that it is illegal to export. They are the ones breaking the law.
12. Re:I don't see how MS can comply by afidel · 2014-09-10 03:25 · Score: 1
  
  I imagine that criminal law has been updated to the same standards as civil law, under FRCP you can no longer bury the opponent with paper, if they make a request for digital records in a digital format then you must supply the records in that format if it is at all reasonable to do so (ie if you ask for PDFs from email that is reasonable, as would be TIFF, but .123 files would probably not be reasonable unless the source documents were in that format)
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
13. Re:I don't see how MS can comply by Anonymous Coward · 2014-09-10 03:29 · Score: 0
  
  This has been existing law for two centuries. It is just being applied to computer data the same way it was to objects and paper historically.
  Don't you think its funny how selectivily those old laws are applied ?
  There is a thing called "privacy of correspondence" for snail-mail. For email ? Not so much. Why ? Well, because ... Yeah, uh ... And yes, email has become snail-mails predecessor, just like electronic data has become the successor of paper data. But somehow one did not get the same old protection, while the other still falls under the same old "give it to us" order.
  ... Which might be exactly what the problem is: the former is something the citizen ought to get (rely on), while the latter is something he must give.
  Captcha: splendid - Not on your life, bub.
14. Re:I don't see how MS can comply by jbolden · 2014-09-10 03:44 · Score: 1
  
  Let me just say the US postal service can open letters with a warrant. The issue for privacy of correspondence was about them doing it without one (i.e. random searches in transit). What the European /.ers are asking for is that warrants simply don't exist at all and the postal service freely, openly and deliberate act to facilitate crime. (I get that the warrants can pass between countries and so this analogy doesn't quite hold).
  But in general and not in this specific, it is a real problem how the laws are being applied selectively. Far better than the courts having to guess how best to apply old laws to new technology would be for congress to create black letter law making it explicit. That's what should be happening.
15. Re:I don't see how MS can comply by DaHat · 2014-09-10 04:58 · Score: 1
  
  You can't deliberate engage in activities to make it more expensive or complex for law enforcement to search subpoenaed records.
  That's not quite accurate.
  If the intent is to make it more difficult... then you best not have any evidence that it was done deliberately then you will be in for a world of pain.
  If however it is part of your normal business processes and as a side effect it makes law enforcement's job harder... that is still perfectly legal.
  
  --
  Help Brendan pay off his student loans
16. Re:I don't see how MS can comply by jbolden · 2014-09-10 05:11 · Score: 1
  
  The company in this hypothetical has the data electronically is refusing to turn it over electronically and instead prints it. Obviously a company that only uses paper records is free to hand those over and doesn't need to create electronic records.
17. Re:I don't see how MS can comply by DaHat · 2014-09-10 05:42 · Score: 1
  
  Correct, Lavabit tried just that ( http://nakedsecurity.sophos.co... ) and was held in contempt for it ( http://www.theguardian.com/tec... ).
  
  --
  Help Brendan pay off his student loans
18. Re:I don't see how MS can comply by Frobnicator · 2014-09-10 07:02 · Score: 2
  
  It is actually illegal. You can't deliberate engage in activities to make it more expensive or complex for law enforcement to search subpoenaed records. That's contempt of court.
  Emphasis in your quote.
  As gets mentioned every time this story appears on slashdot, this is a warrant not a subpoena. The two are different tools. Both are used to find things but one is clean and neat, the other broad and aggressive. As a parallel, a subpoena is a scalpel and a warrant is a chainsaw.
  A subpoena says 'We know you have this specific information, provide it to us within a time frame'. They get subpoenas of this type all the time. There is no dispute a subpoena would get the document no matter where in the world Microsoft held it.
  A warrant says 'We will search for and take anything even remotely related to this, search it ourselves on our own terms.' When they demanded dumps of servers and copies of databases they were told the servers were in another nation and were not subject to a US warrant.
  As was discussed in the previous incarnations of this story, the warrants are rather broad demanding they turn over everything related to the email address and user in question even if it isn't related to a criminal investigation. They want it all, everything the user ever touched or potentially touched, everything sent to the user, everything related to the user. While government investigators can usually get that through a broad warrant, they cannot get that with a subpoena. A subpoena would give them the specific emails related to the crime under investigation, but it is quite likely they already have the specific documents they could ask for.
  
  --
  //TODO: Think of witty sig statement
19. Re:I don't see how MS can comply by mwvdlee · 2014-09-10 07:39 · Score: 1
  
  Again; all that is meaningless if it contradicts local laws.
  If Microsoft wants to sell to users in a country that has laws that Microsoft cannot obey, then it cannot sell regardless of any claims or notifications they make.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
20. Re:I don't see how MS can comply by jbolden · 2014-09-10 08:07 · Score: 1
  
  Microsoft is obeying the law now. Cutting out the middle man, when a user uploads data that user is exporting the data to countries without protections. Including the middle man: when application uses Azure as its backend that application is certifying that all its data is legal for export. Gmail isn't illegal in Europe.
21. Re:I don't see how MS can comply by kwbauer · 2014-09-10 09:23 · Score: 1
  
  Can everyone agree that there exists information that is legal to export from an EU country and there exists information that is illegal to export from said EU country? If so, then how is Microsoft in violation of the law if it tells its users that anything uploaded may be exported and to, therefore, not upload non-exportable things? Are we now expecting companies to employ the magic fairies to divine which uploads contain exportable data and which do not?
22. Re:I don't see how MS can comply by jbolden · 2014-09-10 16:08 · Score: 1
  
  Well put. I'm not sure why the European /.ers are having such a hard time with this.
23. Re:I don't see how MS can comply by mwvdlee · 2014-09-10 18:20 · Score: 1
  
