Slashdot Mirror

← Back to Stories (view on slashdot.org)

Court Denies US Government Appeal in Microsoft's Overseas Email Case (pcworld.com)

Posted by msmash on from the doing-what's-right dept.

An equally divided federal appeals court refused to reconsider its landmark decision forbidding the U.S. government from forcing Microsoft and other companies to turn over customer emails stored on servers outside the United States. From a report: The U.S. Court of Appeals for the Second Circuit, in a 4-4 decision Tuesday, declined to rehear its July decision that denied the DOJ access to the email of a drug trafficking suspect stored on a Microsoft server in Ireland. Microsoft has been fighting DOJ requests for the email since 2013. The DOJ has argued that tech companies can avoid valid warrants by storing customer data outside the U.S. Judges "readily acknowledge the gravity of this concern," but the 31-year-old U.S. Stored Communications Act (SCA) doesn't allow worldwide search under a U.S. warrant, wrote Judge Susan Carney. "We recognize at the same time that in many ways the SCA has been left behind by technology," Carney wrote in Tuesday's decision. "It is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose."

71 comments

  1. Read as: by Anonymous Coward · · Score: 2, Insightful

    DOJ butt hurt about ruling continues to.seek unfettered access to all data regardless of where it is or who owns it.

    1. Re:Read as: by saloomy · · Score: 4, Insightful

      The DOJ is butt-hurt. But too bad. The US can't just decide that their warrants are valid EVERYWHERE, just because a company operates in the US as well. What happens when China wants data stored by Boeing in the US, because Boeing has offices in China, and there is a law-suit? There is a reason why the laws are written like this. If the drug traffickers data was so instrumental to the case, and the justification for the warrant is so compelling, then the US attorney should contact authorities in Ireland and seek the Irish courts to issue a warrant to MS.

      If there is anything fishy, they won't go that route, and if there isn't, an extra set of judicial eyes on the facts of the case can't hurt.

    2. Re:Read as: by Anonymous Coward · · Score: 1

      The US can't just decide that their warrants are valid EVERYWHERE,

      Well yes they can, in this case they decided otherwise. But even if they did, nobody else really HAS to listen. Despite what most Europeans may think about their "Right to be Forgotten" laws.

      What happens when China wants data stored by Boeing in the US, because Boeing has offices in China, and there is a law-suit?

      What happens is that Boeing can either give up the data, or they can shut down their China-based operations. And why bother with hypotheticals, when you could easily have come up with all sorts of actual real-world examples?

    3. Re:Read as: by bradley13 · · Score: 2

      "why bother with hypotheticals, when you could easily have come up with all sorts of actual real-world examples?"

      FATCA. Banks everywhere. 'nuff said...

      The US can and does try to push its law into other countries, where is clearly has no jurisdiction. Sometimes it succeeds. The rest of the world is getting fed up with this. If the US does try to push this, European privacy laws could well be the hill that US influence dies on.

      --
      Enjoy life! This is not a dress rehearsal.
    4. Re: Read as: by saloomy · · Score: 1

      That may be so, but you can't expect a corporation like Microsoft to be caught between US warranty laws and EU privacy laws. Somewhere the system has to accommodate the diverse laws in place, and jurisdiction is the solution to that problem

    5. Re: Read as: by Anonymous Coward · · Score: 0

      "has to accomodate" lom

    6. Re: Read as: by Anonymous Coward · · Score: 0

      Somewhere the system has to accommodate the diverse laws in place, and jurisdiction is the solution to that problem

      One possible alternate solution:

      "Congratulations $FORMER_SOVEREIGN_NATION on becoming the newest US Territory/State!"

      The US has all this wealth tied up in military and nuclear assets, and it would seem a waste to not have this investment earn some returns from a business/real estate mogul's perspective, were such to be elected CiC of the US military.

    7. Re:Read as: by Anonymous Coward · · Score: 0

      What happens is that Boeing can either give up the data, or they can shut down their China-based operations. And why bother with hypotheticals, when you could easily have come up with all sorts of actual real-world examples?

      Yep, the real world example is what happens if the US government can just grab data from Microsoft's overseas servers.
      That would be that a lot of other governments would have to scramble to find alternatives where the US government can't do that since they can't legally use services that some other government can just grab arbitrary data from.
      Microsoft can't lose this fight. If they do they will also lose all their large customers.

