Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Agrees To Contempt Order So It Can Appeal Email Privacy Case

Posted by Soulskill on from the fighting-the-privacy-fight dept.

An anonymous reader writes: Microsoft made news some weeks ago for refusing to hand over customer emails stored on its Dublin, Ireland servers to the U.S. government. The district judge presiding over the case agreed with the government and ordered Microsoft to comply with its demands. On Monday, Microsoft struck a deal with the U.S. government in which the company would be held on contempt charges but would not be penalized for it until after the outcome of an appeal. The district judge endorsed the agreement (PDF) on Thursday.

19 of 123 comments (clear)

  1. About Time by dcw3 · · Score: 4, Insightful

    First time I've wanted to actually compliment Mickeysoft on something in years.

    --
    Just another day in Paradise
    1. Re:About Time by rvw · · Score: 5, Interesting

      First time I've wanted to actually compliment Mickeysoft on something in years.

      You think they're doing this for the right reasons? Wakey wakey!

      Right or not - if the EU is too weak to force the US to back down with these laws, maybe money is the way to go.

    2. Re:About Time by Barlo_Mung_42 · · Score: 4, Insightful

      They know they won't win. I think MS is trying to force a clear judgment so everyone going forward knows what the rules are. My understanding is that they don't have a good case because the person in the case is a US citizen. If I commit a crime and the evidence is in a Hilton hotel room in the UK nobody expects Hilton to hold onto that evidence just because it happened to be in one of their hotels outside the US.
      So I think the concern by other countries is over done. In this case it's a US citizen and a US company. But MS wants that clearly spelled out to reassure people.

    3. Re:About Time by manquer · · Score: 2

      If I commit a crime and the evidence is in a Hilton hotel room in the UK nobody expects Hilton

      Everybody however expects U.S. police to go the U.K. police and courts who will check if it was a crime in the U.K. in the first place then ask the U.K. Hilton to hand over the data, aka due process .

  2. Re:I don't see how MS can comply by jbolden · · Score: 3, Interesting

    The ruling applies to anyone doing business in the United States. So it would apply to European companies having a cloud that included the USA as well. What it will mean is either:

    a) Europe and the USA create a treaty covering this so there is black letter law
    b) There are not global clouds
    c) There is de-facto situation where the USA rules governing warrants are enforceable for most everyone and anyone not wanting to be subject to USA warrants needs to stay on Europe only cloud services.

    Microsoft has already hedged themselves in Europe by informing their customers that using Azure is agreeing to export and to not upload any data for which would be illegal to export. So legally they should be fine in Europe. I think they are very worried about (b) becoming the outcome. I just don't see it though. Apple, Google, IBM, Amazon... all face the same issue. Corporations want global clouds. They are probably on balance hostile to European privacy laws. The pressure is going to be applied to European governments to go towards (a) or (c).

  3. Re:Don't know what to think by Sique · · Score: 3

    The physical location of the data matters because of European Data Protection laws. Microsoft would run afoul of the laws of Ireland if they gave data stored on servers in Ireland to a third party without the actual owner of the data agreeing or a court order by an Irish court. The government lawyers obviously tried to argue that they don't need an Irish court, and the U.S. judge at first bought the argument. And now it seems as if the U.S. court might have changed its mind but want this to be sorted out by the higher court.

    --
    .sig: Sique *sigh*
  4. Re:I don't see how MS can comply by jbolden · · Score: 3, Informative

    The scope of jurisdiction in the ruling is clear cut. Physical presence on the USA. BTW there is no law. This has been existing law for two centuries. It is just being applied to computer data the same way it was to objects and paper historically. The difference is that law enforcement agencies didn't ask for multiple shipping containers full of paper documents but with big data search tools are perfectly comfortable asking for those kinds of quantities of electronic data.

  5. Re:Good! by jbolden · · Score: 2

    In terms of USA law the law enforcement agencies are using established international channels and legal orders. They aren't doing anything different from what they've done for decades. Microsoft is asking to do something different because the frequency and quantity as opposed to the previous situations with paper records is skyrocketing.

