Slashdot Mirror
Microsoft Continues To Resist US Warrant For Irish Data
Bruce66423 writes: Microsoft is back in court over the claim by the U.S. authorities that because it is a U.S.-based company, it can be ordered to ignore the rules of the countries it's operating in. "If the U.S. government is permitted to serve warrants on tech companies in the United States and obtain people's emails in any country, it will open the floodgate for other countries to serve warrants on tech companies for the private communications of American citizens that are stored in the United States in a data center owned by a foreign company," said Microsoft general counsel Brad Smith. Apple and other tech companies are fighting back as well. Actually, the U.S. firms may be missing a trick here; because the U.S. government charges a far higher rate of corporation tax than others do, U.S. companies are at a disadvantage. So it seems to make sense for the tech firms in the firing line to use this harassment as an excuse to move their domicile overseas... nothing to do with the tax advantages, honest! We're making a principled stand to resist government encroachment.
... just how many of these "hacker" groups actually work for the governments of the world and are getting what they want through the the hackers...
Your data just evaporated! Honest!
I agree with Microsoft here. On this issue, they are fighting the good fight.
>> Microsoft Continues To Resist US Warrant For Irish Data
Spoiler: every tenth word is "Guinness"
True but I expect that there is a strong financial incentive behind it. If the US government compels them to turn over the data in contravention of local laws it will not absolve their responsibility and culpability under those laws. Hence they will also most certainly get sued for damages by the people whose data they have illegally turned over as well as end up facing criminal fines for violating privacy laws.
Look no further than companies doing "double irish" tax evasion. Everytime they do it, the corporate taxbase in your area erodes and the costs of it get spread to you the homeowner. Yes, that's exactly how it works too. So you ought to think about it.
I'm sick of the overreaching by US government agencies. There are other countries, they don't have your laws and are not in any way subservient to you. Stop acting like you can do anything, to anyone, anywhere. Capitalism is good, the corporatism that America has spawned is bad. The submitter was right, you will just push these companies out of your jurisdiction. Then, other countries will start to get even more sick of your "one cent passed through an American bank so we can do anything we like to you"
From the article, the Feds maintain that ""With the benefits of corporate citizenship in the United States come corresponding responsibilities..." Now to me "corporate citizenship" sounded like an odd concept. But I guess in this day and age when Corporations are treated like other citizens (can vote with their wallet) then maybe it's not so alien a concept. It's interesting that the Feds focused on the corporation's citizenship, rather than say the citizenship of the C-level executives or other employees that have access to the data (whom they could presumably go after as well). It begs the question, what *are* benefits of being a "corporate citizen" of the US? It's not for the low taxes, as others have pointed out. If this is the stance that the US is going to adopt ("This is a US corporation so our laws take precedence over other countries' laws") then it makes sense for companies to shop around for the best county to become a citizen of.
Now they want to make it look legal. Tally ho...
“He’s not deformed, he’s just drunk!”
All of the giant tech companies (Google, M$, Amazon, etc) should all just buy a small island, call it the Republic of Tech, and then not have to listen to any gov't at all on how they run their business.
They should start selling beer in the US to 16 year olds and say "We are a Belgian company, so we abide to the Belgian laws, now fuck off."
They should start doing that in dry counties.
Don't fight for your country, if your country does not fight for you.
They'll never get me pot o gold!!!
Even a corporation were to move their domicile overseas, the US government could still argue that the corporation should be subject to US laws because they operate in the US (as well). However, if complying with law in the US means violating data protection laws of another country, we have a problem. The legal avenue that the US govt should really be pursuing is entering some sort of "data extradition" treaty with Ireland. Stop harassing the corporations, dammit!
Either pay your taxes or be treated like a foreign corporation that must be plundered.
Those are the choices.
-- Tigger warning: This post may contain tiggers! --
Are they protecting the privacy of their end-users or aren't they? Or is it that they don't want anyone else to abuse the personal data of their end-users? On the one hand they install spyware as parts of their OS, and on the other hand we have this.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
I found the comment in the summary about the corporate tax rate very deceptive and inappropriate for this article. Frankly, the U.S. corporate tax rate doesn't affect 94% of American businesses because they're considered pass through entities. In other words, most businesses are sole-proprietorships, partnerships, or S-corps, which pay exactly 0% corporate income tax:
http://taxfoundation.org/article/overview-pass-through-businesses-united-states
Simply, in a pass through organization, business income is considered and taxed as personal income modulo things like dividends is S-corps, which are still not assessed the corporate tax rate. In addition, the total net-income of pass-through organizations has exceeded that of C-corps, which are subject to the corporate income tax rate, but the number for the difference is smaller.