    8. Re:Read as: by Anonymous Coward · · Score: 0

      This is exactly why Russia demands that all it's citizens data be stored on a server in Russia.

  2. Reciprocity? by scsirob · · Score: 2

    So, is US congress now going to change the law so a US judge can permit the US DOJ to access foreign servers? May we assume reciprocity, so that other countries can then serve warrants to providers in the USA and legally demand access to data stored on US soil?

    I think not..

    --
    To Terminate, or not to Terminate, that's the question - SCSIROB
    1. Re:Reciprocity? by Anonymous Coward · · Score: 0

      The courts do not usually consider such things as foreign politics.

      The final effect of such laws is already known; you end up with the organization being unable to do certain kinds of business in some countries because it does business in others.

    2. Re:Reciprocity? by Anonymous Coward · · Score: 0

      USA is all that matters, the rest of the world can go fuck themselves.

    3. Re:Reciprocity? by alexo · · Score: 1

      So, is US congress now going to change the law so a US judge can permit the US DOJ to access foreign servers?

      Not really. The way I understand it, the idea is for the US congress to change the law so a US judge can permit the US DOJ to force a US company to surrender data that it stores on foreign servers.

    4. Re:Reciprocity? by vux984 · · Score: 1

      To be fair, to properly police a multinational corporation you really do need a multinational police force.

      I agree that we shouldn't be looking to change the law so that the US DOJ can simply access foreign servers. But we SHOULD be strengthening the ability of inter-national police forces to prosecute cases; to streamline international discovery. While the US can't and shouldn't try to enforce laws extra-nationally -- at the same time a multinational shouldn't be immune to prosecution by virtue of being simultaneously in multiple jurisdictions.

    5. Re: Reciprocity? by Anonymous Coward · · Score: 0

      US gov can do that absolutely. But it will then force the said company to break the contracts it has with EU countries, which will result in much ass hurting in EU courts. It amuses and surprises me always how US users tey and fail to understand that there actually are other sovereign states. The definition is, that any of your stuff in our country, is ours if we so degree.

    6. Re: Reciprocity? by Anonymous Coward · · Score: 0

      Just to be coward once more, every EU solutions/services client requires contractually that their data stays within EU, they wont do business if it aint so. So you can imagine the effect of "executive degrees" about EU clients data. The business in EU is no more.

    7. Re:Reciprocity? by Anonymous Coward · · Score: 1

      There are processes in place for that already. And to most of us who daily work with people in other countries, regularly travel abroad etc. that would all seem relatively simple and obvious.
      However US law enforcement is stuck in a past where talking with someone from a foreign country, or worse even travel there to get things done is considered an unthinkable burden. So if such a need arises, they try to club it through on the US side, wasting everyone's time, and when it then predictably fails they tend to just drop the case. Because you know, fucking foreigners, can't be expected to deal with that.

    8. Re:Reciprocity? by Aighearach · · Score: 1

      No, SCOTUS will overturn this because very-well-established precedent says that US companies, including their controlled subsidiaries, have to obey all US court orders. Americans traveling overseas does not stop them from having to obey US law. Maybe US laws are only applicable inside the US for specific reasons, but in general US law applies to Americans and American companies at all times.

      An example, it is illegal for Americans to communicate with foreign governments for the purpose of affecting their response to US foreign policy; it is illegal for Americans to bribe foreign governments; it is illegal for Americans to have sex with minors in foreign countries. These laws are not legally controversial or gray areas, they are well-established.

      Strange rulings at the lower and intermediate levels are to be expected, but this is heading for a unanimous ruling at the SCOTUS.

    9. Re:Reciprocity? by gweihir · · Score: 1

      You have that backwards. And, coincidentally, with the last presidential elections the US has started to do it to itself with a wire-brush...

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    10. Re:Reciprocity? by vux984 · · Score: 1

      There are processes in place for that already.

      They are not especially efficient or streamlined though. Which is why international crimes have to reach a much much higher bar before anyone even tries prosecuting them.

      I don't disagree with the rest of your post.

    11. Re: Reciprocity? by Anonymous Coward · · Score: 0

      You rly love the word JURISDICTION! I can help you, Its US internal wanktalk. Dropit. In IR LAW there are contracts and then resolving judges, like hague, never "my bros thing in Arkansas".