  If you snail-mail a letter from one EU country to another EU country, are you also exporting that letter to the US?
  Microsoft claims that uploading data to a European server is the same as exporting data to the US.
  European laws may prohibit that re-interpretation, making it invalid.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
24. Re:I don't see how MS can comply by kwbauer · 2014-09-13 18:58 · Score: 1
  
  If you send that letter through a courier service that tells you before you give it to them that they will make a photocopy of the letter and send the copy to the US and tell you not to use their service if all of that would violate the law because they don't read the letter to verify whether it is in violation of the law, then continuing to use them is not the burden of having violated the law on you instead of the courier service?
  How is it that the EUers seem to want to totally exhonerate individuals and vilify corporations and their employees when the individual lies to the corporation and the corporation believes them without verifying when the only way to verify would be a total invasion of the individuals privacy?
Good! by Anonymous Coward · 2014-09-10 00:20 · Score: 0

I dont' buy the argument, digital trumps physical location here. Either we have international boundaries and treaties, or we don't. This cherry picking Governments are doing is getting rather old.
Also, if the criminality with which this investigation was warranting access, they wouldn't be going through the motions they are. Established international channels and legal orders would have already been taken to gain access, so this prompts the question, what is the real play here by the Government?
1. Re:Good! by jbolden · 2014-09-10 00:56 · Score: 2
  
  In terms of USA law the law enforcement agencies are using established international channels and legal orders. They aren't doing anything different from what they've done for decades. Microsoft is asking to do something different because the frequency and quantity as opposed to the previous situations with paper records is skyrocketing.
  Also it is important to understand that between WWI and the 1970s we lived in a world where governments were mostly mildly hostile to international trade. Governments were perfectly comfortable with lower levels of international trade and laws that mildly discouraged trade. You really have to look at the colonial age 1812-1914 to really have a period comparable to today where governments were strongly pro-trade.
2. Re:Good! by Anonymous Coward · 2014-09-10 01:38 · Score: 0
  
  >Strongly pro-trade
  I think "agressively trade oriented" is better. We're talking using mlitary to force people to buy your shit here, not just lots of encouragement to export stuff.
3. Re:Good! by jbolden · 2014-09-10 03:26 · Score: 1
  
  I'm not sure that is ever true. But we certainly aren't using military force in Europe. There are Europe only cloud companies and last I checked we didn't hit them with cruise missiles.
4. Re:Good! by david_thornley · 2014-09-11 05:04 · Score: 1
  
  Colonial powers did use force to get people to at least be in a position where they had to trade with the colonizing power or suffer. The opium wars were about the Chinese trying to ban the sale of opium and the British using military force to overturn that ban.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
5. Re:Good! by jbolden · 2014-09-11 05:27 · Score: 1
  
  The USA I don't think ever forced markets open with violence. Japan there was a threat of violence but to the best of my knowledge that's the worst we've ever done. The British I agree forced markets open that way. Though I think you are missing a bit of context on the opium wars.
6. Re:Good! by Anonymous Coward · 2014-09-12 08:10 · Score: 0
  
  The USA I don't think ever forced markets open with violence. Japan there was a threat of violence but to the best of my knowledge that's the worst we've ever done. The British I agree forced markets open that way. Though I think you are missing a bit of context on the opium wars.
  Think again:
  http://en.wikipedia.org/wiki/Bakumatsu#Commodore_Perry_.281853.E2.80.9354.29
  Commodore Perry (1853–54)
  Odaiba battery at the entrance of Tokyo, built in 1853–54 to prevent an American intrusion.
  One of the cannons of Odaiba, now at the Yasukuni Shrine. 80-pound bronze, bore: 250mm, length: 3830mm.
  Japanese coastal wooden cannon built by the Daimyos at the Bakufu's order for Commodore Perry's arrival. 1853–54.
  When Commodore Matthew C. Perry's four-ship squadron appeared in Edo Bay (Tokyo Bay) in July 1853, the bakufu (shogunate) was thrown into turmoil. Commodore Perry was fully prepared for hostilities if his negotiations with the Japanese failed, and threatened to open fire if the Japanese refused to negotiate. He gave them two white flags, telling them to hoist the flags when they wished a bombardment from his fleet to cease and to surrender.[8] To demonstrate his weapons, Perry ordered his ships to attack several buildings around the harbor. The ships of Perry were equipped with new Paixhans shell guns, capable of bringing destruction everywhere a shell landed.
Don't know what to think by Anonymous Coward · 2014-09-10 00:24 · Score: 0

Think that would have worked with average joe as the plaintiff? Money buys justice here. On the other hand, I'm not sure who is right here. It's not good if MS has to give up their foreign customers info that is on some foreign servers. ( and then again, what does the physical location of the data actually matter? ) If some company puts document on trunk and ships the trunk to sweden is it legally untouchable by the US government? It sure is legally ok for the swedish police to investigate such data.
This might be a majos court case deciding who does business with whom. Not a nice thing is US can legally just read everyone elses data if everyone else uses US companies services and pays them. But if you don't allow this, then data can be "hidden" from legally from justice systems around the world. What if EU wanted some data from microsoft that happens to be on US servers? Who has access rights to what data?
1. Re:Don't know what to think by Sique · 2014-09-10 00:39 · Score: 3
  
  The physical location of the data matters because of European Data Protection laws. Microsoft would run afoul of the laws of Ireland if they gave data stored on servers in Ireland to a third party without the actual owner of the data agreeing or a court order by an Irish court. The government lawyers obviously tried to argue that they don't need an Irish court, and the U.S. judge at first bought the argument. And now it seems as if the U.S. court might have changed its mind but want this to be sorted out by the higher court.
  
