Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Moves Non-US Accounts To Ireland, and Away From the NSA

Posted by timothy on from the be-right-over-here-guys dept.

Mark Wilson writes Twitter has updated its privacy policy, creating a two-lane service that treats U.S. and non-U.S. users differently. If you live in the U.S., your account is controlled by San Francisco-based Twitter Inc, but if you're elsewhere in the world (anywhere else) it's handled by Twitter International Company in Dublin, Ireland. The changes also affect Periscope. What's the significance of this? Twitter Inc is governed by U.S. law; it is obliged to comply with NSA-driven court requests for data. Data stored in Ireland is not subject to the same obligation. Twitter is not alone in using Dublin as a base for non-U.S. operations; Facebook is another company that has adopted the same tactic. The move could also have implications for how advertising is handled in the future.

21 of 153 comments (clear)

  1. Except... by GoddersUK · · Score: 5, Informative

    ...it's been done before and didn't work.

    1. Re:Except... by onepoint · · Score: 3, Informative

      I have a very general answer to this which if you research will lead to the exact answer.
      Companies in the USA are allowed to have subsidiaries ( look up the structure of any international bank )
      Subsidiaries are governed by local law and pass the profits up the chain.

      the government can not request a subsidiary outside of it's jurisdiction to hand over personal information
      ( maybe some other things, but not personal information )

      to carry this issue to the extreme ...
      Please see what Argentina did to citi bank recently (2015)
      Please see what NY ( 1996 to 2002 ) and the USA (last 6 years) did to Swiss banking
      NY told the Swiss ( in summary ) If you got nazi loot you can not do business with NY, Swiss banking replied by opening subsidiaries to handle NY business
      Swiss replied to the USA ... here are all the Americans that have accounts with us, you figure out who is evading taxes.

      --
      if you see me, smile and say hello.
    2. Re:Except... by AmiMoJo · · Score: 2

      The issue in that case is that a court has ordered access, it's not a problem with NSA hacking.

      I welcome this move. As a European it protects my privacy a little more. It also punishes the US economically for the actions of the NSA, and unfortunately money is the only language they seem to understand. It's a shame GCHQ's actions are not having quite as dramatic effect on the UK, but for my part I have now moved all my servers overseas so there's a few quid gone.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Except... by Cederic · · Score: 2

      Hmm. How about my name, my email address, the person that referred me to twitter, the people with whom I've exchanged private messages, the contents of those messages, the IP addresses that I connect from, the adverts shown to me and the ones on which I clicked.

      I'm also sure my boss wont get fined if I disable his backdoor. But thanks for the gold star.

  2. Really? by argStyopa · · Score: 5, Funny

    "....away from the NSA."

    Ha ha ha ha ha, yeah, that was +1, hilarious.

    -The NSA

    --
    -Styopa
  3. Re: Proxy or VPN by Anonymous Coward · · Score: 2, Insightful

    If you are worried about privacy why are you using Twitter at all? The mind boggles.

  4. This Probably Won't Work... by NicBenjamin · · Score: 5, Insightful

    The NSA doesn't have jurisdiction over twitter because some complicated rule of international legal procedure says it does, it has jurisdiction in the US because US Courts can order US Cops to arrest the Twitter employees who refuse to hand them information. Microsoft has tried this, and while I don't think they've officially lost yet, it's very difficult for me to see a reason for them to win. The Constitution is silent on the matter of what happens when Court Orders affect people in other countries, which means there's absolutely no reason for them to give a shit about jurisdiction. In fact in several cases the US has sent Agents into foreign countries secretly, arrested/spied upon/etc. private citizens against the laws of those countries, and when they've gotten back to the US the Courts have said "great, the bad guy's fucked, when can you arrange a chump public defender so we can schedule the execution?"

