Microsoft Fights Search Warrants for Overseas Emails in the Supreme Court (microsoft.com)

← Back to Stories (view on slashdot.org)

Microsoft Fights Search Warrants for Overseas Emails in the Supreme Court (microsoft.com)

Posted by EditorDavid on Sunday January 21, 2018 @09:34AM from the search-results dept.

Microsoft's Chief Legal Officer writes about "the landmark Microsoft case that will decide whether the U.S. government can use a search warrant to force a company to seize a customer's private emails stored in Ireland and import them to the United States." On Thursday, 289 different groups and individuals from 37 countries signed 23 different legal briefs supporting Microsoft's position that Congress never gave law enforcement the power to ignore treaties and breach Ireland's sovereignty in this way. How could it? The government relies on a law that was enacted in 1986, before anyone conceived of cloud computing... When the U.S. government requires a tech company to execute a warrant for emails stored overseas, the provider must search a foreign datacenter and make a copy abroad, and then import that copy to the United States. This creates a complex issue with huge international consequences. It shouldn't be resolved by taking the law to a place it was never intended to go...

The U.S. Department of Justice's attempt to seize foreign customers' emails from other countries ignores borders, treaties and international law, as well as the laws those countries have in place to protect the privacy of their own citizens... It's also a path that will lead to the doorsteps of American homes by putting the privacy of U.S. citizens' emails at risk. If the U.S. government obtains the power to search and seize foreign citizens' private communications physically stored in other countries, it will invite other governments to do the same thing. If we ignore other countries' laws, how can we demand that they respect our laws?
Amicus briefs supporting Microsoft have been filed in the U.S. Supreme Court by Ireland, France, and the European Commission and European privacy regulators. Microsoft even notes that on this issue, "Fox News agreed with the American Civil Liberties Union."

68 comments

Min score:

Reason:

Sort:

Force the company != force the individuals by Alain+Williams · 2018-01-21 09:47 · Score: 4, Interesting

The servers are located in Ireland in a data centre staffed by Irish people (or who, at least, live there). Will these people obey an order from a court in the USA and risk the wrath of the court in Dublin ? I would not if I were one of them. I do not know what control Microsoft (USA) has over servers in its Irish data centre, but generally the guy who can touch the machine is the one who makes the final decision; and him, being fearful of the Dublin court, could easily restrict access to anyone outside of their data centre.
No matter what the court in the USA decides, what will happen in reality will be interesting to see.
1. Re:Force the company != force the individuals by CaptainDork · 2018-01-21 10:02 · Score: 4, Informative
  
  This is not a matter of an American-issued search warrant delivered to person or persons of name, as in individuals.
  Microsoft obviously has a pathway to the data in Ireland and there are no gatekeepers blocking that path, at this time.
  At issue is custodianship vs ownership vs jurisdiction, and it ain't easy.
  This is problem has already been addressed in the case offshore banking.
  I think that's where SCOTUS will take this.
  
  --
  It little behooves the best of us to comment on the rest of us.
2. Re: Force the company != force the individuals by muffen · 2018-01-21 10:02 · Score: 1
  
  One never knows what happens to things when they get to Ireland!
  God invented alcohol to prevent the Irish from ruling the world, as it so nicely says in a bar in temple bar...
3. Re:Force the company != force the individuals by Anonymous Coward · 2018-01-21 10:27 · Score: 0
  
  Here's the problem:
  
  When the U.S. government requires a tech company to execute a warrant for emails stored overseas, the provider must search a foreign datacenter and make a copy abroad, and then import that copy to the United States.
  
  This is a deliberate mis-stating of the issue.
  Right now, a Microsoft employee, sitting at a computer located in the U.S., can access those servers and find the information that is being requested. This is done every day as a matter of routine operation, by Microsoft and every other company that has operations in multiple countries.
  *YOU* do it every time you use your web browser to access a web page hosted on a server in a foreign country. Google and Microsoft (Bing) do it every time they index a page hosted on a computer in a country outside the U.S.
  The claim that something is being "imported" from Ireland to the U.S. is rubbish. The claim that this somehow violates Ireland/EU law is absurd, unless you are arguing that a person sitting at a computer in the U.S. is somehow bound by the laws of a foreign country.
4. Re:Force the company != force the individuals by Anonymous Coward · 2018-01-21 10:39 · Score: 0
  