  --
  .sig: Sique *sigh*
2. Re:Don't know what to think by jbolden · 2014-09-10 01:01 · Score: 1
  
  I don't think Microsoft has a problem. Imagine for a moment that all customer data on European Azure was always copied back to the USA. That wouldn't be illegal. Now imagine that some European application used copy-Azure for their data storage which had personal data. That's what would be illegal.
  Microsoft has already told their European customers don't store information illegal to export on European Azure. I'm not sure that Microsoft can be held responsible at this point. They've made it clear that they are structurally unable to comply with European privacy laws in Europe while fighting with the USA to change USA law.
3. Re:Don't know what to think by Sique · 2014-09-10 01:11 · Score: 2
  
  I don't think you get the real problem. It's not about the export of data (which is not at issue here), it's disclosing private data to a third party. This doesn't mean export - even if the third party in question appeared in Ireland in front of the data center, this still would be illegal.
  
  --
  .sig: Sique *sigh*
4. Re:Don't know what to think by Anonymous Coward · 2014-09-10 02:05 · Score: 0
  
  " Imagine for a moment that all customer data on European Azure was always copied back to the USA. That wouldn't be illegal."
  Yes, yes it would. Do you have any knowledge of European law?
5. Re:Don't know what to think by Anonymous Coward · 2014-09-10 02:21 · Score: 0
  
  Then Microsoft shouldn'ta been using data centers in Ireland in the first place, yes? It basically implies that a corporation stores its data physically in the same country it is chartered. Simple enough.
6. Re:Don't know what to think by jbolden · 2014-09-10 03:11 · Score: 1
  
  I get that it would be illegal in Ireland. The issue is whether it is illegal in the USA. That's where the disclosure it taking place.
  Take for example a situation where a European uses Gmail. Clearly they understand that this is governed by USA law and a USA warrant would apply. The issue here is that Europeans on /. believe that this wouldn't apply to Azure because Azure is "in Ireland" which is factually untrue and Microsoft has officially notified their customers it is untrue.
7. Re:Don't know what to think by jbolden · 2014-09-10 03:23 · Score: 1
  
  What law in Europe prevents a company from copying their own data?
  What law in Europe makes it legal to deliberately copy data to the USA and then argue the American company that accepted the data is the one violating the law?
8. Re:Don't know what to think by Anonymous Coward · 2014-09-10 04:59 · Score: 0
  
  In Germany, this would be the "Bundesdatenschutzgesetz" (see http://www.gesetze-im-internet.de/bdsg_1990/index.html). (Do keep in mind that there is no such thing as "EU law" - the EU can instruct member countries to pass laws that fulfill certain criteria, but the laws themselves are always national). If the data in question is covered by this law, then a company cannot do whatever it wishes with this data. In particular, it cannot transfer this data into countries that have lesser data protection laws, like the U.S.
  Apart from that, I'm pretty sure that in Germany email (which this case was initially about, if I'm not mistaken) remains property of the addressee (or the company he/she works for, in case of company email accounts), not the company that store it, and I would expect Ireland (and the rest of the EU) to be similar. It may be that Microsoft can simply sidestep these issues with their terms of service, but then again Germany has restrictions on what rights you can sign away in a contract. IANAL.
9. Re:Don't know what to think by TomV · 2014-09-10 05:06 · Score: 1
  
  What law in Europe prevents a company from copying their own data?
  Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data
10. Re:Don't know what to think by jbolden · 2014-09-10 05:14 · Score: 1
  
  OK good example. Given the structure of Azure and your laws it seems to me the company was violating German law when they stored emails on Azure. Azure has always been managed out of Washington and thus Americans have always had access. The question (which IMHO isn't really a question it is too clear cut) is whether a count can compel Americans to use their access not whether they had it.
11. Re:Don't know what to think by jbolden · 2014-09-10 05:18 · Score: 1
  
  A directive is not a law. Moreover the directive is binding on Ireland not Microsoft. It is Ireland that needs to pass laws. But even if we ignore that your interpretation is questionable. "Processing of data relating to offences, criminal convictions or security measures may be carried out only under the control of official authority, or if suitable specific safeguards are provided under national law," Which is clearly the case here. There is an official authority the USA federal government, the regulator for Azure. You may not like the particular authority but I could easily see Ireland arguing they are fully compliant with the directive.
12. Re:Don't know what to think by Anonymous Coward · 2014-09-10 07:27 · Score: 0
  
  I don't think it is clear cut at all, not without reading the actual contract and consulting a lawyer. There is some data that companies operating in the EU simply cannot legally move out of the protection of data protection laws, no matter what the contract says. Since I don't think Microsoft is risking contempt of court charges for the lulz, this may be such a case.
13. Re:Don't know what to think by Anonymous Coward · 2014-09-10 07:49 · Score: 0
  
  Oh and by the way, according to this article, you are probably wrong, as Microsoft has promised non-US customers that their data will not be stored on servers under US jurisdiction. If this assurance turns out to be false, they are guilty of fraud.
  (From the article: "These concerns led Microsoft to allow non-US customers to have their personal data stored on regional servers outside the US, in contrast with other large technology groups which have expressed their resistance to such a model.")
  P.S.: Note that I have no idea if the customer in this particular court case is a U.S. citizen or not. I would agree that it would be pretty bogus if Microsoft is simply claiming that just because they stored data from a U.S. citizen on an overseas server they don't have to comply. Unfortunately, it seems all the details of the case are sealed. The argument of the U.S. government that they can't be bothered to seek the assistance of foreign governments are the kind of arrogant bullshit we have come to expect of the U.S. regardless.
14. Re:Don't know what to think by jbolden · 2014-09-10 08:14 · Score: 1
  
  Go to Azure website and read the terms of service they are crystal clear that law enforcement has access. I don't know what they said in private but I do know what they've said in public. They have never claimed that the US group that administers Azure doesn't have access to everything on Azure. This is the reason they sell Azure pack: http://www.microsoft.com/en-us... . That way a company can use Azure technology and Microsoft doesn't have Azure.
  The article linked seems odd since it certainly has Microsoft saying the opposite of the truth. The author is probably misunderstanding something. For example confusing Azure technology with Azure cloud service.
15. Re:Don't know what to think by jbolden · 2014-09-10 08:16 · Score: 1
  
  OK. So assume I'm right that the Americans always had access. Were the German companies who uploaded the emails in the first place breaking the law?
16. Re:Don't know what to think by Sique · 2014-09-10 08:27 · Score: 1
  
  In this case, the disclosure takes place in Ireland, as the data is actually stored there. And that's sufficient here to fall under irish legislation.
  
