Slashdot Mirror
Microsoft Continues To Resist US Warrant For Irish Data
Bruce66423 writes: Microsoft is back in court over the claim by the U.S. authorities that because it is a U.S.-based company, it can be ordered to ignore the rules of the countries it's operating in. "If the U.S. government is permitted to serve warrants on tech companies in the United States and obtain people's emails in any country, it will open the floodgate for other countries to serve warrants on tech companies for the private communications of American citizens that are stored in the United States in a data center owned by a foreign company," said Microsoft general counsel Brad Smith. Apple and other tech companies are fighting back as well. Actually, the U.S. firms may be missing a trick here; because the U.S. government charges a far higher rate of corporation tax than others do, U.S. companies are at a disadvantage. So it seems to make sense for the tech firms in the firing line to use this harassment as an excuse to move their domicile overseas... nothing to do with the tax advantages, honest! We're making a principled stand to resist government encroachment.
... just how many of these "hacker" groups actually work for the governments of the world and are getting what they want through the the hackers...
I agree with Microsoft here. On this issue, they are fighting the good fight.
>> Microsoft Continues To Resist US Warrant For Irish Data
Spoiler: every tenth word is "Guinness"
True but I expect that there is a strong financial incentive behind it. If the US government compels them to turn over the data in contravention of local laws it will not absolve their responsibility and culpability under those laws. Hence they will also most certainly get sued for damages by the people whose data they have illegally turned over as well as end up facing criminal fines for violating privacy laws.
Capitalism is good, the corporatism that America has spawned is bad.
somehow capitalists become angels and good citizens when they do it to other people
From the article, the Feds maintain that ""With the benefits of corporate citizenship in the United States come corresponding responsibilities..." Now to me "corporate citizenship" sounded like an odd concept. But I guess in this day and age when Corporations are treated like other citizens (can vote with their wallet) then maybe it's not so alien a concept. It's interesting that the Feds focused on the corporation's citizenship, rather than say the citizenship of the C-level executives or other employees that have access to the data (whom they could presumably go after as well). It begs the question, what *are* benefits of being a "corporate citizen" of the US? It's not for the low taxes, as others have pointed out. If this is the stance that the US is going to adopt ("This is a US corporation so our laws take precedence over other countries' laws") then it makes sense for companies to shop around for the best county to become a citizen of.
Now they want to make it look legal. Tally ho...
“He’s not deformed, he’s just drunk!”
They should start selling beer in the US to 16 year olds and say "We are a Belgian company, so we abide to the Belgian laws, now fuck off."
They should start doing that in dry counties.
Don't fight for your country, if your country does not fight for you.
All of the giant tech companies (Google, M$, Amazon, etc) should all just buy a small island, call it the Republic of Tech, and then not have to listen to any gov't at all on how they run their business.
the whole island will catch fire and burn to a cinder and there won't be any fire equipment to stop it
They'll never get me pot o gold!!!
Even a corporation were to move their domicile overseas, the US government could still argue that the corporation should be subject to US laws because they operate in the US (as well). However, if complying with law in the US means violating data protection laws of another country, we have a problem. The legal avenue that the US govt should really be pursuing is entering some sort of "data extradition" treaty with Ireland. Stop harassing the corporations, dammit!
Either pay your taxes or be treated like a foreign corporation that must be plundered.
Those are the choices.
-- Tigger warning: This post may contain tiggers! --
You do realize that companies don't pay tax, right? If taxes are high, they cut wages or outsource, they cut dividends to shareholders, or they raise prices. Unless it's a company whose customers are primarily foreigners, you end up paying, either way.
Oh, sorry, no, obviously you don't.
I do, which is why I noted "double irish". You point out tax breaks they get from local and state governments also as another way of evading their portion of taxation. When it's time to actually start paying, they don't (if say they were given a "10 years no taxes" deal). These companies don't buy plant, property, and equipment. They lease. Those leases time out by the time the tax break they were given by gov't. expire and they take off, never paying taxes at all. This also takes the jobs out of the area also, furthering tax burdens and not as many tax payers anymore either as a result of that too.