    12. Re:Reciprocity? by Aighearach · · Score: 1

      It has nothing to do with foreign servers though, it is about the DoJ telling US companies to turn over documents that are held by subsidiaries that they control. All of that happens in the US.

    13. Re:Reciprocity? by Kjella · · Score: 1

      An example, it is illegal for Americans to communicate with foreign governments for the purpose of affecting their response to US foreign policy; it is illegal for Americans to bribe foreign governments; it is illegal for Americans to have sex with minors in foreign countries. These laws are not legally controversial or gray areas, they are well-established.

      Extra-territorial laws where Americans are required to simultaneously uphold both US and local law are well-established. Extra-territorial laws that compel Americans to break local law would be extremely controversial. If US law says you drive on the right and you go to Britain where people drive on the left then obviously you follow local law. If you can't do that, then you can't drive. If you can't do business in the EU without breaking local law, you can't do business there. The US supreme court can say what they want. If Microsoft complies then Ireland should start putting Microsoft Ireland executives in jail and file extradition charges against Microsoft's US executives for crimes in Ireland against Irish law until they stop. It's really that simple.

      --
      Live today, because you never know what tomorrow brings
    14. Re:Reciprocity? by mrbester · · Score: 1

      It has everything to do with foreign servers because that is where the data is held. This data is also protected by the laws of the country it is held in from extradition just because a foreign party (in this case the US Govt is the foreign party) wants it.

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    15. Re:Reciprocity? by rtb61 · · Score: 1

      More simply, extradition laws could be extended to include data, catch, no secret extraditions must be public because the affected citizen has the right to defend it, not a warrant but a data extradition request. The local government would than serve the warrant for that data in order to provide the data requested under the legally fulfilled data extradition request.

      --
      Chaos - everything, everywhere, everywhen
    16. Re:Reciprocity? by Anonymous Coward · · Score: 0

      That doesn't help if that US company is not able to do so (e.g. because the data is held by a foreign subsidiary, subject to laws that prohibit handing over customer data to a foreign entity). It would not have changed anything in this case. If the US authorities want to get this data, they will have to go through Irish courts.

    17. Re:Reciprocity? by Anonymous Coward · · Score: 0

      Except for the small problem that the data is held by an Irish subsidiary that cannot legally hand over the requested data to some foreign kangaroo court.

    18. Re:Reciprocity? by Anonymous Coward · · Score: 0

      Microsoft not being able to do business with foreign governments is probably not a desired outcome.
      If Microsoft lets the US government have data stored in foreign countries without going through their justice system then all other governments in the world will have to switch to alternatives to keep their data safe.

    19. Re:Reciprocity? by bsolar · · Score: 1

      As long as you accept it's a two-way street.

  3. Re:H1-B INDO-CHIMP STREET SHITTERS by Anonymous Coward · · Score: 0

    Do you know why farts smell?

    For the benefit of the deaf!

    On topic: Trump has as much intelligence as a fart.

  4. overdue for a congressional revision by Anonymous Coward · · Score: 0

    which will probably happen, now that the courts specifically said so.. and you have a president hell-bent on fucking shit up, and a congress that will be too... whether those motives converge or not, we have yet to see.. but you might want to start that contingency and exit strategy planning

  5. Another solution by Okian+Warrior · · Score: 4, Insightful

    So, is US congress now going to change the law so a US judge can permit the US DOJ to access foreign servers? May we assume reciprocity, so that other countries can then serve warrants to providers in the USA and legally demand access to data stored on US soil?

    I think not..

    Another solution is to pass a law saying that all US citizen data has to be kept in servers in the US.

    The benefit is that foreign countries don't get to access our citizens' data as easily (Russia, China, Canada).

    The *real* solution is that E-mail and other data should be encrypted end-to-end, where the provider and location don't matter. Proton mail and Lavabit come to mind.

    I remember when DropBox first came out, it required a driver to install (in WinXP) to synchronize the data to the cloud, and asked whether they had any plans to add encryption. Their response was "Oh, we'll never add encryption! That's the end-user's responsibility, and besides... it's haaaaaard!"

    We need turn-key solutions. If good security is a checkbox "make my messages private", more people would use it.