    OTOH, it's likely this is all PR because European customers live in places where the Constitution spends a half-goddamn page describing the precise geographic limits of it's jurisdiction. They don't understand that a) when our Constitution was written a good 90% of the land mass of the US was somebody else's, b) no we did not amend the damn thing with the Gadsden Purchase, and c) the whole damn thing's supposed to be on a single page.

    It's also an interesting defense of their Irish tax strategy. "Of course we pay the ridiculously low Irish tax rate. We'd pay the US Tax Rate, but the NSA Gestapo would demand access to our servers."

    1. Re:This Probably Won't Work... by AmiMoJo · · Score: 2

      Microsoft's mistake seems to have been allowing its US staff to access those servers at all. If Twitter can arrange it so that US staff simply cannot get access then it seems like they would be safe, because the law in the US can only require a person to hand over something they have. At least that's my understanding of it, perhaps someone can correct me but I think the onus would be on the government to show that the US staff have the information it wants.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:This Probably Won't Work... by david_thornley · · Score: 2

      Except that this isn't the same sort of thing as the Microsoft affair.

      In the Microsoft affair, Microsoft USA had direct access to the data stored in Ireland. A US court can order a US company to deliver whatever data they can lay their hands on. If this was illegal in Ireland, it seems to me that Microsoft Ireland may have violated Irish law by allowing full access to another entity.

      There's absolutely no point in trying to restrict access to people's tweets, because (unlike email) they're generally published. The information a court would order gathered is something like who is behind that tweeter, IP address the tweet came from, that sort of thing, which Twitter USA doesn't need access to. If it's kept in Ireland by a separate company, and kept private there, Twitter USA wouldn't be able to access it without positive action from Twitter Ireland, which may well be illegal.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  5. Get out of Dodge by tomhath · · Score: 5, Insightful

    Nothing more than a tax dodge with good PR spin.

    1. Re:Get out of Dodge by Anonymous Coward · · Score: 5, Informative

      Yep, Ireland is a favourite country for shuffling money through to avoid paying tax, to the point where this sort of corporate structure even has its own wikipedia page.

  6. Re:What the fuck is "Periscope"? by Anonymous Coward · · Score: 2, Informative

    Umm, Ireland isn't in the UK you know ...

  7. NSA = No Sales for Americans by Anonymous Coward · · Score: 2, Insightful

    A secret agency like the NSA does not need to be well-managed, because everything it does can be hidden.

    A good indication of the quality control of the NSA is that Snowden, an employee of a contractor, was able to steal a huge amount of data.

  8. Re:What the fuck is "Periscope"? by Anonymous Coward · · Score: 3, Insightful

    That is an entirely orthoganal issue. Poster was conflating UK and RoI, GCHQ and G2. These are simple factual errors and unrelated to any speculation about activities that national security services engage in OUTSIDE their own sovereign states. Now go and put your tin foil hat back on.

  9. Re:What the fuck is "Periscope"? by monkeyzoo · · Score: 3

    Oh, oops. Well, thanks for the correction. :-)

  10. Re:GCHQ by Intrepid+imaginaut · · Score: 4, Informative

    GCHQ has no jurisdiction in Ireland. Different country, not part of the UK and all that.

  11. Technically, probably not a good move to dodge NSA by ashpool7 · · Score: 5, Insightful

    If we pretend that laws mean something...

    then they would be *safer* here in the USA where the NSA is not allowed to spy on them, because it's
    A: in the USA (FBI territory, right?)
    B: whoever it is would need a warrant.

    Now, the NSA can do whatever they want, because they're completely
    A: outside of the USA
    B: totally foreign SIGINT

  12. Re:Data in Ireland by swb · · Score: 4, Insightful

    The beer may have been better over there 30 years ago, but there's no way that's true now. In most places in the US you can't swing a dead cat without hitting half a dozen craft brewers making outstanding beer. You literally can't sample what's available in liquor stores fast enough and a lot of it is really good.