Are they protecting the privacy of their end-users or aren't they? Or is it that they don't want anyone else to abuse the personal data of their end-users? On the one hand they install spyware as parts of their OS, and on the other hand we have this.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
You claim ' the U.S. corporate tax rate doesn't affect 94% of American businesses because they're considered pass through entities'. So? The point is that it's relatively small number LARGE companies that hit by the corporate tax - which is nothing to do with the fact that vast number of poxy little companies aren't. You regard my comment as offensive? Your's is a function of ignorance or a failure to read the statistics meaningfully.
If they don't comply, the US authorities will sue them.
If they do comply, the EU and the rest of the world's authorities will sue them.
That's an impossible legal situation that should never arise, ever. That's why jurisdiction exists.
And they have the cheek to say that China etc. are overbearing and overstepping the mark to spy on their citizens...
There are good arguments on both sides of this issue. One thing that should be understood is that the idea that US citizens have to obey the laws of the US does NOT require them to break the laws in other countries. The argument that this puts companies in an impossible position is deeply flawed, because it's actually the same as this argument :
I want to murder someone. ...
It's illegal the murder someone with poison.
It's illegal to murder someone with a knife.
It's illegal to murder someone with an ax.
Oh poor me, they've made it so there is no legal way to do what I want to do!
The obvious answer is of course "don't murder at all".
Similarly, if there is no legal way to do cloud storage of financial records in both the US and Germany at the same time, then legally you can't provide such a service. It's not an impossible position, it simply means that can't conveniently do exactly what they want to do.
What WOULD be legal would be to have an exclusive contract with a spinoff company called MsCloudEU , which operates in the EU and follows EU laws.
Capitalism is neither good or bad. It is inanimate "thing". People are good or bad. Most people act good most of the time. Some people don't. Some people act "legal" but are bad, some people act "illegal" but are otherwise good.
The problem is, we have legal system being built on "emotion" rather than on facts. Gay Marriage is a great example. Can anyone tell me where in the constitution the Federal Government has a right to force people to accept contracts between two unrelated people? This has noting to do with homosexuality at all, it has to do with the government defining who can and cannot enter into a contract. And unless I can marry my Mom or Daughter or Brother, or two wives or .... then by definition, the government STILL is defining marriage. And if the government can define marriage, then it has every right to define it any way it wants. Period.
However, since EMOTION is ruling here, and Homosexuals are all emotional about re-defining marriage, our legal system has started to collapse under such silly emotional arguments.
BTW, "hate" is an emotion, so if you label me a hater, then you're making my case for me.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Besides financial issues, there are ownership problams and legal penalties to worry about.
it's perfectly plausible that at least the Irish courts will find that Microsoft doesn't own the customer's data, but merely controls it. Under that interpretation, they have a legal responsibility to protect it. In US judgements thus far, they're the owners and can use it for anything they feel like, but can also be ordered by a court to produce it.
They really want the US courts to say they don't have to produce it because it belongs to Ireland in some way. They definitely don't want the US courts to say they are holding customer's data and have limitations on what they can use it for.
Conflict of laws is a fun problem for a lawyer, and can produce lots of billable hours. It's much less fun for a client, and double-plus ungood for an importer, exporter or multinational. It's perfectly possible for a client to be required by law to do two contradictory things in two different countries while they wait for the courts to sort it out, and be fined by either or both courts for every day they obey the other.
--dave
davecb@spamcop.net
Look no further than companies doing "double irish" tax evasion.
It is not "tax evasion" if it is legal. It is absurd to make something legal, and then complain when corporations do it. If you don't like our tax laws, then complain to your congressman, not about Microsoft.
Capitalism is good, the corporatism that America has spawned is bad.