  This entire matter is nothing more than a marketing campaign for MS and all those fine companies looking to do business in Europe. If the US really, really , really wants some ones e-mail they will obtain it one way or another no matter where it is stored. And before everybody starts lining up to protest they should know the US is not the only country on the planet who would do the exact same thing. While the clueless proles in Europe were up in arms about the evils of the NSA they some how ignored the fact that it was the European countries themselves who were collecting and stockpiling their citizens data and providing NSA access when requested. It was quite telling when the European proles started demanding that all their data be stored in the European countries to keep the NSA at bay. That just made it easier for the European security agencies to get at their citizens data. And even more telling is that this demand to store data in the originating country would not prevent the US or any other foreign intelligence service from getting access to the information.
  There has still been no constructive discussion held regarding what data the intelligence and counter intelligence agencies should have access to. There are legitimate reasons for allowing state intelligence agencies to do their mandated jobs. There is also a need to make sure the intelligence agencies do not abuse their powers. There will never be a perfect way to balance citizen privacy and security needs. But totally disarming the US intelligence agencies is a dream come true for China, Russia, Iran, NK, and quite a few others.
  Out of the top three most powerful countries on the planet the only country faced with demands for complete transparency is the US. The Chinese and Russians do not need approval or even entertain comments from their citizens when it comes to their foreign intelligence activities. On the other hand the US has to deal with a public that basically wants to cripple the various US security agencies by exposing all their tools and methods. The arguments against the security agencies revolve around the idea that the US government is conducting mass surveillance against US citizens for some insidious purpose that has yet to be identified. Arguments tend to center around the word "could" or "may" or "possibly" instead of any concrete examples of government misconduct in handling it's citizens date. The other common argument is the "slippery slope" theory. The theory that allowing something to happen once will mutate into something harmful in the future. The word precedence is thrown around as well but precedence is also a weak argument if you ignore the fact the courts disallow precedence more than they use it when litigating a case. If we base all our actions today using some theoretical actions in the future we most likely will not have a future to worry about.
5. Re:Force the company != force the individuals by Insanity+Defense · 2018-01-21 10:53 · Score: 4, Informative
  
  The claim that something is being "imported" from Ireland to the U.S. is rubbish. The claim that this somehow violates Ireland/EU law is absurd, unless you are arguing that a person sitting at a computer in the U.S. is somehow bound by the laws of a foreign country.
  Strange you should say that. The U.S. claims exactly that in the case of Gary McKinnon who hacked U.S. computers with off the shelf software. They were trying to extradite him with threats of 70 years hard time in a maximum security prison for his actions in the U.K..
  Then there is the case of Dmitry Sklyarov who wrote software in Russia for his employer that was strictly legal but was arrested in the U.S. and charged for his employers sales of it to Americans. Skylarov was not in the U.S. when he wrote the program and had nothing to do with the distribution. Yet he was arrested.
  How about Kim Dotcom? Again his breaking of American laws was entirely outside the U.S. but that hasn't stopped the U.S. legal system from persecuting him.
  So yes the U.S. has repeatedly claimed computer "crimes" perpetuated by people outside the U.S. are punishable by the U.S.. So why shouldn't other countries do the same to Americans?
6. Re:Force the company != force the individuals by silas_moeckel · 2018-01-21 11:01 · Score: 1
  
  That MS employee in the US accessing data in Ireland could be charged in Ireland. The correct method is get a warrant where the thing is. This is a power grab, in effect will the laws be the least restrictive of where anybody physical is that can access the data, suddenly taking a vacation changes the laws that cover a piece of data?
  