Mostly, I find the rhetoric that the summary uses, which implies that corporate taxes to be too high in the U.S., to be offensive. It's part of an ongoing effort to shift the tax liability and burden from large organizations onto small businesses. I own a small business and I lose roughly half of my income after expenses to tax and reducing the corporate tax rate has zero benefit for me. Further, off-shoring my company would still not save me much on taxes save state gross receipts tax. We're still all subject to state and federal income as well as FICA, which combined is still in the mid 40s percent.
make it every 5th word, and the word after begins with a "c"
For regular, non truck drivers this is accurate:
https://www.youtube.com/watch?v=qNxXego2D8A
You claim ' the U.S. corporate tax rate doesn't affect 94% of American businesses because they're considered pass through entities'. So? The point is that it's relatively small number LARGE companies that hit by the corporate tax - which is nothing to do with the fact that vast number of poxy little companies aren't. You regard my comment as offensive? Your's is a function of ignorance or a failure to read the statistics meaningfully.
If they don't comply, the US authorities will sue them.
If they do comply, the EU and the rest of the world's authorities will sue them.
That's an impossible legal situation that should never arise, ever. That's why jurisdiction exists.
And they have the cheek to say that China etc. are overbearing and overstepping the mark to spy on their citizens...
There are good arguments on both sides of this issue. One thing that should be understood is that the idea that US citizens have to obey the laws of the US does NOT require them to break the laws in other countries. The argument that this puts companies in an impossible position is deeply flawed, because it's actually the same as this argument :
I want to murder someone. ...
It's illegal the murder someone with poison.
It's illegal to murder someone with a knife.
It's illegal to murder someone with an ax.
Oh poor me, they've made it so there is no legal way to do what I want to do!
The obvious answer is of course "don't murder at all".
Similarly, if there is no legal way to do cloud storage of financial records in both the US and Germany at the same time, then legally you can't provide such a service. It's not an impossible position, it simply means that can't conveniently do exactly what they want to do.
What WOULD be legal would be to have an exclusive contract with a spinoff company called MsCloudEU , which operates in the EU and follows EU laws.
Besides financial issues, there are ownership problams and legal penalties to worry about.
it's perfectly plausible that at least the Irish courts will find that Microsoft doesn't own the customer's data, but merely controls it. Under that interpretation, they have a legal responsibility to protect it. In US judgements thus far, they're the owners and can use it for anything they feel like, but can also be ordered by a court to produce it.
They really want the US courts to say they don't have to produce it because it belongs to Ireland in some way. They definitely don't want the US courts to say they are holding customer's data and have limitations on what they can use it for.
Conflict of laws is a fun problem for a lawyer, and can produce lots of billable hours. It's much less fun for a client, and double-plus ungood for an importer, exporter or multinational. It's perfectly possible for a client to be required by law to do two contradictory things in two different countries while they wait for the courts to sort it out, and be fined by either or both courts for every day they obey the other.
--dave
davecb@spamcop.net
See, Microsoft has incorporated separate legal entities in those countries. They pretty much have to.
And, guess what? They still have to follow the same damned laws.
But that wholly owned subsidiary incorporated in Ireland for the sweet tax laws? It's subject to the damned laws of Ireland.
What the US is claiming is that Microsoft Ireland is under the legal jurisdiction of the US government. Which is complete fucking bullshit.
So, either MS is not in a position where they can offer this service and be compliant with the law ... or the US is attempting to claim to have extra-territorial laws.
But there is no sane argument in which the Irish data protection laws do not apply here.
Lost at C:>. Found at C.
And yet Microsoft were the first to sign up to PRISM to let NSA spy on email, and listen in on Skype conversations and messaging.
Me think this is for show. The EU politicians, which face it know they US can dig enough dirt to unseat them, want a show for the people that privacy rights are actually being enforced.