  --
  .sig: Sique *sigh*
17. Re:Don't know what to think by jbolden · 2014-09-10 08:36 · Score: 1
  
  Not so simple if they knew Americans had the ability to copy at will. That makes the upload the criminal act.
18. Re:Don't know what to think by Anonymous Coward · 2014-09-10 17:42 · Score: 0
  
  Who are "the Americans"?
19. Re:Don't know what to think by Anonymous Coward · 2014-09-10 17:58 · Score: 0
  
  I don't know what they said in private but I do know what they've said in public.
  Maybe but do you actually understand the Enterprise Enrollment Addendum Microsoft Online Services Data Processing Agreement and how it pertains to EU Directive 95/46/EC? It is written in legalese so don't try to simply parse its literal meaning if you don't understand it. If you do understand it you can easily explain how this fits (or rather contradicts) your understanding of this issue.
20. Re:Don't know what to think by jbolden · 2014-09-10 18:10 · Score: 1
  
  Employees of Microsoft working in, living in and generally citizens of the USA.
21. Re:Don't know what to think by jbolden · 2014-09-10 18:16 · Score: 1
  
  EU Directive 95/46/EC is a directive to countries in the EU to implement laws. It isn't a directive for Microsoft. What it does say is that the countries need to implement laws which protect privacy. So first off it is the laws that come from the directive not the directive that have anything to do with Microsoft. Now if we tried to apply the directive directly to Microsoft one of the exceptions is law enforcement which would apply in this case, so I'm not even sure there is an issue at all under that directive. But assuming there is an issue rules that govern companies preventing them from exporting data to countries not bound by such laws. The USA is clearly a country that doesn't support European privacy laws. So Microsoft by announcing that all data uploaded to them is exported would be a non-complying company and thus it would illegal for other companies in the EU to share personal data with them.
  Which is to say applications that store personal data can't use Azure as their backend. Which is precisely what Microsoft is telling their customers.
22. Re:Don't know what to think by Anonymous Coward · 2014-09-11 00:02 · Score: 0
  
  I suspect that the German company would be guilty of negligence if Microsoft did not promise to store the data according to German data protection laws. I also strongly suspect that Microsoft would still be held liable if it where Microsoft that copied the data out of EU jurisdiction and not the customer itself, i.e. if the customer uploaded the data to a datacenter in the EU, and Microsoft then transferred the data to a datacenter outside the EU. But at the risk of repeating myself, IANAL. I would love to see an in-depth analysis of these issue by a lawyer familiar with the laws in question.
23. Re:Don't know what to think by Anonymous Coward · 2014-09-11 00:33 · Score: 0
  
  What Microsoft says on its U.S. website about Azure is completely irrelevant. What matters is what they promise to their (European) customers in their contracts. The EU seems to think Microsoft's promises are good enough to meet European data protection laws (that's what the linked article is about). Not having seen them (and not being a lawyer), the only comment I can make is that I think you are wrong when you claim Microsoft made it crystal clear that U.S. law enforcement would have worldwide access to any data they store. Frankly, I simply don't believe Microsoft would risk being in contempt of court in the U.S. if they thought they where in the clear legally in the EU, so I think Microsoft know that they will be in deep shit in Europe if they comply.
24. Re:Don't know what to think by jbolden · 2014-09-11 00:44 · Score: 1
  
  Well again I disagree that Azure ever claimed to be an EU datacenter. The claimed to be a global cloud service that used an EU datacenter for delivery. For example if I created contact in Italian I can upload it to Alkamai in the USA and it will distribute locally to Italy. On the other hand if someone in Mexico wanted to watch it and I allowed that, Alkamai would pass a copy over to them in Mexico. Alkamai is a global network.
  But how is Microsoft going to know what customer data is legal to export and what is illegal? Holding Microsoft responsible for that is incoherent. Their policy is anything in Azure must be export legal because they freely move data all the time.
  The EU's laws assumed a corporate owned data center for a one country company. They really don't make sense for global companies. They don't make sense for hosting companies with international backup and/or DR. They don't make sense for cloud companies. I think what's going to happen is best practices are going to emerge. And those best practices are likely going to say European companies have to use Europe only cloud, DR, backup, distribution services. They can't be on the global internet because they want protections that the global internet doesn't provide. Which means a European version of Azure. Which is fine, Microsoft licenses Azure's technology and there are Europe only hosting companies. Likely a Europe only version of Alkamai. OpenStack of course is no problem. Amazon doesn't sell their technology and won't but OpenStack has a rapidly developing AWS command set so European hosting companies can just use that. Etc...
  A lawyer isn't going to add much. European hosting and cloud companies are just going to experience a ton of new employees.
25. Re:Don't know what to think by jbolden · 2014-09-11 00:55 · Score: 1
  