  --
  No sir I dont like it.
7. Re:Force the company != force the individuals by Alain+Williams · 2018-01-21 11:12 · Score: 1
  
  This is a deliberate mis-stating of the issue.
  Right now, a Microsoft employee, sitting at a computer located in the U.S., can access those servers and find the information that is being requested. This is done every day as a matter of routine operation, by Microsoft and every other company that has operations in multiple countries.
  True, but today. What if the Irish court say that remote access were not to be allowed without agreement of the Dublin court (or whatever) - on the grounds that Microsoft USA was untrusted and that the data in Ireland had to be protected ? I assume that those who control the Irish data centres would have to restrict remote access over the internal Microsoft VPN from elsewhere. Thus Microsoft USA would be locked out or part of its network. What would the USA do ... it could order that Microsoft USA produce updates to its own data-centre operating system (or utilities) that contained back-doors that would give it covert access to Microsoft Dublin. Then when Microsoft Dublin discovers these it would have to take countermeasures ... life could get interesting!
  
  *YOU* do it every time you use your web browser to access a web page hosted on a server in a foreign country. Google and Microsoft (Bing) do it every time they index a page hosted on a computer in a country outside the U.S.
  Yes: but the only emails/web-pages that I can access are those that I am permitted to, either by being logged in to an email account or the web page being public, or something. What the USA courts want is to access other people's email without their agreement. This is very different.
8. Re:Force the company != force the individuals by Anonymous Coward · 2018-01-21 11:15 · Score: 0
  
  Well yes. I'm guessing an employee of a Swiss bank sharing banking info with the USA without the consent of the Swiss government's rules can be charged by the Swiss government - I presume, even if he did the work from the USA. If all it takes to violate rules with impunity is to leave the country, then what's the point of rules? The data "belongs" in this case, to Switzerland and the bank there. They are the gatekeepers.
  Similarly with Ireland/Microsoft. If the data physically resides in Ireland, then Irish laws apply.
9. Re:Force the company != force the individuals by Anonymous Coward · 2018-01-21 11:18 · Score: 0
  
  "So yes the U.S. has repeatedly claimed computer "crimes" perpetuated by people outside the U.S. are punishable by the U.S.. So why shouldn't other countries do the same to Americans?"
  When you get right down to it, it's because the US has more nukes, and history of a willingness to use them on non-military populations. :)
10. Re:Force the company != force the individuals by Anonymous Coward · 2018-01-21 11:30 · Score: 0
  
  That MS employee in the US accessing data in Ireland could be charged in Ireland.
  This just in: the US and EU will charge you for actions they don't like committed in other countries whether you're a US/EU citizen or even live in or visit the US/EU. If that's a standard to be used, then literally every country on Earth can just make up laws to charge people for lawfully following the orders of another country so they can be the legal gatekeepers.
  
  The correct method is get a warrant where the thing is.
  So, does the same apply for income and taxes? Because at this point a lot of money is tied up in electronic records and they don't meaningful exist anywhere. Imagine, though, if everyone started doing all their banking and payroll in Ireland. So, the only money you ever "had" in the US was the amount that was spent. Would you be okay with that interpretation? Do you think any government on Earth would be okay with that interpretation?
  
  This is a power grab, in effect will the laws be the least restrictive of where anybody physical is that can access the data, suddenly taking a vacation changes the laws that cover a piece of data?
  Read above. We're already there. And if you think China doesn't play by the rule that so long as they can access something, they will, you're delusional. Certainly the US has for a long time played by the rule that borders are a search-without-warrant zone because entering/leaving is conditional on you letting them do the search. So, I'd say we're well beyond the point of claiming "power grab". Except, I guess, that suddenly the companies now get the enhanced pat down is unacceptable to some people. If anything, it's the companies--which have the largest vested interest in supporting terrorism--which should have been the victim of this and the rest of us left alone.
11. Re:Force the company != force the individuals by Wrath0fb0b · 2018-01-21 11:51 · Score: 1
  