With apologies to Winston Churchill, Capitalism is the worst form of economic system, except for all the others.
Capitalism is a tool. It is only as good or bad as the use it is put to. There is nothing magical about that causes it to only ever produce desirable results.
Ideology: A tool used primarily to avoid the bother of thinking.
See, Microsoft has incorporated separate legal entities in those countries. They pretty much have to.
And, guess what? They still have to follow the same damned laws.
But that wholly owned subsidiary incorporated in Ireland for the sweet tax laws? It's subject to the damned laws of Ireland.
What the US is claiming is that Microsoft Ireland is under the legal jurisdiction of the US government. Which is complete fucking bullshit.
So, either MS is not in a position where they can offer this service and be compliant with the law ... or the US is attempting to claim to have extra-territorial laws.
But there is no sane argument in which the Irish data protection laws do not apply here.
Lost at C:>. Found at C.
When they push the boat off, do they say, "Floot away, ya fair-ay?"
I *would* agree with Microsoft on this one, except that it's a lousy test case, and likely to set a bad precedent.
What would be good to test in the courts -- and have protected by case law -- would be something like: Can a US court demand access to data generated by Notamericastan clients using a US-based software service that stores their logic in datacenters in Notamericastan. In this case, *some* of the data makes a roundtrip through US circuits, but generally the US company is providing logic for non-US clients in a non-US location with non-US data storage; is that enough for a US court to reach out and retrieve data that appears to be thoroughly out of its jurisdiction based on the contractual agreement of the client to use a US-based service? Would be nice to know.
But that's not what's at stake here. What appears to have happened is that some clever people in Redmond (US-based workers), working with some data submitted by non-US people, ended up working with intermixed US- and non-US-sourced data, and then the US-based workers decided to park the data on non-US servers in order to claim that it was out of US jurisdiction. IANAL, but that seems a lot like a guy speeding across a state line, and being surprised when the state trooper doesn't stop pursuit. This is not exactly good material for Brad to make a blustery moral stand. How does Msft think this turns out?
I think not...(*poof*)
The EU Data Protection Directive 95/46/EC makes it a criminal offence to disclose personal private data, this does include email.
The penalty is £500,000 per individual, this would rapidly mount up when applied to multiple people.
Actually, the U.S. firms may be missing a trick here; because the U.S. government charges a far higher rate of corporation tax than others do, U.S. companies are at a disadvantage. So it seems to make sense for the tech firms in the firing line to use this harassment as an excuse to move their domicile overseas... nothing to do with the tax advantages, honest! We're making a principled stand to resist government encroachment.
Both are principled stands against government encroachment. There seems to be some background assumption that whatever the tax rate is in a given country of operation, that that is a good and holy and proper amount, and that to try to get out from under it (as opposed to just whining about it) is unpatriotic and greedy. How dare you try to keep more of the money you earned!
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
So if I make a business, and I HQ it out of Ireland, but I don't have anything but a PO Box and tax filings in Ireland. My servers are in the US. My staff is in the US. I am in the US. My revenue is generated in the US. My customers are in the US. My packaging and distribution is in the US, etc...
Then I should be exempt from US laws?
It would take some more digging, but giving the clearly biased summary, I'd wager there is more to this than just the Federal government trying to run roughshod over Irish law.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Any employee in the EU who *allows* those employees in the US to do such a thing is breaking the law too. UK Data Protection Act applies here, and has personally liability for them.
So even if the US courts all get together, agree, make the US based company do it, the EU-based company are LEGALLY REQUIRED to block any and all attempts to do so to preserve EU data protection.
In the EU, you have to get legally-binding agreements from the companies involved before you store data with them - government, medical, educational, you name it. Those agreements basically state that the data CANNOT leave the EU. They, themselves, are merely a clarification of EU law anyway, as the Data Protection laws apply.
(P.S. Apple does not give these guarantees for their cloud services, btw! Google, Dropbox, etc. do).
