Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google, Unlike Microsoft, Must Turn Over Foreign Emails, Rules Judge (fortune.com)

Posted by EditorDavid on from the server-subpoenas dept.

Every year Google receives more than 25,000 requests from U.S. authorities for "disclosures of user data in criminal matters," according to a U.S. judge's recent ruling. But this one is different. An anonymous reader quotes Reuters: A U.S. judge has ordered Google to comply with search warrants seeking customer emails stored outside the U.S., diverging from a federal appeals court that reached the opposite conclusion in a similar case involving Microsoft. U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled on Friday that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure...because there was "no meaningful interference" with the account holder's "possessory interest" in the data sought.

"Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States," Rueter wrote... The ruling came less than seven months after the 2nd U.S. Circuit Court of Appeals in New York said Microsoft could not be forced to turn over emails stored on a server in Dublin, Ireland that U.S. investigators sought in a narcotics case.
Google announced they'd appeal the case, saying "We will continue to push back on overbroad warrants."

44 of 91 comments (clear)

  1. I can't think of a good subject by Anonymous Coward · · Score: 5, Insightful

    "no meaningful interference with the account holder's possessory interest" WTF?

    I'll just leave this here:
    https://www.youtube.com/watch?v=GyV_UG60dD4

    1. Re:I can't think of a good subject by Anonymous Coward · · Score: 1

      No your honour, doing it in the ass does not count as sex.

    2. Re:I can't think of a good subject by lgw · · Score: 1

      "no meaningful interference with the account holder's possessory interest" WTF?

      I believe a federal judge just ruled that "copying isn't theft, since the owner still has his copy". I know I've heard that argument before somewhere. Interesting precedent.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    3. Re:I can't think of a good subject by drinkypoo · · Score: 3, Informative

      I believe a federal judge just ruled that "copying isn't theft, since the owner still has his copy". I know I've heard that argument before somewhere. Interesting precedent.

      Only a minority of joe schmoes believe that copyright infringement is theft. Everyone else, including federal prosecutors, know that it is not. That's why we have laws addressing copyright infringement; if it were theft, you wouldn't need any new laws to prosecute offenders, because we already have laws addressing theft.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re:I can't think of a good subject by lgw · · Score: 1

      It's almost as if we need laws protecting privacy, since if it were theft the 4th amendment would work properly here. Sadly, we seem to have lost the spirit of Constitutional Amendments.

      --
      Socialism: a lie told by totalitarians and believed by fools.
  2. Encryption... the only solution by Anonymous Coward · · Score: 1

    The only good and somewhat permanent solution to this would be for Google, Microsoft, etc to encrypt the e-mails end-to-end and in storage as well, so that nobody, not even them, can see what they contain. Unfortunately, doing so would remove their ability to data mine and monetize the contents of the e-mails and so they will never do this. Hence the ultimate answer will come from another direction, someone who takes over their roles as major e-mail providers but is not interested in mining the contents of the e-mails. This likely will have to be some form of non-profit entity or at least a non-free e-mail service.

    1. Re:Encryption... the only solution by fox171171 · · Score: 1

      The only good and somewhat permanent solution to this would be for Google, Microsoft, etc to encrypt the e-mails end-to-end and in storage as well, so that nobody, not even them, can see what they contain. Unfortunately, doing so would remove their ability to data mine and monetize the contents of the e-mails and so they will never do this. Hence the ultimate answer will come from another direction, someone who takes over their roles as major e-mail providers but is not interested in mining the contents of the e-mails. This likely will have to be some form of non-profit entity or at least a non-free e-mail service.

      It is not the only solution. Likely the best solution, but since they won't do it, it is not really a solution at all in this case.

      So another possibility is, sort of like frequency hopping spread spectrum, don't put the email all in one place. Break it up into fragments and spread it all over. There are data centers all over. Spread the contents between them, all in different countries, scrambled, so that you can't read them unless you have them all. If any one country forbids the transfer of the portion in their country, then it is a no-go. Put as much as possible in countries with strong privacy laws.

  3. Invasion of privacy by Anonymous Coward · · Score: 1

    So the judge is compelling them to be complicit in commiting a crime? It would be interesting to see if the judge's immunity holds in that circumstance.