  I think it's a bit disingenuous to say "the guy that can touch the machine" is the one who makes final decisions. That's certainly not the case in all the companies I've worked for: the guy accepts what management tells him. If he doesn't, he will be replaced by someone that does. No organization (no matter how enlightened) gives the IT dudes the final authority over who gets access to what systems.
  "Hey Bob, did you get a SCM account?"
  "No, I cut off the sysadmin for that system in the parking lot and my boss says he's the only one that can make an account. Tough luck I guess, can I borrow your login"
  I would imagine that Microsoft USA has constructive control over the datacenter operations in one form or another. They might not have machine permissions in the narrow technical sense, but effectively they can
  [ Reminds me a bit about the Planet Money about shell corporations. They would hire local dudes in the Cayman Islands or wherever to be shareholders and board members of a company. But they would then sign a separate contract with the local dude saying that the local dude will vote however some tax-dodger says they will.
  The claim then is that the tax scofflaw doesn't "own" the shell corporation (technically true: he has no shares) and so it doesn't have to be reported on their taxes. Meanwhile, through the voting contract, they get to control the company assets to pay for shit they want. The IRS decided pretty decisively that this BS doesn't fly -- you are the beneficial owner of a corporation based on the actual facts, not the nominal status.
  Of course, analogies are imperfect so I'm fine if you think this isn't entirely apt. But the parallels are a bit striking: Microsoft USA probably has constructive control over the datacenter, we'll see what the courts think soon I guess ]
12. Re:Force the company != force the individuals by Anonymous Coward · 2018-01-21 11:57 · Score: 0
  
  ever heared of remote-management?
  No irish involvement required.
13. Re:Force the company != force the individuals by Kjella · 2018-01-21 12:07 · Score: 2
  
  The claim that this somehow violates Ireland/EU law is absurd, unless you are arguing that a person sitting at a computer in the U.S. is somehow bound by the laws of a foreign country.
  Uh yes? If you hack an Irish server it's most definitively a crime in Ireland. Same if you plan and direct an IRA bombing from abroad, being physically present has never been a requirement. Sure enforcement can be tricky if they refuse to extradite, but that's just a practical problem.
  
  This is a deliberate mis-stating of the issue. Right now, a Microsoft employee, sitting at a computer located in the U.S., can access those servers and find the information that is being requested.
  Technical capability and legal permission are not the same. For example we've had doctors and nurses criminally prosecuted for snooping on journals of patients they had no business reading, that they're capable of copying this information doesn't mean they can do so legally. I think anyone who's held root/admin privileges on company servers understands this.
  
  This is done every day as a matter of routine operation, by Microsoft and every other company that has operations in multiple countries.
  Exactly, it is routine for employees in one jurisdiction to have access to data held in a different jurisdiction. And all of that is based on contracts and agreements that lets Microsoft US have access to Microsoft Ireland's servers and data within the boundaries of Irish law. The US courts are saying we can force Microsoft US to do whatever we want. The problem is that then they're saying those agreements are worthless, you can't trust an American to honor them because he can be forced by US courts to break them. Which means Microsoft Ireland will be forced by Ireland/the EU to rescind those permissions.
  In fact all sorts of cloud/hosting/outsourcing industries could be hit with this, it'd be a total meltdown where the only way you can abide by domestic laws is to have only domestic people working on it. Imagine if India said "That's great we'll do like the US, everything that's outsourced or subcontracted to Indians can now be subpoena'ed under Indian law." and everyone would shit bricks. Which is why I don't understand why the US is pushing for this, if they win US employees and companies will become toxic for global operations.
  
  --
  Live today, because you never know what tomorrow brings
14. Re: Force the company != force the individuals by Anonymous Coward · 2018-01-21 12:33 · Score: 0
  
  Then they should compel the user (presumably a US citizen/resident) to login.
15. Re: Force the company != force the individuals by lokedhs · 2018-01-21 13:19 · Score: 1
  
  That is actually an interesting question. Is it possible for a US court to force an individual to break the law in a foreign country? I'd hope the answer is no, but this is the US we're talking about some you never know.
16. Re: Force the company != force the individuals by Anonymous Coward · 2018-01-21 13:21 · Score: 0
  
  One definition of government is force backed by violence.
17. Re:Force the company != force the individuals by Anonymous Coward · 2018-01-21 14:23 · Score: 0
  
  "So yes the U.S. has repeatedly claimed computer "crimes" perpetuated by people outside the U.S. are punishable by the U.S.. So why shouldn't other countries do the same to Americans?"
  When you get right down to it, it's because the US has more nukes, and history of a willingness to use them on non-military populations. :)
  "There has never been a problem among the Affairs of Men that could not be solved through the strategic application of sufficient firepower."
18. Re:Force the company != force the individuals by Anonymous Coward · 2018-01-21 14:50 · Score: 0
  