  What Microsoft is doing is standard US legal practice. They want an unambiguous appealed all the way up ruling. Everyone is agreeing to move forward this way. Which means the contempt fine will just be token. I think both the judge and the government see the problem. Were the government serious about wanting the data they would not accept a fine. Instead something like the court issues a warrant, the FBI would walk into the Azure USA hosting location and tell the employees to move the data now or face immediate arrest. Which BTW could happen the next time. Probably one of the reasons Microsoft is fighting this one is because the prosecutor doesn't care very much and everyone agrees this case is to set precedent. Remember America is a common law country not a civil law country like most of the EU. So I think you are reading much to much into Microsoft fighting this.
  As for the article. The article is wrong on the facts. So I think the article is confusing Azure pack where what's said in the article is true with Azure cloud service where the whole system doesn't work that way.
  Or another possibility is that contrary to European /.ers EU regulators are fine with US courts having the ability to seize documents because they don't like the privacy laws and think they interfere with law enforcement. We do know of other situations where European governments have used the USA legal system as an end run around their own courts and legal systems.
  I don't think Microsoft would promise something they could never deliver in their contracts. I've never seen them do that. If this were EMC, then sure that would be possible. But Microsoft doesn't like to go into obvious breach of contract.
26. Re:Don't know what to think by Anonymous Coward · 2014-09-11 10:53 · Score: 0
  
  You didnt answer the question. Re-read and try again.
27. Re:Don't know what to think by Anonymous Coward · 2014-09-11 23:43 · Score: 0
  
  Well again I disagree that Azure ever claimed to be an EU datacenter.
  Microsoft offer to keep customer data in a geographical region of the customer's choice. They may not offer this to U.S. customers, but they definitely offer it to European customers.
  
  But how is Microsoft going to know what customer data is legal to export and what is illegal?
  If it is arbitrary customer data, they won't know. But this case is about email, not arbitrary data.
  
  Their policy is anything in Azure must be export legal because they freely move data all the time.
  They offer their (European) customers the option to specify geographical regions customer data will not leave.
  
  The EU's laws assumed a corporate owned data center for a one country company. They really don't make sense for global companies. They don't make sense for hosting companies with international backup and/or DR. They don't make sense for cloud companies.
  The EU's laws assume that any entity operating within the EU follow European laws - just like U.S. laws assume any entity operating within the U.S. follow U.S. law. Since following multiple sets of contradictory laws can make things difficult for global companies, the standard practice since at least the mid 19th century is to incorporate a foreign subsidiary, shielding the parent company from legal liability (much like corporations themselves exist primarily to shield their owners from legal liability) - the parent company isn't operating in a foreign jurisdiction, the subsidiary is.
  To get back to the point at hand, what I've been trying to explain to you is that as far as the EU is concerned, Microsoft Ireland is an Irish company and thus must follow Irish law. If Microsoft Ireland stores data of EU citizens, it must follow Irish data protection laws. Microsoft Ireland may not move data that the law requires it to protect into a country that has lesser data protection. If this lands Microsoft Ireland's American owners in legal hot water in the U.S., that is the owners' problem, not the EU's - "Uncle Sam made me do it" is not a valid defense in front of any European court. I get that you don't think this is sensible or fair to Microsoft, but the EU cares even less about your opinion than it does about mine.
  
  A lawyer isn't going to add much.
  A lawyer will have a more informed opinion on what the relevant laws actually say and how they are interpreted in practice. A lawyer will have a more informed opinion on if the data the U.S. court is seeking is protected in the EU. A lawyer will have a more informed opinion on if simply storing data within the EU places this data under EU data protection laws regardless of where the data is originally from. In short, an informed lawyer can actually add a whole lot.
  
  European hosting and cloud companies are just going to experience a ton of new employees.
  Well, we do agree on that.
28. Re:Don't know what to think by jbolden · 2014-09-12 00:58 · Score: 1
  
  Microsoft offer to keep customer data in a geographical region of the customer's choice. They may not offer this to U.S. customers, but they definitely offer it to European customers.
  I think this is our core point of disagreement. I'm asserting this is 100% false.
  a) What they say unambiguously under the security section of their website
  b) What is unambiguously true about their architecture
  c) That they offer another product that does do what you are claiming Microsoft is promising to do with Azure Cloud Service because Azure Cloud Service doesn't offer this sort of protection.
  I think that's pretty good evidence you are dead wrong about them making the promises you are claiming they are making. Clearly if Microsoft is promising to European customers that their data can't move while running a system administered in the USA that's a real problem. That's simply fraud, forget about the disagreements regarding EU data laws.
  
  the standard practice since at least the mid 19th century is to incorporate a foreign subsidiary, shielding the parent company from legal liability (much like corporations themselves exist primarily to shield their owners from legal liability) - the parent company isn't operating in a foreign jurisdiction, the subsidiary is.
  And that's not quite what's happening here. MOIL is leasing a physical data center from another Microsoft subsidiary. They are purchasing port from a variety of network connections. MOIL is buying services from Microsoft USA but get them at a discount since they are bringing their own infrastructure. MOIL is selling a service to Europeans based on those things. MOIL is not the one offering the service however they are just offering to resell it. Same as when MOIL sells licenses for Microsoft Office and Microsoft Windows, neither of which they write.
  MOIL does not operate Azure. I am an Azure channel partner. I can resell Azure. With other cloud services (not Azure) I could even white label them and sell them under my company's brand name. That doesn't mean I get to run them or set policy. MOIL just sells Azure and rents some physical infrastructure that Azure uses. Azure is not Irish, it doesn't claim to be Irish and it doesn't operate with European law. It is an imported good.
  
  If Microsoft Ireland stores data of EU citizens, it must follow Irish data protection laws.
  MOIL has already told companies they can't follow Irish data protection laws so don't upload that stuff. Unambiguously and publicly.
  