A little song and dance, knowing very well that all those emails are sent to Utah. But you can't admit it, because every business that is supposed to move their data into 'the cloud' wants to believe that somehow their privacy contract is an immutable bond!
I *would* agree with Microsoft on this one, except that it's a lousy test case, and likely to set a bad precedent.
What would be good to test in the courts -- and have protected by case law -- would be something like: Can a US court demand access to data generated by Notamericastan clients using a US-based software service that stores their logic in datacenters in Notamericastan. In this case, *some* of the data makes a roundtrip through US circuits, but generally the US company is providing logic for non-US clients in a non-US location with non-US data storage; is that enough for a US court to reach out and retrieve data that appears to be thoroughly out of its jurisdiction based on the contractual agreement of the client to use a US-based service? Would be nice to know.
But that's not what's at stake here. What appears to have happened is that some clever people in Redmond (US-based workers), working with some data submitted by non-US people, ended up working with intermixed US- and non-US-sourced data, and then the US-based workers decided to park the data on non-US servers in order to claim that it was out of US jurisdiction. IANAL, but that seems a lot like a guy speeding across a state line, and being surprised when the state trooper doesn't stop pursuit. This is not exactly good material for Brad to make a blustery moral stand. How does Msft think this turns out?
I think not...(*poof*)
The EU Data Protection Directive 95/46/EC makes it a criminal offence to disclose personal private data, this does include email.
The penalty is £500,000 per individual, this would rapidly mount up when applied to multiple people.
It's kind of inevitable that you can wind up in a "damned if you do, damned if you don't" situation.
Here's your problem: there are two guys, twenty feet apart, armed with knives. They're both free to move around in their area but they won't ever directly fight each other (or if they do, it'll be in subtle ways outside the scope of this problem). Whichever one you're standing closest to, is happy to stab you, though, unless you do whatever he says. But whoever is furthest from you, won't ever stab you unless you come closer, into his area (he has a knife, not a gun).
One of the guys with a knife says, "Go over to the other guy, and kick him in the shin. If you disobey, I will stab you." When you get near the other guy and get ready to kick him, though, he says "Don't kick me or else I will stab you. In fact, go over and kick that other guy in the shin. Now."
The only way to win is to not play. You need to get away from these guys.
Actually, the U.S. firms may be missing a trick here; because the U.S. government charges a far higher rate of corporation tax than others do, U.S. companies are at a disadvantage. So it seems to make sense for the tech firms in the firing line to use this harassment as an excuse to move their domicile overseas... nothing to do with the tax advantages, honest! We're making a principled stand to resist government encroachment.
Both are principled stands against government encroachment. There seems to be some background assumption that whatever the tax rate is in a given country of operation, that that is a good and holy and proper amount, and that to try to get out from under it (as opposed to just whining about it) is unpatriotic and greedy. How dare you try to keep more of the money you earned!
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Assuming that Microsoft looses the battle. The lawyers at Microsoft will probably have to ask someone else in the company in the US to actually copy the data. In doing so that person will have a choice, obey their manager and break European law, or refuse to carry out the data copy. That employee probably has a case for going to the HR department of Microsoft and complaining that their manager has asked them to commit a criminal act. Things could get very murky in Microsoft when it comes to finding an individual who is actually willing to violate European law. Note that by refusing to carry out the copy they are unlikely to be violating US law because as an individual the US court probably didn't call them out by name to actually do the copy.
The claim is that a wholly owned subsidiarity does not escape the demands of US law.
So if I make a business, and I HQ it out of Ireland, but I don't have anything but a PO Box and tax filings in Ireland. My servers are in the US. My staff is in the US. I am in the US. My revenue is generated in the US. My customers are in the US. My packaging and distribution is in the US, etc...
Then I should be exempt from US laws?
It would take some more digging, but giving the clearly biased summary, I'd wager there is more to this than just the Federal government trying to run roughshod over Irish law.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Does anyone really think that Microsoft is coming to the aid of everyday people and championing their right to privacy? MS cares about one thing and one thing only...money. This decision is all about money. If users get the feeling that MS is not standing up for them they will take their business (i.e. money) elsewhere.
Money. It's the same reason that corporations set up business in far off places so they can avoid paying their fare share of taxes. Taxes that support the rule of law that makes the US such a great place to have a business and protect capital.