  The correct method is get a warrant where the thing is.
  It's amusing how armchair lawyers want the Internet magically sprouting borders where it's convenient then instantly shedding them when it's not. Suppose if a country implemented restrictions on services storing data outside their borders, imagine the howls about Internet borders then.
19. Re:Force the company != force the individuals by Anonymous Coward · 2018-01-21 17:25 · Score: 0
  
  Microsoft obviously has a pathway to the data in Ireland and there are no gatekeepers blocking that path, at this time.
  Is the existence of this pathway legal in Ireland?
20. Re:Force the company != force the individuals by Anonymous Coward · 2018-01-21 19:05 · Score: 0
  
  Well - If they really rule that this data is accessible for the USA, it would have consequences for Microsoft.
  I mean - Nobody in his right mind that want to keep his data secure, will use Microsoft software to store and maintain that data anymore. I guess the best solution is to use open source storage systems and make the data only accessible to non-US users. I think Microsoft will lose a big chunk of it's users.
21. Re:Force the company != force the individuals by LowTechSwede · 2018-01-21 20:17 · Score: 2
  
  This case is huge for Microsoft, Google and Apple. If the ruling goes against Microsoft, this likely means that no company with business in EU can use an American provider for emails for their EU employees under GDPR. GDPR which comes into effect in a couple of months has enough teeth to make compliance mandatory. To stay in business in EU, the three big ones would need to separate their hosting of EU data to a separate legal entity not under their control. License technology to a company, spin off the company and list it on a EU stock exchange or something similar. Sharing of data for interoperability then becomes a problem that has to be solved. This would not be unsolvable, but likely expensive and leading to service degradation in many ways. EU Governments would probably not be unhappy with this turn of events, but a large number of businesses will suffer in the short term, though none as much as Microsoft and Google.
22. Re: Force the company != force the individuals by Anonymous Coward · 2018-01-22 01:21 · Score: 0
  
  The issue is the Constitution of the United States implicitely assumes that government, at best, is immoral, unjust, and unethical. The history of the United States repeatedly demonstrates the validity of those assumptions.
23. Re:Force the company != force the individuals by coofercat · 2018-01-22 01:58 · Score: 1
  
  IANAL, but I'd say most European businesses would not be able to use US-owned providers *at all* if this goes ahead. EU law would need special exceptions for US access to EU data, which I suspect just ain't gonna happen.
  Even if I'm wrong about all this, it's a great opportunity for EU-based hosting providers to scoop up some big contracts from people hitherto using US owned providers. Be careful what you wish for...
24. Re:Force the company != force the individuals by pnutjam · 2018-01-22 03:59 · Score: 1
  
  This is the US.
  Authoritarianism > business interests
  business interests > citizen interests
  
  --
  Cheap storage VM.
25. Re:Force the company != force the individuals by Anonymous Coward · 2018-01-22 05:42 · Score: 0
  
  Microsoft obviously has a pathway to the data in Ireland and there are no gatekeepers blocking that path, at this time.
  Is the existence of this pathway legal in Ireland?
  Also, does it even exist. That GP writes it is "obvious" doesn't mean that is true.
26. Re: Force the company != force the individuals by Anonymous Coward · 2018-01-22 05:55 · Score: 0
  
  Also, is it possible for MS Ireland to allow such a person access to the data?
  Without breaking the law, that is.
27. Re:Force the company != force the individuals by Anonymous Coward · 2018-01-22 06:20 · Score: 0
  
  In those cases the damage done was done in the US, and the legal cases were brought with the assistance of the foreign country. Two important differences.
Perhaps another country can try it. by dwywit · 2018-01-21 10:16 · Score: 2

Lodge a warrant with the local MS subsidiary for some data stored on MS USA server/s, and see what happens. Put the shoe on the other foor and see how the USA DoJ reacts.

