Slashdot Mirror

← Back to Stories (view on slashdot.org)

Does US Have Right To Data On Overseas Servers? We're About To Find Out (arstechnica.com)

Posted by EditorDavid on from the thinking-globally dept.

Long-time Slashdot reader quotes Ars Technica: The Justice Department on Friday petitioned the US Supreme Court to step into an international legal thicket, one that asks whether US search warrants extend to data stored on foreign servers. The US government says it has the legal right, with a valid court warrant, to reach into the world's servers with the assistance of the tech sector, no matter where the data is stored.

The request for Supreme Court intervention concerns a 4-year-old legal battle between Microsoft and the US government over data stored on Dublin, Ireland servers. The US government has a valid warrant for the e-mail as part of a drug investigation. Microsoft balked at the warrant, and convinced a federal appeals court that US law does not apply to foreign data.
According to the article, the U.S. government told the court that national security was at risk.

18 of 265 comments (clear)

  1. National Security! by Calydor · · Score: 4, Insightful

    When isn't it national security?

    I don't recall the details of the case and can't be bothered to read up on it, but according to the summary it's a drug investigation. It's a pretty far leap from there to national security.

    Also, four years. If nothing's happened yet based on the information in those emails it's VERY unlikely anything is going to happen ever. That alone should rule out a national security issue.

    --
    -=This sig has nothing to do with my comment. Move along now=-
    1. Re:National Security! by Dog-Cow · · Score: 4, Insightful

      It's also a pretty big leap from "national security" to "we must trample the Constitution". Or at least, it used to be.

    2. Re:National Security! by renesch · · Score: 5, Insightful

      I'm waiting for the day that North Korea will issue a warrant to search the NSAs computers. After all, Kim might find stuff related to his national security....

    3. Re:National Security! by Solandri · · Score: 5, Insightful

      There is a national security issue here, but not the one you're probably thinking of.

      If the SCotUS decides this in favor of the U.S. government, this isn't going to end the way they think it will. The U.S. companies aren't going to roll over and hand over the information the U.S. government wants. They're going to expatriate and reincorporate in another country which doesn't have such overreaching search and seizure laws.

      The stupid IRS policy of taxing all income earned abroad simply because you're a U.S. citizen already causes wealthy Americans to move abroad (with their money) and give up their U.S. citizenship. A bad decision here will start the same exodus among U.S.-based multinational corporations. That's the national security issue here - the nation's economic security is being put at risk due to the U.S. government trying to make its laws and authority apply outside of the U.S.

    4. Re:National Security! by green1 · · Score: 4, Insightful

      And here's the problem, the US can, as you point out, force a company that does business in the US to either hand over the data, or cease doing business in the US. But that's only the start of it. A precedent like that would trigger what is effectively a trade war, with other countries making laws that if you want to do business in their country you must not do business in the US, as well as the precedent that all data held in the US is also obtainable by any other country in the world, including places like China, Russia, and Iran. The US is a big market, but it's not as big as the rest of the world, and businesses worldwide would suffer from such a trade war, especially those based in the US.

      The question here has never been whether the US can force Microsoft to hand over the data, that part is obvious, they can. The real question is whether the US should do so, or if the cost is really too high. I believe it is.

    5. Re: National Security! by currently_awake · · Score: 5, Insightful

      If they are not soldiers then they are civilians, entitled to a lawyer and a speedy trial. Getting held for decades and getting tortured without even being charged with a crime is a clear violation of US law. Also they should be charged under the legal system where the "Crime" was committed (Afghanistan, Iraq etc), not the USA. If you want the world to treat you as the "Good Guys" you have to act the part.

  2. Actually we are not about to find out. by Anonymous Coward · · Score: 5, Informative

    What we *will* find out is the opinion of an American court, which has no international power. The proper place for this request is the international court of justice in the Netherlands. Unfortunately the US is the only non-dictatorial country that doesn't recognize this court.

    1. Re: Actually we are not about to find out. by Zontar+The+Mindless · · Score: 5, Insightful

      Actually, it's more like the US wants international law where it's favourable to the US, and wants to ignore it otherwise.

      Of course, the US is not alone in this regard.

      --
      Il n'y a pas de Planet B.
  3. Re:I'm all for privacy and all that... by Great+Big+Bird · · Score: 5, Insightful

    Except for the little detail that the other country has data protection laws that make it illegal to do so. An American court should not be able to override the law where it seems to have had no intent to hide the data from the American authorities.