    1. Re:Another solution by Falos · · Score: 1

      "[we have] encryption with zero key management" is a phrase I've seen touted as a feature. And something that, not just "will be" but "has already gotten" ...increasingly popular with vendors.

      It's not even a question of jurisdiction or ethics or legal rights, the reality is that sometimes (anywhere between some and all) private effects can't be accessed, not mere "should/n't".

      You might as well discuss the legal reach allowed to federal time travelers.

    2. Re:Another solution by Kjella · · Score: 1

      Another solution is to pass a law saying that all US citizen data has to be kept in servers in the US. The benefit is that foreign countries don't get to access our citizens' data as easily (Russia, China, Canada).

      Which would be a massive legitimization of Russia and China's nationalistic social media policies to make people only use services under Putin and the CCP's control. If US data is not safe in the EU, why is EU data safe in the US? And you're flipping the situation on its head, only the US is crazy enough to demand data from an Irish subsidiary. You think Ireland would demand data from a US subsidiary through Irish courts? The US would go ballistic. The US is asking for other countries to accept what it would never itself accept.

      --
      Live today, because you never know what tomorrow brings
    3. Re:Another solution by BitterOak · · Score: 2

      Another solution is to pass a law saying that all US citizen data has to be kept in servers in the US.

      What about e-mail or other service providers that don't have servers in the U.S.? Would it be illegal, under your framework, for U.S. citizens to sign up for e-mail or other data accounts with foreign providers with no U.S. presence? How exactly would enforcement work?

      --
      If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    4. Re:Another solution by Anonymous Coward · · Score: 0

      The US is asking for other countries to accept what it would never itself accept.

      Film at 11.

    5. Re:Another solution by Anonymous Coward · · Score: 0

      I remember when DropBox first came out, it required a driver to install (in WinXP) to synchronize the data to the cloud, and asked whether they had any plans to add encryption. Their response was "Oh, we'll never add encryption! That's the end-user's responsibility, and besides... it's haaaaaard!"

      Well, that is the right choice.
      If you rely on the encryption that a cloud service provides then they have access to you data.
      If you want your data to be safe you have to encrypt it on your end before uploading it to the cloud, and you have to use tools that they can't send out an update for.
      Otherwise you can encounter a situation where someone on the cloud side already knows what encryption algorithm you use and can easily push out an update to grab you key.

      Encryption is the end users responsibility, they could however been nice enough to suggest a solution.

    6. Re:Another solution by Anonymous Coward · · Score: 0

      Like it does with everything else?
      If you find out that someone has a foreign e-mail account you drag them to court.
      The way it typically works is that law enforcement doesn't car about it, but if they decide that you are a criminal for whatever reason and wants to have a look at you e-mail just to realize that you use an overseas provider they charge you with that.
      Then they assume that you got that e-mail account just to hide your data so they slap an obstruction of justice charge on top of that and also assume that you are guilty of whatever they initially suspected you of.

  6. Work at the White House by Okian+Warrior · · Score: 5, Insightful

    USA is all that matters, the rest of the world can go fuck themselves.

    You should apply to work at the White House - I hear they're hiring.

    1. Re:Work at the White House by Anonymous Coward · · Score: 2, Insightful

      He's probably not rich enough to be accepted.

    2. Re:Work at the White House by Anonymous Coward · · Score: 0

      Trump won the and election by basically using "USA is all that matters" as his political mantra. The US used as the whipping boy for all the ills in the world and that sentiment is what helped put Trump in the WH. The international community as well as some US citizens demand US action while simultaneously complaining about US interference. The public demands security but a significant amount of demanding public are simultaneously trying to do everything in their power to weaken the agencies who are suppose to provide that security. The US seems to be the only major power where it's citizens demand that it's clandestine and foreign intelligence agencies be transparent.

    3. Re:Work at the White House by Anonymous Coward · · Score: 0

      You should apply to work at the VERY White House - I hear they're hiring.

      Fixed that for you.

  7. Damn straight, skippy. by AnotherBlackHat · · Score: 1

    The DOJ has argued that tech companies can avoid valid warrants by storing customer data outside the U.S.

    It's not a valid warrant, because the court that issued it doesn't have jurisdiction.

  8. The ironic Catch-22... by geekmux · · Score: 4, Funny

    (Billionaire US business owner) "Hell yes! Go after those dirty drug dealers! Those bastards shouldn't be able to hide their evils in another country!"