As such, any EU employee who ASSISTS or even ALLOWS such promised-protection on data to be bypassed is personally liable (with jail time possible) under the law of the country they live and work in. It can't happen.
The US are beating a dead-horse here, having exhausted all legal avenues, and are trying to make an impossible order that - even if passed - will not be possible to comply with anyway.
Literally, MS Ireland would have to pull the plug on any access from the US by their employees if this goes through, no matter what agreements they may have between the two distinct companies. And anyone who even left an avenue open for such things will end up in jail in the EU.
UK=EU, I mean. I'm in the UK, but the Data Protection laws are basically the same throughout.
Does anyone really think that Microsoft is coming to the aid of everyday people and championing their right to privacy? MS cares about one thing and one thing only...money. This decision is all about money. If users get the feeling that MS is not standing up for them they will take their business (i.e. money) elsewhere.
Money. It's the same reason that corporations set up business in far off places so they can avoid paying their fare share of taxes. Taxes that support the rule of law that makes the US such a great place to have a business and protect capital.
Money. It's the same reason that corporations not only give large political donations, they give large donations to BOTH PARTIES. No matter who wins they get an IOU.
Money. The same reason that corporations stuff lawyers and HR drones on their payroll. So they don't get sued.
Money. The same reason that corporate layoffs are now a part of life. If you miss the earnings numbers for even one quarter out comes the axe. So what if 10,000 people lose their jobs. Fuck em. It's all about the money.
Microsoft operates a major data center in Ireland, like all the cloud providers do, and l'd bet they have a large tech support presence there as well, as many major tech companies do. It's not like they just have a PO Box: quite a bit of their EU business really is done from Ireland. It's the mix of low labor cost and tax incentives that works for many companies.
Socialism: a lie told by totalitarians and believed by fools.
I don't think the US will sabotage or steal the fire equipment. They will just secretly wiretap everything, or, if they feel like it, bomb the place into oblivion.
That's not the situation here though. The Feds are asking Microsoft to order Irish based employees of Microsoft Operations Ireland Ltd to break the law in their own country. Those employees are obliged to refuse to carry out that instruction, and could claim damages from MS Ireland in the local courts.
If I have been able to see further than others, it is because I bought a pair of binoculars.
They are entitled to choose Ireland as their EU base for any reason they want, or for no reason, in exactly the same way that they are entitled to choose Delaware, Washington or whatever for their US base.
Irish data protection law, not UK, but it is probably pretty much word-for-word the same as it implements the same EU directive. The differences will be basically the name of the regulator and the courts that enforce it, and that fines will be expressed in Euros rather than Pounds.
Yes, for a wholly owned subsidiary, a part,of Microsoft which is fully controlled by Microsoft headquarters in the US, the US government has a potential claim. A separate spin-off company which has an exclusive contract with Microsoft, but isn't directly owned and controlled by Microsoft, would be in a much stronger position.
Microsoft CAN order the employees of a Microsoft subsidiary to turn over the data. They have no authority to order a separate, contracted company to do so.
A separately owned company with an exclusive contract would be significantly less convenient for Microsoft. Sometimes following different laws by operating in many countries is inconvenient.
That's the same kind of thinking that gives us a police state - assume everyone is guilty and act accordingly.
The "obvious" answer is one that allows ownership of poisons, knives, and axes, without having the state assume you're a murderer if you possess such items, and so they have the right to demand on a whim that you turn over all such items and records pertaining to said items. Yet still allow the state to have access to such records if they have reasonable evidence that a murder was committed with them.
Personally, I don't think the U.S. has any right to Microsoft's records stored overseas. If they have reason to believe Microsoft did something illegal and want access to data Microsoft is storing in Ireland, then they should present their evidence to Ireland, and Ireland can file the legal paperwork requiring Microsoft turn such records over to the U.S. The issue here is analogous to extradition - a crime (and evidence of it) was committed in one country, but the perpetrator is residing in another country. We already have extradition treaties to deal with such circumstances. We just need to update them to also cover digital records (evidence). The approach the U.S. is taking violates centuries of accepted legal precedent - a country cannot apply its laws outside its borders.