  4. Re:I'm all for privacy and all that... by Anonymous Coward · · Score: 5, Informative

    ...but it seems rather reasonable that if a court of law orders you to submit something, the fact that you had stored in another country shouldn't be much of an excuse for not doing so.

    The whole crux of the matter is a thing US law enforcement uses called "The Fishing Expedition". If the US had a legitimate legal need for this information all they would need to do is petition a foreign court and get a foreign court order (not that hard to do if an actual investigation is being conducted). Unfortunately for US law enforcement, INTERPOL and foreign courts usually require probable cause and actual evidence of wrongdoing before they will issue such an order, thus the attempt to back-door around that requirement.

  5. Ask yourself this by Mistakill · · Score: 4, Insightful

    Does China, Russia, Germany have a right to your data if you are in the USA but using a such a country's service? Because this is the gate being left open

  6. Re:I'm all for privacy and all that... by Anonymous Coward · · Score: 5, Insightful

    even if the laws in that other country prevent you from doing so? European data privacy laws tend tp be much stronger than in the US, and US courts have no authority outside the US to overrule other countries laws. If Microsoft complied with the US court order it would be breaking the law in Ireland. They're between a rock and a hard place...

  7. Re:I'm all for privacy and all that... by radarskiy · · Score: 4, Insightful

    No one forces a multinational company into the shenanigans they play with moving things between jurisdictions. They could have considered beforehand whether they were painting themselves into a corner by doing something other than straightforward offering of services in different places.

    The laws of Ireland are not the concern of the courts of the USA, nor vice versa. The US court has issued an order on the US corporate entity which that corporate entity had stipulated that it could meet. Either the US corporate entity was lying before when the said they could satisfy the order or they are lying now when they say they cannot. One way or another the US corporate entity lied to the US court.

    If a multinational company wants to reap the benefits of having distinct corporate entities in different jurisdictions they also have the pay the costs, which consist of keeping track of when the obligations between the distinct corporate entities are constrained by the the different jurisdictions they were created to run in.

  8. Re:I'm all for privacy and all that... by jarkus4 · · Score: 4, Interesting

    Any employee of this local subsidiary can simply refuse to comply with the order (I expect every single country has a law that allows employee to refuse employer order to break the law). If we are talking about European countries then it would also be impossible to fire him for this, as such firing would be deemed as reprisal by (local) court. Given that the company (local subsidiary) is not even really interested in firing him, it would even likely lead to employee keeping the job (reinstatement).

  9. Re:I'm all for privacy and all that... by Sique · · Score: 4, Interesting
    But then the other court sends a "contempt of the court" verdict to the U.S. judge and asks the U.S. to expel him to face prosecution for violation of local law. Simply put: The U.S. might really want to have jurisdiction about data stored in other countries, but in the end, does it really matter? Whatever the U.S. judge decides, he can't really get it through without the cooperation of a court in another country.

    So why not go the way it has always been and should be in the future: Ask the court in the other country to help in that matter. If the U.S. court can prove that the data is really needed in a case, then it should be no problem to get it in a way legal in the country it is stored.

    If the idea of U.S. jurisdiction to data stored in other country really gets track, the only result will be that companies will no longer directly operate in other countries, but always have local intermediates which are legally independent of the U.S. company.

    --
    .sig: Sique *sigh*
  10. Re:I'm all for privacy and all that... by Sique · · Score: 4, Insightful

    Put it more clearly: Any employee of the local subsidary has to refuse that order by the employer, because it is against the law. And firing him because of that refusal will bring the local employer into deep trouble because then the local prosecution could use the local equivalent of RICO laws to shut the company down.

    --
    .sig: Sique *sigh*
  11. Re:I'm all for privacy and all that... by Dracos · · Score: 4, Interesting

    Precisely. This is the US government asserting jurisdiction where it clearly has none, using the tenuous arguments of "cyberspace has no borders" and "corporate citizenship traces back to its origin". If the SCOTUS agrees, then the US has taken a step toward delegitimizing every other nation's sovereignty, over yet another skirmish in the "war on drugs" inflated into a bogus national security concern.

  12. Huge logical sink hole by Zemran · · Score: 4, Insightful

    A US warrant only has jurisdiction in the US. It cannot cover any other country. How can the US complain that Russia has hacked US computers and then want to hack other people's computers?

    --
    I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.