--
They sentenced me to twenty years of boredom
1. Re:Perhaps another country can try it. by ilsaloving · 2018-01-22 05:40 · Score: 1
  
  I think we all know exactly what would happen.
  According to the US, national sovereignty is a one way street.
Ignoring Borders? by kenwd0elq · 2018-01-21 10:19 · Score: 0

Curious that "ignoring borders" is exactly the issue at present, when the US Government has exhausted its spending authority. The Republicans think that borders mean something and that illegal aliens should go home, while the Democrats apparently feel that there are no borders to the United States that anybody is obliged to respect. Europe has been having similar problems over the last year or so.
1. Re: Ignoring Borders? by Anonymous Coward · 2018-01-21 10:39 · Score: 0
  
  Sorry everyone this was started by the Democratic Obama administration. MS filed their lawsuit in 2013.
  I'd like to apologize for blaming this on Republicans.
2. Re: Ignoring Borders? by Anonymous Coward · 2018-01-22 00:22 · Score: 0
  
  Get your facts straight please!
  You're talking about a company, not a political party that started a lawsuit.
  Bunch of retarded " Anonymous Trolls " not knowing the difference between a private company and a political party... to dumb to be allowed to breed. Take these people behind a sauna shed and shoot them; The gene pool will be better off in the long run
3. Re:Ignoring Borders? by dave420 · 2018-01-22 00:35 · Score: 1
  
  It's not about borders but the jurisdictions operating within them. The EU has very strong data protection laws, the US does not.
They're going to lose by Anonymous Coward · 2018-01-21 10:23 · Score: 0

The Internet is about to get a wake-up call: if you control the data, it doesn't matter where the hard drive is.
1. Re: They're going to lose by Anonymous Coward · 2018-01-21 10:35 · Score: 0
  
  So, so happy you said it!
  If you donâ(TM)t control your data, the multinational corporations are obliged to provide the government with it when they ask... This is the cost of doing business in a country, as for where that data is, well it could be on the moon but if you do business in the USA, youâ(TM)re still obliged to hand it over if you have access to it and want to not be penalized for withholding information on criminal activities.
  Cost of doing business, learn not to do criminal activities if you donâ(TM)t want the government to look into your data.
2. Re: They're going to lose by Anonymous Coward · 2018-01-21 11:06 · Score: 0
  
  Irrelevant. They simply cannot comply. Microsoft's Irish subsidiary would have to break the law and there is no reason why they would do that.
3. Re: They're going to lose by Sique · 2018-01-21 11:43 · Score: 5, Interesting
  
  If the U.S. prosecution has its way, then the E.U. will simply forbid any foreign owned company to operate any data in the E.U.. The High Court of the E.U. already invalidated the "Safe Harbour" agreement with the U.S. because of the way the U.S. handles data of foreigners. In the end, Microsoft Ireland will have to become a separate entity, independent of Microsoft U.S., and only a contract between Microsoft U.S. and Microsoft Ireland will allow Microsoft U.S. access to data stored in Ireland, with an arbiter resident in Ireland deciding case by case if the access is to be permitted or not by handing out a digital certificate granting access and being revoked at any time the arbiter sees fit.
  In a case like this, the certificate necessary to access said email would long have been revoked, and only with a formal request to the Attorney General and the Data Protection agency of Ireland, the U.S. prosecution would be able to get a new one granting access to the email they want.
  
  --
  .sig: Sique *sigh*
4. Re: They're going to lose by Anonymous Coward · 2018-01-21 12:49 · Score: 0
  
  Then they're going to be ordered to break the law. Happens all the time. Fortunately it's a corporation, so nobody is actually going to jail.
ACLU and Fox News agreeing is the end of times by Anonymous Coward · 2018-01-21 10:36 · Score: 1

I can understand that DoJ is required to make the request/filing, but I do not believe even many of their own lawyers actually think winning would be a good thing. When the ACLU and Fox News both agree the DoJ winning would be bad, you can pretty much take that to the bank. The only interesting question is how narrow the ruling will be.
The reality is... by GerryGilmore · 2018-01-21 10:44 · Score: 1

...that, by the Constitution, international treaties DO supersede Federal law, though not the Constitution itself. Witness WTO lawsuits against Federal and/or State laws. A very bizarre situation, indeed, but you'd think that government lawyers would know this.
1. Re:The reality is... by Anonymous Coward · 2018-01-21 11:35 · Score: 1
  