Money. It's the same reason that corporations not only give large political donations, they give large donations to BOTH PARTIES. No matter who wins they get an IOU.
Money. The same reason that corporations stuff lawyers and HR drones on their payroll. So they don't get sued.
Money. The same reason that corporate layoffs are now a part of life. If you miss the earnings numbers for even one quarter out comes the axe. So what if 10,000 people lose their jobs. Fuck em. It's all about the money.
Microsoft operates a major data center in Ireland, like all the cloud providers do, and l'd bet they have a large tech support presence there as well, as many major tech companies do. It's not like they just have a PO Box: quite a bit of their EU business really is done from Ireland. It's the mix of low labor cost and tax incentives that works for many companies.
Socialism: a lie told by totalitarians and believed by fools.
an excuse to move their domicile overseas... nothing to do with the tax advantages, honest!
All US companies are welcome to become Dutch charities, to reflect their true social calling and business values.
That, and the legal obligation to store data of EU citizens within the EU or in a place that guarantees EU data protection requirements.
We need to fix the problem with the offshoring tax advantages.
They do nothing but take money out of the US economy and drive the taxes up for the rest of us. We need to make sure that it's a tax-disadvantage to claim that your billion-dollar company traded on a US Exchange is based out of a PO Box the Bahamas or Ireland.
That's not the situation here though. The Feds are asking Microsoft to order Irish based employees of Microsoft Operations Ireland Ltd to break the law in their own country. Those employees are obliged to refuse to carry out that instruction, and could claim damages from MS Ireland in the local courts.
Yes, for a wholly owned subsidiary, a part,of Microsoft which is fully controlled by Microsoft headquarters in the US, the US government has a potential claim. A separate spin-off company which has an exclusive contract with Microsoft, but isn't directly owned and controlled by Microsoft, would be in a much stronger position.
Microsoft CAN order the employees of a Microsoft subsidiary to turn over the data. They have no authority to order a separate, contracted company to do so.
A separately owned company with an exclusive contract would be significantly less convenient for Microsoft. Sometimes following different laws by operating in many countries is inconvenient.
That's the same kind of thinking that gives us a police state - assume everyone is guilty and act accordingly.
The "obvious" answer is one that allows ownership of poisons, knives, and axes, without having the state assume you're a murderer if you possess such items, and so they have the right to demand on a whim that you turn over all such items and records pertaining to said items. Yet still allow the state to have access to such records if they have reasonable evidence that a murder was committed with them.
Personally, I don't think the U.S. has any right to Microsoft's records stored overseas. If they have reason to believe Microsoft did something illegal and want access to data Microsoft is storing in Ireland, then they should present their evidence to Ireland, and Ireland can file the legal paperwork requiring Microsoft turn such records over to the U.S. The issue here is analogous to extradition - a crime (and evidence of it) was committed in one country, but the perpetrator is residing in another country. We already have extradition treaties to deal with such circumstances. We just need to update them to also cover digital records (evidence). The approach the U.S. is taking violates centuries of accepted legal precedent - a country cannot apply its laws outside its borders.
Yes this opens the possibility of some country like the Bahamas declaring they'll never "extradite" digital records to another country, and companies flocking to store their data their to hide it from government warrants. The proper response then would be for a country to ban companies storing data in the Bahamas from doing business in their country. The bigger headache is actually the criss-cross. Microsoft stores EU records in the U.S., and stores U.S. records in the EU, just to make it more difficult for both governments even if proper extradition treaties exist.
You're seriously misunderstanding the issue if you think this is about cloud storage. The data has to be stored somewhere, even if it's not accessible remotely. Even if Microsoft were only storing data pertaining to EU sales in the EU, the U.S. government's stance is that since Microsoft is a U.S. company, they can get access to that data. Even if giving the U.S. govt that data without an EU warrant violates EU privacy laws. Microsoft is put into a catch-22, where they must either violate U.S. law or violate EU law, and the only way to avoid the catch-22 is to do business in the U.S. or the EU, but not both. That's why the U.S. government's position on this is stupid. It's not a mere "inconvenience" as you seem to think it is.