    (Billionaire's accountant) "Sir, might I remind you that your tax haven data is stored in Ireland..."

    (Billionaire US business owner) "Nevermind! Those meddling DOJ bastards don't need access to anything."

    1. Re:The ironic Catch-22... by green1 · · Score: 2

      Which is why the DOJ will be given access, but the IRS will not.

      Politics is a game where the top 1% write the rules, you know who's favour they will be in.

    2. Re:The ironic Catch-22... by Anonymous Coward · · Score: 0

      Bow before your bankers! errr... masters!

  9. and this court was right to decline to make law by raymorris · · Score: 1

    This court was right, I think, to write that although there are problems either way, it's not the job of the court to rewrite the law - that's up to Congress to fix it.

    One possibility is that Congress won't allow warrants on foreign *servers*, but will allow some form on subpoenas on US *companies* who possess evidence about people in the US.

    One reasonable argument (maybe right, maybe wrong) is that if a US company has some evidence about a US person, related to a US case, they can, after a court hearing, be subject to a US subpoena. Where the US company chose to physically store the bits isn't all that relevant, some would say. Anyway, the court is correct, I think, in saying the Congress needs to work out the law on this - the court doesn't need to rewrite the law.

  10. Speaking of the DOJ... by Anonymous Coward · · Score: 1

    Speaking of the DOJ and government...

    AN IMPORTANT MESSAGE FROM MIKE PENCE
    WASHINGTON (WHPB)—Vice-President Mike Pence has issued the following message to the American people:
    Dear American People,
    What with all the hoopla and hullabaloo of Inauguration Week, we didn’t really get a chance to get to know each other. And so, if you don’t mind, I thought that I’d take a minute or two to tell you a thing or two about Mike Pence.
    I’m what most people would call a “fun guy.” In my spare time, I enjoy golf and heterosexuality. And I’m something of a voracious reader. My favorite book, of course, is the Bible, but I enjoy other books, too. I’m a big fan of “The Da Vinci Code,” which has a lot of stuff about the Bible in it. And Paul Ryan just gave me a copy of “Atlas Shrugged,” by Ayn Rand. I just started reading that one, so I haven’t gotten to any parts in it about the Bible yet, but it’s darn good.
    Another thing I read recently, and it’s probably become my second-favorite piece of reading material right after the Bible, is the Twenty-fifth Amendment to the United States Constitution. It’s all about how to remove the President and replace him with the Vice-President. I have to admit that it was a kick to start reading the dusty old Constitution for the very first time and see yours truly right in there!
    It turns out that the Twenty-fifth Amendment says that the country can remove the President if he is found to be “incapacitated.” That can mean anything from physically incapacitated, like being in an irreversible coma, to mentally incapacitated, like being seen raving like a lunatic during a visit to the C.I.A. Either way, if folks decide that it’s time to put a fork in you, see you later, alligator!
    Whenever I read something great, I tell everyone I know to go out and read it, too. And so, my fellow-Americans, I encourage each and every one of you, history buffs or otherwise, to read the Twenty-fifth Amendment today—especially Section 4, which is a little complicated but really exciting, too. If you enjoy reading it as much as I did, let me know. I’m in my office in Washington and you can reach me anytime—I’m of sound mind and body.
    Well, I’m super-glad we had the chance to get to know each other a little better. Until next time, here’s Mike Pence saying, God bless America. And God bless the Twenty-fifth Amendment.

    -MP

  11. Wrong tool for the job. by Frobnicator · · Score: 2

    The DOJ is butt-hurt. But too bad. The US can't just decide that their warrants are valid EVERYWHERE ... If there is anything fishy, they won't go that route

    The problem -- which the DOJ and other parties absolutely know -- is that they are using a warrant.

    You say they won't go that route if there is anything fishy, but the fact that they are attempting to use a warrant is extremely fishy.

    There is an enormous difference between a warrant which they are using, and a subpoena that they would be trying to do if the one person in the case was all they wanted.

    With a subpoena the company must produce information. They must produce the information no matter where it is held, and they must produce it as binding evidence. If they really want to capture the one person, a subpoena to provide all the information about the request is a simple matter. The government gets copies of all the documents they are demanding, particularly all the business records related to the subscriber. Since the DOJ is claiming they are trying to catch a subscriber and the people they're email, these subpoenas are more than enough.