  "Uncle Sam made me do it" is not a valid defense in front of any European court.
  MOIL employees don't do anything. It gets done by USA employees. The second you upload any data of any kind to Azure anywhere in the planet the USA administrators have access to it. The breach of European privacy laws doesn't happen when Microsoft hands the data over, it happens on upload. Which is what they say publicly. The defense is not going to be "Uncle Sam made me do it" the defense is going to be the people who uploaded the data exported the data to the USA as was clearly publicly indicated on Microsoft's website.
  Now if you are correct (and again I doubt it) that MOIL Europe is making promises they can't keep about this data being private in these secret contracts you claim exist, then certainly they are going to answer to European courts for having made those promises. In which case MOIL gets fined and pays damages for having made promises that Microsoft USA, from whom they are buying the service, has no intention of honoring.
  ___
  The problem as far as a lawyer goes is these secret contracts. That's the point of dispute. We aren't disagreeing about the laws. In practice I do agree a lawyer can help with how they are interpreted. What I suspect is that the laws are going to have to be weakened in practice since Europeans want to be pa
Wrong by Anonymous Coward · 2014-09-10 01:21 · Score: 0

There are so many things wrong with this, I don't even know where to begin.
First, was there an actual warrant for the information?
Second, if it's stored outside the jurisdiction of the court, then the court is out of luck. Especially since it's out of the country.
Microsoft has to fight this ... by gstoddart · 2014-09-10 01:37 · Score: 5, Insightful

Because Microsoft will become persona non grata in Europe if they are required to hand over data to the US against local law.
This has always been something people have warned about ... the PATRIOT act basically says "we can force any company to hand over your data from anywhere in the world, and we don't give a damn about your laws and it stays secret".
So Microsoft is in the position of complying with the US government, and losing business elsewhere ... or telling the US government to shove it.
When the US has decided their secret laws trump the laws of every other country, this was inevitable -- and people have been warning about this for years.
I know many governments already basically say "you can't store government data in a US cloud service or on a US server" for exactly this reason.
Basically, the US passed a law which put companies between a rock and a hard place. And now they have to choose between long term profits, or America's zeal for security.
Quite frankly, the US needs to get slapped back down and told by the rest of the world not our fucking problem.

--
Lost at C:>. Found at C.
1. Re:Microsoft has to fight this ... by mwvdlee · 2014-09-10 02:22 · Score: 4, Informative
  
  I know many governments already basically say "you can't store government data in a US cloud service or on a US server" for exactly this reason.
  Make that "you can't store government data on any server from any company doing any kind of business within the US".
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
2. Re:Microsoft has to fight this ... by Nemyst · 2014-09-10 02:45 · Score: 5, Funny
  
  You got that wrong, this is the US providing heavy stimulus for foreign companies creating their own cloud services. They're basically giving free reign to European providers, who do not own a single server in the US, and telling them to go ahead and dominate the market. Europeans should be thanking them, if anything!
3. Re:Microsoft has to fight this ... by Anonymous Coward · 2014-09-10 03:26 · Score: 1
  
  Basically, the US passed a law which put companies between a rock and a hard place. And now they have to choose between long term profits, or America's zeal for security.
  And that's the trillion-dollar (literally, in terms of GDP for a country whose economy is based in large part on software) question: Microsoft has called the government's bluff. If the government is owned by economic interests, it will back down in order to grow GDP. If the government is owned by the security apparatus, it will sacrifice a point or two of GDP in order to maintain the surveillance state. The zeal with which the government pursues this case will demonstrate to the rest of the world whether America is open for business or if we're a closed society.
4. Re:Microsoft has to fight this ... by jbolden · 2014-09-10 03:33 · Score: 1
  
  Exactly. That's where this is likely to go. Europe only cloud services storing European specific data and those are governed by European law. Put it on a Chinese service and it is governed by Chinese law. Then you have a simple financial model for regulating international corporations.
5. Re:Microsoft has to fight this ... by jbolden · 2014-09-10 03:36 · Score: 1
  
  There is no question in my mind which way this is going to go. The implications of courts basically having no ability to issue subpoenas or warrants anymore is more or less the complete collapse of the ability of the US government to enforce any law regarding white collar crime. The implications of the USA companies losing out contracts to European cloud services is a few billion. This is like would you rather have a mosquito bite have your leg amputated.
6. Re:Microsoft has to fight this ... by radarskiy · 2014-09-10 03:53 · Score: 4, Insightful
  
  Your arguement against the PARTIOT Act might be better received if reserved for a case that had anything to do with the PATRIOT Act.
  This is just an ordinary, everyday order for an entity to turn over information that it is known to possess, the only exceptional point is "because the Internet" and the various entities that multi-national corporations split themselves up into to have their cake and eat it too.
  Microsoft USA has acces to mail relevant ot the case. It have been moved to storage owned by a different Microsoft entity in Ireland. Since Microsoft USA has access to it it should be reasonable for a US court-order that correctly follows due process to require that Microsoft USA provide the mail to the court. Otherwise, multi-nationals could just play a shell game with all their data and never have to comply with any nation's court orders ever while single-nation corporations could never enjoy the same freedom.
  An alternative method could very well be for the US to file a request in a Irish court to get the Irish authorities to obtain the mail if the US can show that it is within Irish and EU law, etc. It is correct to say that the former method should not be preferred merely because it is more convenient, but if the for method is more convenient and also follows due process and is legal then objections need to be a little more thorough. On the other hand, since there is now an appeal it may no longer be more convenient that opening a request in an Irish court.
  It may be in the latter case that it is against Irish or EU law to provide the mail, though there is every any discussion about why this case would run afoul of any EU privacy protections, etc.. Note that this would not absolve Microsoft USA from any obligations to the US court. It may very well be possible that Microsoft in its structuring of its multi-national divisions has created a scenario where either one division is in violation of the law in one jurisdiction or another division is in violations of the law in another division and sine this would be a structuring that Microsoft deliberately created I do no see where I would feel sympathetic towards them.
7. Re:Microsoft has to fight this ... by gstoddart · 2014-09-10 04:07 · Score: 2, Interesting
  