1. These big computer companies reserve the right to spy on everybody on Earth all the time and do anything they want with the data they gather, without ANY form of warrant or "due process". When challenged, they point to a shrink-wrap license all users are forced to accept, ignoring both the fact that no contract was signed, and the old legal tradition that contracts signed under duress are void. In this case, THEY are served with legitimate warrants and THEY are being given due process; they just assume that being both digital and "multi-national" means they can avoid the laws of any nation by rapidly moving digital data from nation to nation and jurisdiction to jurisdiction.
2. The leaders of Microsoft and Apple have long associated themselves with the left-of-center Democrats and all-powerful government philosophy; if THEY want big government that can bully the public on all aspects of their lives, then they get to suffer a little bullying too. Of course, like all good leftist advocates they just ASSUME that the rules will apply to everybody else but not them. If a government is only big enough to provide the national defense and keep trade between the states regular, it has no time or resources to do other junk, but when you give it unlimited resources and power over everything, there is no limit to what it will do.
The only people who have a moral right to complain here are the customers of these companies whose data might be seized in this action without they themselves (as opposed to these companies) getting a warrant and due process. Of course, here again I see little grounds for THEM complaining since they freely parked their data in these companies with no assurance the data would not be used and abused like crazy...
The moral of this story is: If you do not have physical control of your data, it's not actually your data anymore. "Cloud" users are fools.
> Microsoft is put into a catch-22, where they must either violate U.S. law or violate EU law
> to avoid the catch-22 is to do business in the U.S. or the EU, but not both. That's why the U.S. government's position on this is stupid.
The position of the US government in this particular case may be stupid. Or not. That depends on more specific facts than are generally considered on Slashdot.
It's NOT an impossible situation, not a catch-22. As you admitted, one way to follow the laws is to completely separate the EU customer service business from the USA business, so that Microsoft US doesn't have access to the details about EU customers. That's not convenient, but it is POSSIBLE. It might put Microsoft in a position they'd not prefer, but it's not an IMPOSSIBLE position. It's much harder because apparently Microsoft's lawyers didn't plan on following the laws of the countries they are in, which requires separating the entities. They didn't have the foresight to see that EU law may require something different from US law. We can learn from this that if you want to have international operations where regulations are highly likely, you should compartmentalize your business, so that you CAN separate them without too much pain.
So if I want to hide data, whatever that might be, say Hillary's email, or my actual financial books (vs the ones I show the IRS) , I can spin up a disk in another country and hide my data there? SWEET....
If the data is stored in a data centre in Ireland, why cant they use Irish law (and work with Irish law enforcement if necessary) to get this information?
Microsoft wouldn't be in this position if there was no data in the first place.
I love that they are now between a rock and a hard place. Why are they even collecting user data that can be requested.
They shouldn't have collected the data, but now that they have it, they are screwed, one way or another.
Fuck them. Fuck them hard. From both sides.
Shouldn't have collected user data.
If you want to murder someone these days, you simply set them up so that either the police or armed forces kill them for you.
It's not terribly difficult to arrange these days, in the world of "terror" with "shoot first" and targeted assassinations.
Problem solved !
According to Microsoft:
You can't just guess that Microsoft just has a shell company in Ireland and then use that guess to condemn them. Well, you can, but it just makes you look ridiculous. Your obvious ignorance of EU data protection laws also doesn't help you look particularly sensible.
Microsoft is fighting a pretty straightforward fight here. There are large ramifications, most negative, for a loss.
Here's the EFF, staunchly advocating for Microsoft on this issue:
https://www.eff.org/deeplinks/...
My example was a hyperbole to demonstrate how international headquarters are used to avoid local regulations. Microsoft has been guilty of this many times over. They expatriate US revenues to avoid paying taxes on it, they expatriate R&D and patents to avoid US export controls, etc...
Also, do you realize that that staff represents less than 1% of Microsoft's personnel, right?
If the US is going after EU citizen data that is held on servers in the EU, that is communicated over networks that exist in the EU, then yeah, I'm fully on board, the US can get bent.
But if Microsoft is saying "We're not going to comply with the US because we're an Irish company" they're full of shit.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Unlike Capitalism, Globalization is a giant Pyramid scheme and Zero-sum WITHOUT https://en.wikipedia.org/wiki/... AND http://worldif.economist.com/a...
Casteism