    1. Re:Invasion of privacy by sumdumass · · Score: 1

      Complicit in what crime? Anyways, ever heard of sovereign immunity? That is in essence the parent to any immunity real or perceived that the judge may have.

  4. Mumbo Jumbo by Anonymous Coward · · Score: 1

    If it's on a foreign server, that pretty much sums it up right there.

    1. Re:Mumbo Jumbo by fibonacci8 · · Score: 1

      It sure does. That means the US court would have jurisdiction if and only if the foreign country agrees to it first. If the foreign country doesn't agree to it, this is overreach.

      --
      Inheritance is the sincerest form of nepotism.
  5. Maybe this judge didn't think things through. by Sique · · Score: 4, Insightful

    I wonder what happens if an E.U. court finds that the data transfer of personal data from an E.U. located server to the U.S. without E.U. judicary oversight is illegal. That was one of the arguments in the Microsoft case. If the U.S. judge then orders Google to ignore the E.U. court, he could be held in contempt of the E.U. court and face punitive measures.

    --
    .sig: Sique *sigh*
    1. Re:Maybe this judge didn't think things through. by Anonymous Coward · · Score: 1, Informative

      US courts might have legal power over Google US, but it still has none over Google EU.

    2. Re:Maybe this judge didn't think things through. by Solandri · · Score: 4, Informative

      That was the point of the Microsoft ruling. Rulings like in this Google case can put companies (and by precedent, people) in an impossible position where in order to comply with one country's laws, they're forced to break another country's laws. Kinda like the U.S. policy that U.S. citizens have to pay U.S. taxes on income earned abroad could hypothetically cause a U.S. citizen to owe more than 100% in taxes (if the combined tax rates of the U.S. and other country exceeded 100%).

      Other countries avoid the problem by accepting that their laws end at their borders, and if they want something from another country they have to work with that country for joint law enforcement action or extradition. But for some reason politicians and judges in the U.S. keep thinking U.S. law should apply all around the world.

    3. Re: Maybe this judge didn't think things through. by Anonymous Coward · · Score: 1

      That is not even close to how taxation works. You deduct what you pay in the other country.

    4. Re:Maybe this judge didn't think things through. by Macdude · · Score: 3, Informative

      Kinda like the U.S. policy that U.S. citizens have to pay U.S. taxes on income earned abroad could hypothetically cause a U.S. citizen to owe more than 100% in taxes

      No it can't. You claim a Foreign Tax Credit for any income tax paid to a foreign government and it's deducted from your tax payable in the US. For example if your US tax rate was 35% and your foreign tax rate was 30%, you would pay 30% to the foreign government and then 5% (35% - 30%) to the US government.

      See: IRS Publication 514 https://www.irs.gov/pub/irs-pd...

      --
      "Grab them by the pussy" -- President of the United States of America
    5. Re:Maybe this judge didn't think things through. by Sique · · Score: 2

      No. But there are rules how to handle that: The U.S. court asks an E.U. court to allow the transfer. And then the transfer happens, or the approbriate E.U. police unit gets the data and transfers it. Somehow this U.S. judge didn't want to play by the rules.

      --
      .sig: Sique *sigh*
    6. Re:Maybe this judge didn't think things through. by Godwin+O'Hitler · · Score: 3, Interesting

      Do you get 5% back if its 40% abroad?

      --
      No, your children are not the special ones. Nor are your pets.
    7. Re:Maybe this judge didn't think things through. by sithlord2 · · Score: 1

      The reason is: Google doesn't guarantee that EU email data is only stored in the EU. They store the data on servers worldwide for performance reasons, including the US.

      MS stores EU email data on EU servers only.

      --
      ...You are over-qualified and under-paid. If we give you a raise, we will break the cosmic balance of the universe.
  6. Re:This is a *domestic* fraud probe. by Roger+W+Moore · · Score: 1

    That appears to mean that the person who used gmail lives in the US, and Google just randomly decided to store part of it in Ireland.

    Then the US needs to have laws which do not allow companies to do this because once the data has left the US and entered the EU it is subject to EU law. You would not want data in the US related to chinese citizens to be subject to the chinese government accessing it would you? The same principle applies here.

  7. Twisted Logic by SwashbucklingCowboy · · Score: 1

    That's some twisted logic that to "seize" something it must not be available to the owner any longer.