  This is factually incorrect. International treaties are on aa par with acts of Congress, and neither supersede nor are superseded by Federal United States law - see, e.g., Reid v Covert 354 US 1 (1958).
There are already legal ways by DCFusor · 2018-01-21 11:01 · Score: 1

As stated by several amicus briefs. We have treaties with most other countries where this would be an issue, all we have to do is deal with them. If they don't want to give it up, well...do you do war or what? Further, if MS gives up the stuff - they're breaking the law in the other country. Does it seem reasonable to demand someone else break the law? It might be legal, since we have any number of illogical, unconstitutional, just-us laws, but gheesh. Solve it the way it was already solved, you lazy govt fscks. The US is only the US, we don't own the world much as many stupid people might wish that as our empire ends - which is why we're thrashing around like a wounded animal these days.
.
To reiterate - there's already a legal way to do this where no one breaks any laws if the other country agrees. We should be done at that point and respect others. This might be the only time in recent memory I'm on the side of Microsoft.

--
Why guess when you can know? Measure!
1. Re:There are already legal ways by AHuxley · 2018-01-21 11:12 · Score: 1
  
  PRISM https://en.wikipedia.org/wiki/...
  Nobody smart noticed all that data moving around from a big brand back to the gov/mil?
  The big brands even helped decrypt so the gov could get plain text.
  
  --
  Domestic spying is now "Benign Information Gathering"
2. Re:There are already legal ways by DCFusor · 2018-01-21 17:13 · Score: 1
  
  Of course we did. A: the parts of gov have turf issues with talking to one another. B: while it's effectively illegal, even if they do it anyway, if they have a hard on to bust someone with clout - it has to look legal, parallel construction might not fly.
  
  --
  Why guess when you can know? Measure!
Scene: The trial of an oil or financial company by Wrath0fb0b · 2018-01-21 11:41 · Score: 1

Prosecutor: The defendant has not turned over emails between their executives discussion the probability of an (oil leak) (fiscal collapse) (other bad thing).
Judge: Why not?
Defendant: Those emails are not stored in this country.
Judge: Which country are they stored in?
Defendant: Please refer to the statement from EvilCO IT explaining that our emails are stored in a database that is then sharded across all our subsidiaries around the world.
Judge: And you need the pieces, the shards, from all the countries to reassemble them?
Defendant: There's some redundancy for catastrophic failures, so no, not all.
Judge: But most.
Defendant: Yes.
Judge: And this can be done from a server here in the United States.
Defendant: No, email accounts are managed by those subsidiaries in those countries. Our EvilCO IT here doesn't have permissions to create them.
Judge: But when a new employee starts, they get access? How?
Defendant: Yes. The US office requests an account for them.
Judge: So you do have permissions to create the new accounts
Defendant: No, only the administrators at the subsidiaries do.
Judge: But you can tell them to do so.
Defendant: Yes
Judge: And they can't say no.
Defendant: I'm not aware of a sysadmin in a subsidiary refusing to create an account for their local shards to an employee authorized by corporate.
Judge: So you claim you don't have permission, but if you make a request then it's always fulfilled.
Defendant: It's fulfilled by an administrator in the subsidiary that has permission.
Judge (daydreaming): Bailiff, please tase this lawyer in the balls repeatedly until he stop this bullshit.
Judge (IRL): Counsel, I think you have constructive access if every time you request access, someone with actual permission grants it.
Defendant: Multiple administrators are required, in each subsidiary, to grant access to the shards necessary to access the email system.
Judge: Yes, multiple, OK, it's a nice shell game. How about turn over the documents about your damned oil spill already?
1. Re:Scene: The trial of an oil or financial company by R3d+M3rcury · 2018-01-21 12:10 · Score: 1
  
  Judge (daydreaming): Bailiff, please tase this lawyer in the balls repeatedly until he stop this bullshit.
  I think you mean:
  Judge (daydreaming): Bailiff, whack his pee-pee!
2. Re:Scene: The trial of an oil or financial company by jaa101 · 2018-01-21 12:15 · Score: 1
  
  The key difference here is that they're not after Microsoft's data; they're after data belonging to a Microsoft customer who is not a US citizen who has probably never physically been on US territory.
3. Re:Scene: The trial of an oil or financial company by Wrath0fb0b · 2018-01-21 13:50 · Score: 1
  
