Slashdot Mirror

← Back to Stories (view on slashdot.org)

Proposed Law Would Limit US Search Warrants For Data Stored Abroad

Posted by timothy on from the step-in-the-right-direction dept.

An anonymous reader writes On Thursday, a bipartisan law was introduced in the Senate that would limit US law enforcement's ability to obtain user data from US companies with servers physically located abroad. Law enforcement would still be able to gain access to those servers with a US warrant, but the warrant would be limited to data belonging to US citizens. This bill, called the LEADS Act (PDF), addresses concerns by the likes of Microsoft and other tech giants that worry about the impact law enforcement over-reach will have on their global businesses. Critics remain skeptical: "we are concerned about how the provision authorizing long-arm warrants for the accounts of US persons would be administered, and whether we could reasonably expect reciprocity from other nations on such an approach."

6 of 131 comments (clear)

  1. Black letter law by jbolden · · Score: 4, Informative

    Well certainly anything that moves this from precedent and complexities of corporations winging it to black letter law would be a net gain. The role of search warrants and how to handle international issues should be between the USA government and the EU. Tech companies should just be following the law. I think everyone agrees the stored communication act (1986) needs updating

    Now a few points:

    Europeans keep citing European laws Microsoft's council has not been able to show that there was any Irish law in conflict with the previous warrants: Second, while many media reports have claimed that the decision was contrary to foreign privacy laws protecting the requested emails, it was clear from the transcript that Microsoft never raised such a conflict of law. (“Microsoft . . . has not been able to point to any specific provision of Irish law that in any way forbids it from handing the data over.”) Some commentators claimed that the data must be subject to foreign privacy protections because Ireland is part of the European Union, and thus the data must be subject to the European Data Protection Directive. However, what they failed to appreciate is that the European Data Protection Directive, by itself, is not legally binding. It needs to be ratified as national law by each member state. As a result, there are variations across the member states as to what is allowed and what is prohibited. Accordingly, the impact of an actual conflict of law on future warrants remains undecided.

    Moreover the issue was always that USA people had control of the data: because Microsoft could access and retrieve the requested documents from a terminal within the United States, even though the actual search and retrieval would occur abroad, the data was still under Microsoft’s control in the United States, and thus properly subject to the SCA warrant.

  2. Re:Citizens affected but not Companies?! by WWJohnBrowningDo · · Score: 3, Informative

    The submitter added that on their own. The bill applies to all US persons, i.e., all citizens, permanent residents, and corporate entities.

    From the actual text of the bill:

    The term ‘United States person’ means a citizen or permanent resident alien of the United States, or an entity or organization organized under the laws of the United States or a State or political subdivision thereof.’

    The word "citizen" doesn't even occur in the article.

  3. Re:Citizens affected but not Companies?! by NicBenjamin · · Score: 3, Informative

    You're reading it wrong.

    Currently the US Government can get a warrant for anyone's data, and US-Based companies must comply or the Courts will seriously fuck them over. The NSA actually has warrants issued by the FISA Court covering all non-US Citizens (yes, I know lots of people thing the warrant is BS, but the simple fact is the Courts disagree with you, and in the US being right when the Courts are wrong doesn't get you jack-squat. Just ask Dredd Scott). Which means that if you're a German, and you're concerned about the NSA, you probably ain't gonna use Yahoo for jack-shit.

    This rule would make it impossible for the Courts to order Yahoo to turn over data on that German, as long as the data is stored on Yahoo servers outside the US.

    I'm kind of curious as to how this is supposed to work legally. The Fourth Amendment is controlling in the granting of warrants, and it only includes roles for the Executive (asking for a warrant) and the Judicial (granting the warrant). If Obama has probable cause that Yahoo used timd977 is shipping Heroin in from Russia, then the Courts are gonna grant the warrant. Then when Yahoo says "Fuck you, we've got this statute," it's totally irrelevant. The Warrant is valid under the Fourth Amendment,which means Yahoo is by definition in contempt of Court if it refuses to hand the government the data.

    I'm not a lawyer, or a specialist in criminal law, so it's possible the Courts have to look at statutes governing probable cause before granting warrants, or can't hold people in contempt unless a statute specifically gives them permission, or something like that. But it just seems to me that if the US Constitution's Separation of Powers mean anything it's that a) Congress can't just pass a law saying the Executive Branch has fewer powers then it is granted by the Constitution, and b) no statute can stop the Courts from penalizing people who disobey them.

  4. The horses are back from the taxidemist. by pupsocket · · Score: 4, Informative

    This bill is supposed to persuade foreigners that the United States does not gather data on them, because they aren't included in the warrants.

    Well, the NSA and the CIA and other like agencies don't need warrants to gather information abroad, so this law is just a fuzzy stuffed toy to provide false comfort.

    What are the Germans going to think? "Oh, what a relief, I am secure knowing that the United States of America spies only on its own citizens."

    This bill clarifies that an American corporation colluding in surveillance of foreigners does so with the latitude and secrecy of an intelligence agent.

    Meanwhile, it affirms the US Government's power to ensure that the people are not secure from unreasonable searches.

  5. Re: Citizens affected but not Companies?! by PPH · · Score: 4, Informative

    Each statue defines 'US Person' differently. Some are far reaching and define it to be anyone resident or doing business in the USA. Others have a more restricted definition. For the purpose of ITAR, for example, you can become a non US Person simply by being an employee of a foreign company. Even if you are a US citizen and reside within the USA.

    Simple explaination: You need to ask a lawyer.

    --
    Have gnu, will travel.
  6. Encrypt, encrypt, encrypt... by flyingfsck · · Score: 4, Informative

    Encrypt everything you can, always, everywhere. Even bad encryption will slow the spies down and increase their costs.

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!