Yes this opens the possibility of some country like the Bahamas declaring they'll never "extradite" digital records to another country, and companies flocking to store their data their to hide it from government warrants. The proper response then would be for a country to ban companies storing data in the Bahamas from doing business in their country. The bigger headache is actually the criss-cross. Microsoft stores EU records in the U.S., and stores U.S. records in the EU, just to make it more difficult for both governments even if proper extradition treaties exist.
You're seriously misunderstanding the issue if you think this is about cloud storage. The data has to be stored somewhere, even if it's not accessible remotely. Even if Microsoft were only storing data pertaining to EU sales in the EU, the U.S. government's stance is that since Microsoft is a U.S. company, they can get access to that data. Even if giving the U.S. govt that data without an EU warrant violates EU privacy laws. Microsoft is put into a catch-22, where they must either violate U.S. law or violate EU law, and the only way to avoid the catch-22 is to do business in the U.S. or the EU, but not both. That's why the U.S. government's position on this is stupid. It's not a mere "inconvenience" as you seem to think it is.
> Microsoft is put into a catch-22, where they must either violate U.S. law or violate EU law
> to avoid the catch-22 is to do business in the U.S. or the EU, but not both. That's why the U.S. government's position on this is stupid.
The position of the US government in this particular case may be stupid. Or not. That depends on more specific facts than are generally considered on Slashdot.
It's NOT an impossible situation, not a catch-22. As you admitted, one way to follow the laws is to completely separate the EU customer service business from the USA business, so that Microsoft US doesn't have access to the details about EU customers. That's not convenient, but it is POSSIBLE. It might put Microsoft in a position they'd not prefer, but it's not an IMPOSSIBLE position. It's much harder because apparently Microsoft's lawyers didn't plan on following the laws of the countries they are in, which requires separating the entities. They didn't have the foresight to see that EU law may require something different from US law. We can learn from this that if you want to have international operations where regulations are highly likely, you should compartmentalize your business, so that you CAN separate them without too much pain.
So if I want to hide data, whatever that might be, say Hillary's email, or my actual financial books (vs the ones I show the IRS) , I can spin up a disk in another country and hide my data there? SWEET....
If the data is stored in a data centre in Ireland, why cant they use Irish law (and work with Irish law enforcement if necessary) to get this information?
Corporations didn't make double-irish legal, the congressmen and representatives you voted for did.
According to Microsoft:
You can't just guess that Microsoft just has a shell company in Ireland and then use that guess to condemn them. Well, you can, but it just makes you look ridiculous. Your obvious ignorance of EU data protection laws also doesn't help you look particularly sensible.
And like any other powerful tool it needs to be controlled otherwise it can do great damage if not used sensibly.
Microsoft is fighting a pretty straightforward fight here. There are large ramifications, most negative, for a loss.
Here's the EFF, staunchly advocating for Microsoft on this issue:
https://www.eff.org/deeplinks/...
My example was a hyperbole to demonstrate how international headquarters are used to avoid local regulations. Microsoft has been guilty of this many times over. They expatriate US revenues to avoid paying taxes on it, they expatriate R&D and patents to avoid US export controls, etc...
Also, do you realize that that staff represents less than 1% of Microsoft's personnel, right?
If the US is going after EU citizen data that is held on servers in the EU, that is communicated over networks that exist in the EU, then yeah, I'm fully on board, the US can get bent.
But if Microsoft is saying "We're not going to comply with the US because we're an Irish company" they're full of shit.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Unlike Capitalism, Globalization is a giant Pyramid scheme and Zero-sum WITHOUT https://en.wikipedia.org/wiki/... AND http://worldif.economist.com/a...
Casteism
we dont need your stinking island, we'll get our own! with hookers! and blackjack!