  Microsoft USA has acces to mail relevant ot the case. It have been moved to storage owned by a different Microsoft entity in Ireland. Since Microsoft USA has access to it it should be reasonable for a US court-order that correctly follows due process to require that Microsoft USA provide the mail to the court.
  So, your argument is that if Microsoft operates in North Korea, Iran, or any other country .. that those countries should also be able to force Microsoft to hand over any and all records on Americans if they see fit? Without showing probable cause in the the US or worrying about American laws?
  Or are you saying that only America gets to have extra-territorial laws because you're special?
  Which is it? Every court on the planet should be able to subpoena any record from a multinational because they want it? Or you're just so damned unique and awesome that it's only you?
  There's not really much middle ground here. Either it is a legal principle which would apply to any country ... or it isn't.
  And if it isn't, your argument is probably crap and reeks of exceptionalism.
  
  --
  Lost at C:>. Found at C.
8. Re:Microsoft has to fight this ... by gstoddart · 2014-09-10 04:14 · Score: 2
  
  Sorry, but when your courts violate the law of the country in question ... it comes down to a measure of sovereignty.
  Are you suggesting that Microsoft is exempt from the laws of Ireland because a US court says so? Or that it's Microsoft's problem?
  Microsoft is saying "this isn't us, this is you, and can you really do this?".
  Srroy, but when abroad, you are subject to local laws. And a US court should not be able to compel someone to break the law in another country.
  What if an Irish court demanded that US laws be broken? Would you be outraged, or would you say that's how it's supposed to work?
  But, hey, I'm sure you believe America is different than everybody else, and therefore can do whatever they choose here.
  The rest of the world doesn't agree.
  
  --
  Lost at C:>. Found at C.
9. Re:Microsoft has to fight this ... by Anonymous Coward · 2014-09-10 04:23 · Score: 1
  
  >Every court on the planet should be able to subpoena any record from a multinational because they want it?
  Well, duh. This is how the law works already.
10. Re:Microsoft has to fight this ... by Anonymous Coward · 2014-09-10 05:04 · Score: 0
  
  Nope.
  You can only directly subpoena the records of the legal entity that exists inside your nation or jurisdictional treaties. Legal Entities that are outside of you nation and jurisdictional treaties require going through a process understood as getting legal approval in the second nation... IE asking the UK justice system for the right to see the information in Ireland.
11. Re:Microsoft has to fight this ... by jbolden · 2014-09-10 05:07 · Score: 1
  
  Well first off US counts can order Americans to break the laws of another country. A USA court could issue me a warrant to do something illegal in Ireland and if I failed to do so I'd go to jail. That's not even questionable. The claim on authority over US citizens is how the US government is able to arrest people in the small arms trafficking business in Africa or people abroad involved in slave trading of prostitutes or all sorts of things. US law applies to Americans whereever they are. What the European /.ers are proposing would bring back all kinds of horrors as Americans and American companies could do dreadful things as long as they did so outside our borders.
  As for the practicalities. This is what you have with gmail right now and no one objects. The problem you have is you believe Azure is "in Ireland" for some reason. It isn't. Azure is in Washington State. It runs a datacenter in Ireland that is fully under the control of Washington administration. They could tomorrow copy all the data from every client to Washington and the Irish people couldn't do a thing about it. Microsoft has notified customers that uploading to Azure is exporting.
  The customers who are exporting to the USA at this point by uploading to Azure are choosing to do so.
12. Re:Microsoft has to fight this ... by jbolden · 2014-09-10 05:21 · Score: 2
  
  So, your argument is that if Microsoft operates in North Korea, Iran, or any other country .. that those countries should also be able to force Microsoft to hand over any and all records on Americans if they see fit? Without showing probable cause in the the US or worrying about American laws?
  
  Yes. This question keeps getting asked of Americans and the answer is yes. Americans don't use global cloud services for sensitive information that would be illegal to export. They use regulated private clouds.
13. Re:Microsoft has to fight this ... by Ravaldy · 2014-09-10 06:13 · Score: 1
  
  The solution to this is to use a 3rd company which is only legislated locally. This means MS could turn around and say it's not their data and it's not on their storage. They can then provide the details for the company in question to eventually realize they have to way or prying the data out of them.
14. Re:Microsoft has to fight this ... by Anonymous Coward · 2014-09-10 06:28 · Score: 0
  
  Wrong. US courts are not answerable to Irish law. Microsoft is answerable to a US court. Microsoft is in control of the data, therefor Microsoft must furnish the data at the request of a US court. It doesn't get simpler than that. Microsoft's issues is that they thought they could play a jurisdictional shell game with the "cloud" and lost. And yes any court of any nation that Microsoft operates in can request anything that like that is legal for that court to request under that nations laws, if Microsoft doesn't like it they can opt to not do business in that nation.
15. Re:Microsoft has to fight this ... by gstoddart · 2014-09-10 06:56 · Score: 1
  
  Otherwise, multi-nationals could just play a shell game with all their data and never have to comply with any nation's court orders ever while single-nation corporations could never enjoy the same freedom.
  You do realize they already do this with taxes right? Microsoft in Ireland is a distinct legal entity, and it not the same corporation as the one in Redmond. Otherwise Microsoft would pay taxes on its global income to the American government, as well as all of the localities in which they operate.
  The entity in Ireland is subject to Ireland's laws, and is located there because taxation is favorable.
  That does not in any way mean that Microsoft US owning Microsoft in Ireland means that Microsoft in Ireland is exempt from the laws of Ireland, nor can Microsoft USA compel the Irish entity to break the laws of Ireland.
  If what you're saying were true, the EU could fine Microsoft a fraction of it's global revenues and say "it's all the same company, right"?
  This is purely a case of America deciding their laws extend beyond their borders.
  If the data only lives on a server in Ireland, it is most certainly NOT subject to the laws of the US.
  