    I don't know if this is a trend that has been embraced by Ireland or not, but I would imagine that in many Irish brands suffer from what many "traditional" European beer brands are no different than most American beer brands -- owned by conglomerates, brewed on industrial scales. Maybe it makes you feel more exclusive to drink Harp over Buweiser, but I'm pretty sure its moslty psychological.

  13. This helps the NSA. by carton · · Score: 2

    The NSA isn't supposed to spy on Americans, but if the logs are in Ireland, and are in Ireland _because_ they relate to non-US users, then the NSA is definitely allowed to get them. They can also collect data in transit more freely if both ends are outside the US, or if one end is in Ireland. This looks like a move to give NSA more freedom to spy on European Twitter users by segregating the Americans. Also, if politics in the US goes well, NSA will have less freedom to spy on Americans. This move is bet-hedging: if US politics turn anti-authoritarian, NSA won't lose as much access to Europeans because they'll be better segregated.

    To judge this move correctly, you need to list all the forms of government surveillance: what organization is requesting data, why does that organization request it, is it possible to refuse the request. This is all secret, though. It's not even possible to disclose the request. The transparency reports Twitter and Google release aren't detailed enough because the government won't allow them to be, and has structured what they're allowed to release to limit debate on the methods and intentions of the government. The more interesting information requests, like the one Calyx received, have more of the now-standard threat-backed secrecy requirements around them than less interesting requests, so the outliers that should be driving debate are carefully hidden. There's no way for the public to judge the usefulness of what Twitter did. Twitter themselves has a better idea, but still not a very good idea.

    I think the Europeans are less rational about this than the Americans.

    - they think there's no first-world population-control surveillance in Europe just because their spy agencies haven't had a leaker yet. NSA leaks should tell them how stupid an assumption this is, and they should be embarrassed it took the idealism of an American to expose their own authoritarianism indirectly. Instead, they are like, "oh Americans are so authoritarian. Thank God I'm European." pretty smug, guys.

    - they don't make a connection between surveillance and power. For example, NSA spies on Europeans, finds the leaders of a globalization protest movement, shares the information with GCHQ, and the leaders are detained at immigration in London until the protest is over. This is a low-hanging-fruit anti-democratic way that surveillance has been used in the past, and is a task at which bulk surveillance is good because it can reveal the structure of networks (ex. the Paul Revere metadata attack http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/ ). But it's the connection between the surveillance and the detention that matters. Instead they're worried abstractly whether they're "watched" or not. Why would an American be worried if the Stasi had a file on them? It's a problem, though, if Stasi shares their files with FBI, which in this case, they do.

    - their fears aren't proportionate. For example, some European sysadmins I spoke to fear the FISA court will approve a warrant to collect industrial espionage data through PRISM. Is this possible? Yes: the court is a rubber stamp, and if it weren't a rubber stamp it's also within spy agency skill to ask questions and disguise their goal, ex. "we think this top engineer at Xerox is into child porn so please give us complete copy of his work email." Is the fear proportionate, though? No: US is generally less corrupt than Europe when doing international business, the French in particular are notorious for industrial espionage, and there is a poor match between PRISM and industrial espionage so that US would probably use a different program and method, like exploiting employees' phones and laptops, or bribing emloyees in traditional GRU-style. For the former attack, the European response (self-host everything rather than using Google/MS/etc.) makes them more vulnerable to industrial espionage, not less. However constructing this fear provides a pretense for retaliatory

  14. Re:What the fuck is "Periscope"? by Max_W · · Score: 2

    ...China, or maybe Russia ... are nothing more than a 3rd world country trying to hide that fact...

    China and Russia adopted the metric systems still in the early 20th century. Printing press, periodical system of elements, space flight, and many other significant humanity-scale scientific and engineering breakthroughs were made in those parts.

  15. Re:GCHQ by Intrepid+imaginaut · · Score: 2

    By that rationale the CIA has jurisdiction in Beijing.

    Jusrisdiction does not mean what you think it means.