    Rulings like this will KILL US cloud providers. trying to sell services outside the US.

    1. Re:Twisted Logic by John.Banister · · Score: 1

      I wonder how that logic works with IP other than email.

    2. Re:Twisted Logic by drinkypoo · · Score: 1

      That's some twisted logic that to "seize" something it must not be available to the owner any longer.

      What? That's precisely what it means. It's the same reason why copyright infringement is not theft. It's not seizure unless you're depriving someone of it.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:Twisted Logic by currently_awake · · Score: 1

      As opposed to everyone knowing the NSA is spying on everything you do being bad for American business.

  8. Re:This is a *domestic* fraud probe. by Nutria · · Score: 1

    the US needs to have laws which do not allow companies to do this

    That would simplify things.

    once the data has left the US and entered the EU it is subject to EU law.

    You'd think. But the judge didn't seem (according to the fortune.com article) to rule on that, only that the alleged fraudster gave up any right to privacy by giving his email for storage by a third party.

    I wonder what the rules are in the tangible world. If I gave you evidence of a crime, and you flew to Ireland and put it in a storage unit, could the US government order you to go and return it from Ireland?

    --
    "I don't know, therefore Aliens" Wafflebox1
  9. Re:Constutution by Lordpidey · · Score: 2

    Psst: constitutional ammendments never go to the president.

    --
    Some people encrypt by using rot-13 twice. I prefer the more secure method of using rot-1 a total of twenty six times.
  10. **AA should be concerned by beuges · · Score: 4, Interesting

    If retrieving a copy of an email while leaving the original intact creates "no meaningful interference" with the account holder's "possessory interest" of that email, how long before this ruling is used as a defence against the RIAA and MPAA's copyright infringement efforts?

    Since making a copy of a movie does not create a meaningful interference with the account holder's possessory interest of the movie, surely it can't be worth all those lawsuits?

    1. Re:**AA should be concerned by vel-ex-tech · · Score: 1

      Yes, thank you. While this isn't a nice consequence of "copying isn't theft," one would hope that we could have nice things....

    2. Re:**AA should be concerned by jezwel · · Score: 2

      Since making a copy of a movie does not create a meaningful interference with the account holder's possessory interest of the movie, surely it can't be worth all those lawsuits?

      Guess they would need to ping you for making that copy available (if you do, ie by BitTorrent), as that *does* create a meaningful interference - potential loss of income.

  11. Data Extradition? by Midnight+Thunder · · Score: 1

    I don't know if there is such a thing as 'data extradition', but surely working with Ireland would be the best approach? Anything else should surely outside of the immediate jurisdiction of US law enforcement? Maybe Google should invesigate the flip question: would the US accept e-mails on a foreign national stored on a US server to be handed over without the necessary legal paper work?

    --
    Jumpstart the tartan drive.
    1. Re:Data Extradition? by Darren+Bane · · Score: 2

      This exists ( https://www.state.gov/document... ). A sizeable volume of requests are processed every year. However, some US judges don't want to use the official channels, I suspect because they are egotistical enough to think that their writ applies outside US territory. I don't mean to knock Americans, this is just human nature. An Irish policeman recently was recently in the papers for cooperation with the FBI to get Facebook to do something that could have been done much quicker by just asking the company's Irish branch office.

      --
      Darren Bane
  12. Re:Constutution by thsths · · Score: 4, Insightful

    And this is one of the reasons we are moving to Microsoft for our email and file storage. I have no idea why the 4th amendment only applies to Microsoft, not to Google, but so be it.

    Of course according to Trump, aliens are not people. I wonder whether he can find a corrupt judge to support that argument.

  13. Re:Constutution by Anonymous Coward · · Score: 2, Insightful

    Nearly impossible

    That's a feature, not a bug.

  14. Re:What is the difference? by johanw · · Score: 2

    Well, they both have in common that they are American companies. It would be more reliable to have your mail handled by a Russian server, the Russians are probably not going to cooperate with the FBI. They might snoop themselves of course, but the Russians don't care if I pirate American movies or oder pot.

  15. Re:Constutution by hawguy · · Score: 3

    And this is one of the reasons we are moving to Microsoft for our email and file storage. I have no idea why the 4th amendment only applies to Microsoft, not to Google, but so be it.

