Slashdot Mirror
Proposed Law Would Limit US Search Warrants For Data Stored Abroad
An anonymous reader writes On Thursday, a bipartisan law was introduced in the Senate that would limit US law enforcement's ability to obtain user data from US companies with servers physically located abroad. Law enforcement would still be able to gain access to those servers with a US warrant, but the warrant would be limited to data belonging to US citizens. This bill, called the LEADS Act (PDF), addresses concerns by the likes of Microsoft and other tech giants that worry about the impact law enforcement over-reach will have on their global businesses. Critics remain skeptical: "we are concerned about how the provision authorizing long-arm warrants for the accounts of US persons would be administered, and whether we could reasonably expect reciprocity from other nations on such an approach."
Well certainly anything that moves this from precedent and complexities of corporations winging it to black letter law would be a net gain. The role of search warrants and how to handle international issues should be between the USA government and the EU. Tech companies should just be following the law. I think everyone agrees the stored communication act (1986) needs updating
Now a few points:
Europeans keep citing European laws Microsoft's council has not been able to show that there was any Irish law in conflict with the previous warrants: Second, while many media reports have claimed that the decision was contrary to foreign privacy laws protecting the requested emails, it was clear from the transcript that Microsoft never raised such a conflict of law. (“Microsoft . . . has not been able to point to any specific provision of Irish law that in any way forbids it from handing the data over.”) Some commentators claimed that the data must be subject to foreign privacy protections because Ireland is part of the European Union, and thus the data must be subject to the European Data Protection Directive. However, what they failed to appreciate is that the European Data Protection Directive, by itself, is not legally binding. It needs to be ratified as national law by each member state. As a result, there are variations across the member states as to what is allowed and what is prohibited. Accordingly, the impact of an actual conflict of law on future warrants remains undecided.
Moreover the issue was always that USA people had control of the data: because Microsoft could access and retrieve the requested documents from a terminal within the United States, even though the actual search and retrieval would occur abroad, the data was still under Microsoft’s control in the United States, and thus properly subject to the SCA warrant.
This bill is supposed to persuade foreigners that the United States does not gather data on them, because they aren't included in the warrants.
Well, the NSA and the CIA and other like agencies don't need warrants to gather information abroad, so this law is just a fuzzy stuffed toy to provide false comfort.
What are the Germans going to think? "Oh, what a relief, I am secure knowing that the United States of America spies only on its own citizens."
This bill clarifies that an American corporation colluding in surveillance of foreigners does so with the latitude and secrecy of an intelligence agent.
Meanwhile, it affirms the US Government's power to ensure that the people are not secure from unreasonable searches.
Each statue defines 'US Person' differently. Some are far reaching and define it to be anyone resident or doing business in the USA. Others have a more restricted definition. For the purpose of ITAR, for example, you can become a non US Person simply by being an employee of a foreign company. Even if you are a US citizen and reside within the USA.
Simple explaination: You need to ask a lawyer.
Have gnu, will travel.
Encrypt everything you can, always, everywhere. Even bad encryption will slow the spies down and increase their costs.
Excuse me, but please get off my Pennisetum Clandestinum, eh!