    With a warrant to collect a server, they get the entire physical server. And the government gets to make a copy of the server, and search it for whatever they think is relevant to the information. A warrant means they can take all the objects so they can prevent evidence from being destroyed. They can also collect for more information from the customer about the contents of the communications.

    The DOJ could take measures to collect the information using tools other than a warrant that provide all the information and require Microsoft to keep it confidential. Instead of use those, they continue to demand a warrant to seize the entire server.

    --
    //TODO: Think of witty sig statement
    1. Re:Wrong tool for the job. by mrbester · · Score: 2

      Even if there is a subpoena, that again is irrelevant to obtaining data held in a different jurisdiction as, just like warrants, they have no legal force whatsoever outside the country of issue. If one is issued in Eire, then fine. Until then, tough shit.

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    2. Re:Wrong tool for the job. by bsolar · · Score: 1

      I think the correct tool in this case would be an international letters rogatory requesting judicial assistance from Ireland, where the data lies.

  12. This is great by Actually,+I+do+RTFA · · Score: 1

    This is how I want tech companies to protect my privacy. With a four-year lawsuit designed to delay handing over my data (and it ultimately won!). Compare and contrast to Lavabit, which decided to shut down in 2013 after printing out its private keys in 2-pt. font.

    --
    Your ad here. Ask me how!
    1. Re:This is great by Anonymous Coward · · Score: 0

      Smaller fonts take up less space on the server.

    2. Re:This is great by Anonymous Coward · · Score: 1

      Compare and contrast indeed.

      Microsoft, a huge multinational corporation, with billions in cash reserves and a legal department that could be a law firm by itself, had to go up against the Department of Justice (DOJ) in the regular American court system. The DOJ sought data that Microsoft (US) did not actually have. It was attempting to compel Microsoft (US) to force Microsoft (Ireland) to send that data to the United States, in contradiction to EU privacy laws governing Microsoft (Ireland).

      In other words, the DOJ was trying to force an American company to force an Irish company to break EU law. They lost, after 4 years of trying hard.

      LavaBit, a small private company, fought the NSA over Edward Snowden in FISA court. The operator was given no time to obtain a lawyer, and had to represent himself. After being crushed in court, and legally unable to disclose that information, he decided that it was better to shutter LavaBit (destroying the business he worked to create) rather than throw his loyal customers into the mouth of the NSA surveillance machine.

      Source: https://en.wikipedia.org/wiki/United_States_Foreign_Intelligence_Surveillance_Court
      Source: https://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email
      Source: https://www.wired.com/2016/03/government-error-just-revealed-snowden-target-lavabit-case/

      So, after this compare and contrast, do you still think LavaBit failed to protect its customer's privacy?

    3. Re:This is great by Actually,+I+do+RTFA · · Score: 1

      t, do you still think LavaBit failed to protect its customer's privacy?

      Yes, I think they failed to effectively protect their customer's privacy.. LavaBit had the time to hire a lawyer (although I have no idea how much money he had) He was crushed in court cause he was an idiot who didn't take the0 proceedings seriously. And the judge found him in contempt because instead of fighting the subpoena, appealing it, etc, he acted like an ass.

      All you're providing is reasons why LavaBit failed - not the actual charge that they did.

      --
      Your ad here. Ask me how!
  13. Microsoft has a backup plan by subanark · · Score: 1

    If worse comes to worse, Microsoft will give its foreign branches enough independence (enough to make it a separate company) to deny any request it wants from the US branch.

  14. MLATs by Anonymous Coward · · Score: 0

    So, is US congress now going to change the law so a US judge can permit the US DOJ to access foreign servers?

    That's actually hard to do. Microsoft's MLAT argument is a lot better for everyone.

    Let's say we're standing in my back yard, and I pull out a gun and point it at your face. "Go into the kitchen and get me an IPA. Or else." I have jurisdiction over you, because I'm the guy with the gun. I can't keep my gun on you while you go off to get the beer, though. I have to trust that you'll either bring me a beer, or you'll never ever come back to within weapons range of me, because you know I'm going to shoot you if I ever see you again, without my beer.