    If you're worried about the government reading your emails, why risk using a USA company at all? Use a company that has no USA presence at all. Or better, roll your own offshore and control your own encryption keys.

    Of course according to Trump, aliens are not people. I wonder whether he can find a corrupt judge to support that argument.

    He's right there... aliens aren't always people, sometimes they are lizards, sometimes they are amorphous blobs

  16. Re:Constutution by currently_awake · · Score: 3, Insightful

    I would suggest Microsoft Corporation has a "Working Business Relationship" with the US Government, that grants them more leeway in such matters.

  17. Re:Constutution by l0n3s0m3phr34k · · Score: 1

    My company company is doing the same thing. We're going with an EU-based 365 tenancy, specifically in Ireland were our corporate headquarters are. Yet, having to do a migration of 300 users across three countries is not going to be fun.

  18. Re:Constutution by StevenMaurer · · Score: 2

    Your suggestion presumes that the "US Government" is a monolithic entity, which it's not. Even the judiciary isn't completely in sync with itself.

  19. Indeed by Bruce66423 · · Score: 1

    Corporations need to ensure that their data is held by legal subsidiaries that can only be hit with a warrant by their own country's courts and which have no ability to access data controlled by another legal subsidiary. Whilst not trivial, it is surely possible for the relevant security keys to be strictly under the control of the relevant county's board of directors. That board of directors would be protected by the courts of its domicile - though I guess members may end up being unable to travel to the US if they resist a US warrant. But then sometimes the empire must be resisted...

  20. Protonmail and MS Azure by TheOuterLinux · · Score: 1

    Protonmail is a foreign and heavily encrypted Swiss email service that uses two passwords, one for account and the other for the mailbox itself. They don't store the passwords or anything else to decrypt emails, or at least the mailboxes. For man in the middle, I have no idea. But any way, if Micro$oft doesn't have to disclose like Google does, know that Protonmail uses Azure, which is M$ owned. They have it for all desktops and smart phones, or you can just log with a web browser that supports JS.

  21. Also be aware... by TheOuterLinux · · Score: 1

    Twitter dropped API keys for government spy programs a few months back because of Muslim witch hunts. However, they just partnered with Google to help them build parts of their software. Funny how Google didn't get exempt but Micro$oft, the platform that a whole bunch of our government decided to use for some reason, does. Wonder why (sarcasm) ? Duh. And now they will go after Twitter next since Google lost and is working with them. Revenge for saying no. Just something to be aware of.

  22. Zero knowledge by Natales · · Score: 1

    That's why you always choose a zero knowledge provider. Someone that provides you a service but doesn't have access to read the content.

    I'm pretty happy with ProtonMail in that area. They are not only located in Switzerland, with much stronger privacy laws, but also, they encrypt end-to-end, and therefore, have no access to the content. Mail between users in ProtonMail are automatically encrypted, while mail to someone outside the system can be sent as a URL the receiver has to have a password to access (and can be time-deleted).

    Of course, it's not Google Inbox in terms of features, but it gets the job done. You can always do full PGP with any service, but you have to know what you are doing.

    Until things get insanely simple, in this day and age, you've got to learn, and do what you can for your right to privacy.

  23. Re:Constutution by Geeky · · Score: 2

    Is it basically the Google store your emails anywhere - might be in the US, might not, might move around?

    In the Microsoft case, wasn't it Microsoft Ireland, an Irish registered subsiduary, holding the data in an Irish datacentre (and only an Irish datacentre)? To comply with the court order, Microsoft Ireland would have had to break Irish/EU data protection laws.

    At least, that's my understanding of the difference.

    --
    Sigs are so 1990s. No way would I be seen dead with one.
  24. "possessory interest"??? by superdave80 · · Score: 1

    ...did not qualify as a seizure...because there was "no meaningful interference" with the account holder's "possessory interest" in the data sought.

    I think this judge is sort of missing the point of why people fight against having their personal data seized. It's not that we don't have access to the seized data, it's that other parties have access to something that I want kept private.

    I'd like to see this same argument used when I demand a bunch of classified documents from the government:

    "No, no, it's OK, I just want a COPY of the classified stuff. You guys will still have your 'possessory interest'"