  --
  Lost at C:>. Found at C.
16. Re:Microsoft has to fight this ... by Rich0 · 2014-09-10 07:59 · Score: 1
  
  You got that wrong, this is the US providing heavy stimulus for foreign companies creating their own cloud services. They're basically giving free reign to European providers, who do not own a single server in the US, and telling them to go ahead and dominate the market. Europeans should be thanking them, if anything!
  They could only dominate the European market though. Those companies wouldn't be able to do business with companies in the US. If they did, then the US government would just threaten them until they gave in - just seize all their US bank accounts, or seize all their payments, harass employees if they travel to the US, etc.
  It isn't as simple as you make it out to be. And it isn't just the US doing this sort of thing. Everybody wants the "Internet" to follow their local laws.
17. Re:Microsoft has to fight this ... by Rich0 · 2014-09-10 08:05 · Score: 1
  
  So, your argument is that if Microsoft operates in North Korea, Iran, or any other country .. that those countries should also be able to force Microsoft to hand over any and all records on Americans if they see fit?
  It isn't a matter of "should." The fact is that those countries can do anything they have the power to do - that is what makes them countries and not corporations. You'd be a fool to store your personal data with a company that needs to keep a country like North Korea happy if you don't want the North Koreans to have access to your data.
  If you run a business selling swastikas, you'd be foolish to build all your infrastructure on servers owned by a company that counted on the German government for most of its business. At any time the Germans could ask them for a favor, and you're out of business.
18. Re:Microsoft has to fight this ... by david_thornley · 2014-09-11 05:22 · Score: 1
  
  Courts have power over entities under their jurisdiction. A US court has jurisdiction over Microsoft US. An Iranian court would have jurisdiction over Microsoft Iran (if it exists). A US court can issue orders to Microsoft US, and an Iranian court can issue orders to Microsoft Iran.
  The difference here is that Microsoft US is the controlling company, and the US court believes Microsoft US can issue orders to Microsoft Ireland, apparently even when that would require Microsoft Ireland to break Irish law. Nobody's going to believe that Microsoft Iran can issue orders to Microsoft US or Microsoft Ireland (except, I suppose, a really stupid court, and in that case it might be legally impossible for Microsoft to operate in Iran).
  So, the question is whether Microsoft US can compel Microsoft Ireland to hand over the data. Microsoft Ireland might refuse, since that apparently would break Irish law, and I don't know what Microsoft US can be forced to do in the way of coercive measures. (I'm not actually completely sure of the relationship, legally. Is it that Microsoft Ireland is a company whose stock is partly or completely owned by Microsoft US? Contracts between the two companies that allow Microsoft Ireland to use Microsoft US software, trademarks, etc., in exchange for handing over control?)
  What's at stake for Microsoft is the ability to offer services to customers that comply with local privacy laws. If it's established that a US court could order Microsoft to hand over data from other countries in defiance of their laws, Microsoft would be extremely handicapped in dealing with many countries. What's at stake for the government is the ability to retrieve information from entities that store it overseas, since it doesn't want to be handicapped in investigation and prosecution by a US person or company transferring the information to another country.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
19. Re:Microsoft has to fight this ... by Anonymous Coward · 2014-09-12 00:07 · Score: 0
  
  What the European /.ers are proposing would bring back all kinds of horrors as Americans and American companies could do dreadful things as long as they did so outside our borders.
  This European has no problem with U.S. courts doing whatever the hell they want with American citizens - that is your problem, not mine. I do have a problem with Americans thinking a U.S. court ordering them to break a law in my country is perfectly OK. It's not - it's a blatant disregard of sovereignty.
  Oh and by the way, I live in a country that is perfectly capable of enforcing its laws on Americans and American companies on our territory. While any help to make sure they don't do dreadful things is of course highly appreciated (as long as you don't violate our sovereignty in the process, of course), we don't need American courts to mind our business for us.
20. Re:Microsoft has to fight this ... by jbolden · 2014-09-12 02:49 · Score: 1
  
  I think you should ask South America about whether you really want that. In any case were that true you wouldn't be worried about what USA courts rule about Microsoft now would you? It would just be irrelevant and of no concern.
Mickeysoft? by Mr+44 · 2014-09-10 01:50 · Score: 1

First time I've heard that in years... How's the weather in the 1990's ?
1. Re: Mickeysoft? by Anonymous Coward · 2014-09-10 02:28 · Score: 1
  
  Quite a bit cooler.
Hum by Anonymous Coward · 2014-09-10 02:23 · Score: 0

I don't understand, Is the government collecting only meta data(from, to) or are they collecting all content of the email including attachments?
Clever stunt by Dega704 · 2014-09-10 02:37 · Score: 1

Whatever this costs Microsoft in fines and legal costs is going to be paltry compared the the revenue they have likely been losing from overseas business since the Snowden revelations. Doing this puts on a good show that makes it look like they care about they are fighting the U.S. government to protect their customers. Deep down I wonder how many of their executives want to see Snowden locked up as well.
It's down to money by bagofbeans · 2014-09-10 04:26 · Score: 1

MS can sell data to anyone they want, including USG. If they win this, then they can charge USG a much higher price for access than the 'reasonable costs' for responding to a court order.
Shame they don't do this for their countrymen by Anonymous Coward · 2014-09-10 05:33 · Score: 0

Or is this manufactured proof that they don't need to pay US taxes?