    So you go to the kitchen. And there's my part-Irish wife. She pulls out her gun and points it at your face. "Oh hell no, you are not taking that IPA out to him. He bought that shitty wit beer and the bottle has been here in the fridge for months. He'll drink that next, before he has another IPA." Now, you know if you show up in the backyard with a wit beer, I am going to be blow your brains out. I want IPA. So you're stuck between a rock and a hard place, because everywhere you go, someone pulls a gun on you and tells you to do something that'll piss off some other gun-happy asshole.

    Microsoft's argument about MLAT is their way of saying, "Hey, let's get this guy and his wife into the same room, and have them decide together. Leave me out of this!" Congress can decide to have whatever laws it wants (analogous to me being able to decide whoever I want to shoot in my back yard, for whatever stupid reasons) but it can't remove all the problems which come up as a result of my wife pulling a gun on you and telling you to go against my wishes. That's a fucked up situation and it's just going to result in you walking out the front door. MLATs are a way for you to stay, and ultimately, it's what's going to get me to drink that wit that I don't really want.

  15. Catch-22 by phorm · · Score: 2

    Realistically, doing so would create a catch-22 lose-lose situation for American corporations.

    Don't give information to US authorities from foreign servers: they're violation of US law and you get penalised

    DO give away information to US authorities from foreign servers: (often) they're in violation of the privacy/access/etc laws in said foreign country, and they get penalised

    I'm not American, and certainly not a fan of some of the international shenanigans perpetrated by US corporations, but allowing a law like this would be a *huge* disadvantage for US companies and possibly even a death sentence for some. As it is, many companies (including many I've worked at) have rules against doing business with US entities that store data outside of the service country, due to laws protecting customer information and privacy. So entities like Amazon, Google, etc are basically on the no-go list for vendors when it comes to any RFP that involves customer info.

      The government was arrogant and idiotic for even thinking to try pushing this through the courts. They might as well run a razor across their own throat.

    1. Re:Catch-22 by coofercat · · Score: 1

      ...such a law would make it illegal for US companies to operate servers in the EU in a lot of cases, because there are protections for EU data. There are some 'safe harbour' exceptions for certain types of data in certain circumstances, but that won't cover everything, and (I suspect) doesntt cover email.

      Moreover, many EU based companies would think very long and hard if they wanted to use a US cloud provider for anything at all, especially if the law allows for the US to grab 'chunks' of data (eg. a server at a time) rather than a person at a time. The prospect of having your companies data taken due to happening to sit on the same server as someone else doesn't go down too well in compliance meetings.

  16. Fun? by Anonymous Coward · · Score: 0

    It is interesting to think about transfer of the email.

    If the email was originally sent into or out of the US then it was on a server in the US. Also, it has crossed international boundaries at least twice.

    There is no way for the DOJ to know the path that the data took. It could have existed for some time on US servers, for which the search warrant is entirely valid. What if Microsoft adopts a policy of rotating all email through overseas servers to avoid all DOJ data requests, or to serve only the ones they want to serve.
    Does Microsoft have the right to engineer schemes like that within the intention of the law?

    I am not a lawyer, I don't know.

  17. nail in the coffin by bigtreeman · · Score: 1

    Just another case of multinationals are outside any countries control.
    It's a fecking free for all

    --
    Go well
    1. Re:nail in the coffin by gweihir · · Score: 1

      Ireland is not a country? News to me...

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  18. Re:H1-B INDO-CHIMP STREET SHITTERS by Anonymous Coward · · Score: 0

    Fuck Trump. I'll never consider him my president. As far as I'm concerned, Hillary is the de-facto president.

  19. International Community by lionchild · · Score: 1

    With the very recent event of the US pulling out of the TPP, I feel it's unlikely that others in the International Community, will take kindly to foreign powers accessing servers in their territories. Should US lawmakers update the law and change it to allow for US laws to operate in this manner, I imagine that companies like Microsoft, will outsource the administration of those non-US servers, so they have a non-US division operating them, thus leaving them outside of the reach of US laws.

    --
    Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: General Protection Fault. [Paroty Error.]
  20. why push for that in the first place? by Anonymous Coward · · Score: 0

    wouldn't very similar laws that allow you getting data from a suspect drug dealer in the US if you have initial proof exit on most other countries?

    why do they even need that shortcut in the first place? just show the initial proof to the law enforcement at the other country and let them deal with that. ...unless the initial proof was acquired in a way that is only /legal/ in the US?

