Slashdot Mirror

← Back to Stories (view on slashdot.org)

Court Denies US Government Appeal in Microsoft's Overseas Email Case (pcworld.com)

Posted by msmash on from the doing-what's-right dept.

An equally divided federal appeals court refused to reconsider its landmark decision forbidding the U.S. government from forcing Microsoft and other companies to turn over customer emails stored on servers outside the United States. From a report: The U.S. Court of Appeals for the Second Circuit, in a 4-4 decision Tuesday, declined to rehear its July decision that denied the DOJ access to the email of a drug trafficking suspect stored on a Microsoft server in Ireland. Microsoft has been fighting DOJ requests for the email since 2013. The DOJ has argued that tech companies can avoid valid warrants by storing customer data outside the U.S. Judges "readily acknowledge the gravity of this concern," but the 31-year-old U.S. Stored Communications Act (SCA) doesn't allow worldwide search under a U.S. warrant, wrote Judge Susan Carney. "We recognize at the same time that in many ways the SCA has been left behind by technology," Carney wrote in Tuesday's decision. "It is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose."

13 of 71 comments (clear)

  1. Read as: by Anonymous Coward · · Score: 2, Insightful

    DOJ butt hurt about ruling continues to.seek unfettered access to all data regardless of where it is or who owns it.

    1. Re:Read as: by saloomy · · Score: 4, Insightful

      The DOJ is butt-hurt. But too bad. The US can't just decide that their warrants are valid EVERYWHERE, just because a company operates in the US as well. What happens when China wants data stored by Boeing in the US, because Boeing has offices in China, and there is a law-suit? There is a reason why the laws are written like this. If the drug traffickers data was so instrumental to the case, and the justification for the warrant is so compelling, then the US attorney should contact authorities in Ireland and seek the Irish courts to issue a warrant to MS.

      If there is anything fishy, they won't go that route, and if there isn't, an extra set of judicial eyes on the facts of the case can't hurt.

    2. Re:Read as: by bradley13 · · Score: 2

      "why bother with hypotheticals, when you could easily have come up with all sorts of actual real-world examples?"

      FATCA. Banks everywhere. 'nuff said...

      The US can and does try to push its law into other countries, where is clearly has no jurisdiction. Sometimes it succeeds. The rest of the world is getting fed up with this. If the US does try to push this, European privacy laws could well be the hill that US influence dies on.

      --
      Enjoy life! This is not a dress rehearsal.
  2. Reciprocity? by scsirob · · Score: 2

    So, is US congress now going to change the law so a US judge can permit the US DOJ to access foreign servers? May we assume reciprocity, so that other countries can then serve warrants to providers in the USA and legally demand access to data stored on US soil?

    I think not..

    --
    To Terminate, or not to Terminate, that's the question - SCSIROB
  3. Another solution by Okian+Warrior · · Score: 4, Insightful

    So, is US congress now going to change the law so a US judge can permit the US DOJ to access foreign servers? May we assume reciprocity, so that other countries can then serve warrants to providers in the USA and legally demand access to data stored on US soil?

    I think not..

    Another solution is to pass a law saying that all US citizen data has to be kept in servers in the US.

    The benefit is that foreign countries don't get to access our citizens' data as easily (Russia, China, Canada).

    The *real* solution is that E-mail and other data should be encrypted end-to-end, where the provider and location don't matter. Proton mail and Lavabit come to mind.

    I remember when DropBox first came out, it required a driver to install (in WinXP) to synchronize the data to the cloud, and asked whether they had any plans to add encryption. Their response was "Oh, we'll never add encryption! That's the end-user's responsibility, and besides... it's haaaaaard!"

    We need turn-key solutions. If good security is a checkbox "make my messages private", more people would use it.

    1. Re:Another solution by BitterOak · · Score: 2

      Another solution is to pass a law saying that all US citizen data has to be kept in servers in the US.

      What about e-mail or other service providers that don't have servers in the U.S.? Would it be illegal, under your framework, for U.S. citizens to sign up for e-mail or other data accounts with foreign providers with no U.S. presence? How exactly would enforcement work?

      --
      If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
  4. Work at the White House by Okian+Warrior · · Score: 5, Insightful

    USA is all that matters, the rest of the world can go fuck themselves.

    You should apply to work at the White House - I hear they're hiring.

    1. Re:Work at the White House by Anonymous Coward · · Score: 2, Insightful

      He's probably not rich enough to be accepted.

  5. The ironic Catch-22... by geekmux · · Score: 4, Funny

    (Billionaire US business owner) "Hell yes! Go after those dirty drug dealers! Those bastards shouldn't be able to hide their evils in another country!"

    (Billionaire's accountant) "Sir, might I remind you that your tax haven data is stored in Ireland..."

    (Billionaire US business owner) "Nevermind! Those meddling DOJ bastards don't need access to anything."

    1. Re:The ironic Catch-22... by green1 · · Score: 2

      Which is why the DOJ will be given access, but the IRS will not.

      Politics is a game where the top 1% write the rules, you know who's favour they will be in.

  6. Wrong tool for the job. by Frobnicator · · Score: 2

    The DOJ is butt-hurt. But too bad. The US can't just decide that their warrants are valid EVERYWHERE ... If there is anything fishy, they won't go that route

    The problem -- which the DOJ and other parties absolutely know -- is that they are using a warrant.

    You say they won't go that route if there is anything fishy, but the fact that they are attempting to use a warrant is extremely fishy.

    There is an enormous difference between a warrant which they are using, and a subpoena that they would be trying to do if the one person in the case was all they wanted.

    With a subpoena the company must produce information. They must produce the information no matter where it is held, and they must produce it as binding evidence. If they really want to capture the one person, a subpoena to provide all the information about the request is a simple matter. The government gets copies of all the documents they are demanding, particularly all the business records related to the subscriber. Since the DOJ is claiming they are trying to catch a subscriber and the people they're email, these subpoenas are more than enough.

    With a warrant to collect a server, they get the entire physical server. And the government gets to make a copy of the server, and search it for whatever they think is relevant to the information. A warrant means they can take all the objects so they can prevent evidence from being destroyed. They can also collect for more information from the customer about the contents of the communications.

    The DOJ could take measures to collect the information using tools other than a warrant that provide all the information and require Microsoft to keep it confidential. Instead of use those, they continue to demand a warrant to seize the entire server.

    --
    //TODO: Think of witty sig statement
    1. Re:Wrong tool for the job. by mrbester · · Score: 2

      Even if there is a subpoena, that again is irrelevant to obtaining data held in a different jurisdiction as, just like warrants, they have no legal force whatsoever outside the country of issue. If one is issued in Eire, then fine. Until then, tough shit.

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
  7. Catch-22 by phorm · · Score: 2

    Realistically, doing so would create a catch-22 lose-lose situation for American corporations.

    Don't give information to US authorities from foreign servers: they're violation of US law and you get penalised

    DO give away information to US authorities from foreign servers: (often) they're in violation of the privacy/access/etc laws in said foreign country, and they get penalised

    I'm not American, and certainly not a fan of some of the international shenanigans perpetrated by US corporations, but allowing a law like this would be a *huge* disadvantage for US companies and possibly even a death sentence for some. As it is, many companies (including many I've worked at) have rules against doing business with US entities that store data outside of the service country, due to laws protecting customer information and privacy. So entities like Amazon, Google, etc are basically on the no-go list for vendors when it comes to any RFP that involves customer info.

      The government was arrogant and idiotic for even thinking to try pushing this through the courts. They might as well run a razor across their own throat.