    Also it is important to understand that between WWI and the 1970s we lived in a world where governments were mostly mildly hostile to international trade. Governments were perfectly comfortable with lower levels of international trade and laws that mildly discouraged trade. You really have to look at the colonial age 1812-1914 to really have a period comparable to today where governments were strongly pro-trade.

  6. Re:Don't know what to think by Sique · · Score: 2

    I don't think you get the real problem. It's not about the export of data (which is not at issue here), it's disclosing private data to a third party. This doesn't mean export - even if the third party in question appeared in Ireland in front of the data center, this still would be illegal.

    --
    .sig: Sique *sigh*
  7. Microsoft has to fight this ... by gstoddart · · Score: 5, Insightful

    Because Microsoft will become persona non grata in Europe if they are required to hand over data to the US against local law.

    This has always been something people have warned about ... the PATRIOT act basically says "we can force any company to hand over your data from anywhere in the world, and we don't give a damn about your laws and it stays secret".

    So Microsoft is in the position of complying with the US government, and losing business elsewhere ... or telling the US government to shove it.

    When the US has decided their secret laws trump the laws of every other country, this was inevitable -- and people have been warning about this for years.

    I know many governments already basically say "you can't store government data in a US cloud service or on a US server" for exactly this reason.

    Basically, the US passed a law which put companies between a rock and a hard place. And now they have to choose between long term profits, or America's zeal for security.

    Quite frankly, the US needs to get slapped back down and told by the rest of the world not our fucking problem.

    --
    Lost at C:>. Found at C.
    1. Re:Microsoft has to fight this ... by mwvdlee · · Score: 4, Informative

      I know many governments already basically say "you can't store government data in a US cloud service or on a US server" for exactly this reason.

      Make that "you can't store government data on any server from any company doing any kind of business within the US".

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    2. Re:Microsoft has to fight this ... by Nemyst · · Score: 5, Funny

      You got that wrong, this is the US providing heavy stimulus for foreign companies creating their own cloud services. They're basically giving free reign to European providers, who do not own a single server in the US, and telling them to go ahead and dominate the market. Europeans should be thanking them, if anything!

    3. Re:Microsoft has to fight this ... by radarskiy · · Score: 4, Insightful

      Your arguement against the PARTIOT Act might be better received if reserved for a case that had anything to do with the PATRIOT Act.

      This is just an ordinary, everyday order for an entity to turn over information that it is known to possess, the only exceptional point is "because the Internet" and the various entities that multi-national corporations split themselves up into to have their cake and eat it too.

      Microsoft USA has acces to mail relevant ot the case. It have been moved to storage owned by a different Microsoft entity in Ireland. Since Microsoft USA has access to it it should be reasonable for a US court-order that correctly follows due process to require that Microsoft USA provide the mail to the court. Otherwise, multi-nationals could just play a shell game with all their data and never have to comply with any nation's court orders ever while single-nation corporations could never enjoy the same freedom.

      An alternative method could very well be for the US to file a request in a Irish court to get the Irish authorities to obtain the mail if the US can show that it is within Irish and EU law, etc. It is correct to say that the former method should not be preferred merely because it is more convenient, but if the for method is more convenient and also follows due process and is legal then objections need to be a little more thorough. On the other hand, since there is now an appeal it may no longer be more convenient that opening a request in an Irish court.

      It may be in the latter case that it is against Irish or EU law to provide the mail, though there is every any discussion about why this case would run afoul of any EU privacy protections, etc.. Note that this would not absolve Microsoft USA from any obligations to the US court. It may very well be possible that Microsoft in its structuring of its multi-national divisions has created a scenario where either one division is in violation of the law in one jurisdiction or another division is in violations of the law in another division and sine this would be a structuring that Microsoft deliberately created I do no see where I would feel sympathetic towards them.

    4. Re:Microsoft has to fight this ... by gstoddart · · Score: 2, Interesting

      Microsoft USA has acces to mail relevant ot the case. It have been moved to storage owned by a different Microsoft entity in Ireland. Since Microsoft USA has access to it it should be reasonable for a US court-order that correctly follows due process to require that Microsoft USA provide the mail to the court.