    1. Re:why push for that in the first place? by AHuxley · · Score: 1

      Who got in first? GCHQ? DEA? NSA? CIA?
      No legal team likes to see a case that starts with redacted pages in a public court setting.
      So the USA will often use charity groups, public private police partnerships to look at big company databases for words, terms, photographs that might surround drug culture. That then gets reported to a company as is then the clean origin of a case.
      A legal team can then talk in public about how the case started and the role of a GCHQ, DEA, NSA, CIA can stay historically PRISM like hidden.
      The other issue is a very Irish issue. The UK used its mil, the Royal Ulster Constabulary Special Branch, GCHQ to track every call and computer network in Ireland from the 1970's on. It was then easy to create new informants as they called interesting people already been watched.
      Interesting people got an offer to become informants or not. If they did, their role was secure. As they moved up in rank, more information flowed back to the UK.
      Ireland does not really want to have a new discussion about its data security nationally going back decades. Who is still been legally tracked and how.
      Are US, UK or Irish contractors now been used to legally watch people in Ireland or with Irish accounts for historical reasons?
      To keep users thinking their data is safe in Ireland the US shortcut is still hidden. The GCHQ, NSA, CIA will still have the same role as always.
      The DEA can now get some NSA data in the raw thanks to new raw data sharing options in the USA.
      "Obama Opens NSA’s Vast Trove of Warrantless Data to Entire Intelligence Community, Just in Time for Trump" (January 14 2017)
      https://theintercept.com/2017/...
      "...NSA share vast amounts of private data gathered without warrant, court orders or congressional authorisation with 16 other agencies, including the FBI, the Drug Enforcement Agency, ..."
      Ireland can sell its international networking products as been legally secure and as been low cost in terms of staff and tax.
      Its win win win. The US and UK get to keep on spying and sharing the raw data with other agencies. Ireland can tell the world no nation can legally access data in Ireland.

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:why push for that in the first place? by Anonymous Coward · · Score: 0

      "Obama Opens NSA’s Vast Trove of Warrantless Data to Entire Intelligence Community, Just in Time for Trump" (January 14 2017)

      Almost like it was meant to be setup like that. It wouldn't be the first time the American populous has been deceived but this does look like Franklin's prediction of a despotic us is starting to manifest, sadly. Corruption is the enemy of civilisation.

      On warrant-less exchange of data, have you looked at the AU 2014 nation al security legislation amendments which plot out *exactly* the same legal infrastructure in AU? Same with meta data retention, the bill passed in au then uk, nz, can us.

      It's almost like the laws are being tested in the country with the weakest constitution then amend for constitutional compatibility OR it's a complete coincidence. Australia's Tony Abbot is like a prototype for Trump only let's hope that we never see Trump in speedos.

      thanks for the interesting stuff you dig up.

  21. Re:H1-B INDO-CHIMP STREET SHITTERS by Anonymous Coward · · Score: 0

    Hillary is just another arsehole; just given an enema so as not to smell so badly.

  22. When I hear the word "Balance" I cringe by EmperorOfCanada · · Score: 1

    Quite simply there seems to be some kind of magical thinking that you can balance something unreasonable against basic rights. For instance anyone who thinks that it would be "Balanced" for a US court to order people in another country to do something is insane. The whole US revolution was about things like taxation without representation. So what makes the US seem to think that people in other countries should give two shits what their courts say when we have exactly zero input into the laws, the lawmakers, or any other body that would hold these bozos to account?

    This is the sort of thinking that as the US economy runs down will cause the rest of the world to not even lift a single finger as they finally slip into unrelenting pain and misery.

    1. Re:When I hear the word "Balance" I cringe by Anonymous Coward · · Score: 0

      Quite simply there seems to be some kind of magical thinking that you can balance something unreasonable against basic rights.

      Say what it isn't and then repeat. It's like punching someone in the face and telling them that you love them, over and over. The victim eventually believes that's what love is.

      Consider this, what if every country that the US has a mil base in, also had a mil base in the US. An amusing thought isn't it, because we know that there is no way the us would allow that to happen.

      That's not because the engines of US democracy are bad, it is because the institution has been corrupted by the greed of the corporate entities. The american population hasn't recognized this as a threat because they have been carefully de-educated into complacency. It will be interesting to see what will happen when the american population finally figure it out, en masse.