      So, your argument is that if Microsoft operates in North Korea, Iran, or any other country .. that those countries should also be able to force Microsoft to hand over any and all records on Americans if they see fit? Without showing probable cause in the the US or worrying about American laws?

      Or are you saying that only America gets to have extra-territorial laws because you're special?

      Which is it? Every court on the planet should be able to subpoena any record from a multinational because they want it? Or you're just so damned unique and awesome that it's only you?

      There's not really much middle ground here. Either it is a legal principle which would apply to any country ... or it isn't.

      And if it isn't, your argument is probably crap and reeks of exceptionalism.

      --
      Lost at C:>. Found at C.
    5. Re:Microsoft has to fight this ... by gstoddart · · Score: 2

      Sorry, but when your courts violate the law of the country in question ... it comes down to a measure of sovereignty.

      Are you suggesting that Microsoft is exempt from the laws of Ireland because a US court says so? Or that it's Microsoft's problem?

      Microsoft is saying "this isn't us, this is you, and can you really do this?".

      Srroy, but when abroad, you are subject to local laws. And a US court should not be able to compel someone to break the law in another country.

      What if an Irish court demanded that US laws be broken? Would you be outraged, or would you say that's how it's supposed to work?

      But, hey, I'm sure you believe America is different than everybody else, and therefore can do whatever they choose here.

      The rest of the world doesn't agree.

      --
      Lost at C:>. Found at C.
    6. Re:Microsoft has to fight this ... by jbolden · · Score: 2

      So, your argument is that if Microsoft operates in North Korea, Iran, or any other country .. that those countries should also be able to force Microsoft to hand over any and all records on Americans if they see fit? Without showing probable cause in the the US or worrying about American laws?

      Yes. This question keeps getting asked of Americans and the answer is yes. Americans don't use global cloud services for sensitive information that would be illegal to export. They use regulated private clouds.

  8. Re:I don't see how MS can comply by mwvdlee · · Score: 3, Informative

    Microsoft has already hedged themselves in Europe by informing their customers that using Azure is agreeing to export and to not upload any data for which would be illegal to export. So legally they should be fine in Europe.

    Just because they put something in a license, doesn't make it legal.
    For instance, EULA's are meaningless in a number of European countries.
    Also, contract do not trump law. So if there are laws that prohibit this, the contract (or atleast those specific terms) is invalid.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  9. Re:I don't see how MS can comply by jbolden · · Score: 3, Informative

    It is actually illegal. You can't deliberate engage in activities to make it more expensive or complex for law enforcement to search subpoenaed records. That's contempt of court.

  10. Re:I don't see how MS can comply by Frobnicator · · Score: 2

    It is actually illegal. You can't deliberate engage in activities to make it more expensive or complex for law enforcement to search subpoenaed records. That's contempt of court.

    Emphasis in your quote.

    As gets mentioned every time this story appears on slashdot, this is a warrant not a subpoena. The two are different tools. Both are used to find things but one is clean and neat, the other broad and aggressive. As a parallel, a subpoena is a scalpel and a warrant is a chainsaw.

    A subpoena says 'We know you have this specific information, provide it to us within a time frame'. They get subpoenas of this type all the time. There is no dispute a subpoena would get the document no matter where in the world Microsoft held it.

    A warrant says 'We will search for and take anything even remotely related to this, search it ourselves on our own terms.' When they demanded dumps of servers and copies of databases they were told the servers were in another nation and were not subject to a US warrant.

    As was discussed in the previous incarnations of this story, the warrants are rather broad demanding they turn over everything related to the email address and user in question even if it isn't related to a criminal investigation. They want it all, everything the user ever touched or potentially touched, everything sent to the user, everything related to the user. While government investigators can usually get that through a broad warrant, they cannot get that with a subpoena. A subpoena would give them the specific emails related to the crime under investigation, but it is quite likely they already have the specific documents they could ask for.

    --
    //TODO: Think of witty sig statement