  That is a difference. I don't see how it's a key difference who holds the record.
  In the bank/oil-co/bad-guy example, does using a 3rd party IT department instead of in-house change things? Or any number of intermediaries can be added: Oil company contracts ITCorpUS, ITCorpUS has a subsidiary in Ireland, Ireland has a subsidiary in Cook Islands ....
4. Re:Scene: The trial of an oil or financial company by Anonymous Coward · 2018-01-21 15:59 · Score: 1
  
  Should read: "Defendant: I'm not aware of a sysadmin in a subsidiary refusing to create an account for their local shards to an employee authorized by corporate; but they know what's going on and I would expect a refusal this time."
5. Re:Scene: The trial of an oil or financial company by jaa101 · 2018-01-21 17:11 · Score: 1
  
  The difference is that the bad company has a legal presence in the US, so US courts can demand company documents in some circumstances. Wherever the company has stored the documents, if the company is able to retrieved the documents itself then it can be compelled to retrieve them for a court. In this case the documents don't belong to a US company, they belong to an entity with no presence in the US.
  What if the this case was about a US bank which operated safety deposit boxes in Ireland? Can a US court require that bank to open a customer's box in Ireland, without notice to the customer, and provide copies of the contents? This is likely to violate the bank's contract with the customer and probably Irish and European law as well.
  Taking this example further, what if that US bank has a legal presence in Russia, China, Venezuela, or wherever. Can a court in one of those places require the bank to send them copies of material in your safety deposit box located in the US?
6. Re:Scene: The trial of an oil or financial company by david_thornley · 2018-01-23 07:31 · Score: 1
  
  No matter what the contractual or physical arrangements, I can't, from here. open a safety deposit box in Ireland. I'd have to go there or have someone do it for me. If I'm there, I'm subject to Irish law, and if I employ someone to do it they're subject also. A US court could order me to provide the contents of the box, but I might not be able to comply.
  However, I may be able to access data in Ireland without anyone in Ireland doing anything to help me. From where I'm sitting, I'm not actually subject to Irish law, and the ones who are aren't doing anything. A US court could order me to hand over the data, and I sure can comply without involving anyone in Ireland.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
7. Re:Scene: The trial of an oil or financial company by jaa101 · 2018-01-23 10:54 · Score: 1
  
  I meant, imagine you are an Irish citizen who has never left Ireland but you have documents in your bank's safety deposit boxes in Ireland. Do you think a US court should be able to force that bank to produce copies of those documents without even telling you about it? It doesn't even need to be a US bank, just a bank with a legal presence in the US so the courts have access to company officers in the US. See how this is different from the court requiring access to bank documents stored in Ireland?
  And then turn it around. You're in the US and an Irish court compels your bank to produce copies of your documents. Surely you don't think that's acceptable.
8. Re:Scene: The trial of an oil or financial company by david_thornley · 2018-01-24 07:04 · Score: 1
  
  Right, but this isn't the same thing. I was trying to point out that nobody in the US has direct access to an Irish safe deposit box, but that Microsoft apparently has direct access to data in Irish servers. It is possible for people in the US to access data overseas, but not physical objects.
  A US court can't order people in Ireland around. It can issue orders to people in the US. It can tell people in the US to say things to people in Ireland, but those people are going to be subject to Irish courts rather than US courts. It can tell people in the US to access servers in Ireland that they have access to, and there's nobody in Ireland who has to do anything, so there's no automatic way to invoke Irish law.
  Clearly, a US court can order people in the US to turn over stuff in US servers. Can a US court order people in the US to do the exact same thing on Irish servers?
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Sorry, MS has the statement of facts correct by davecb · 2018-01-21 12:06 · Score: 1

Regrettably, the courts are aware of the "incidental" creation of copies in each location, as entered into evidence in suits about copyright and copies. They know full well that there is a copy made in RAM in Ireland, then another in the US, then the final copy on the printer in the US, the place where the data is wanted.
If I request a web page from a site in the EU, I don't have to obey EU law, but the server administrator in the EU does. If the EU says "No foreigners may see this", then he can't serve it to me, so I can't import it.
I might really really wish to view it, but if it's in the EU, EU laws apply.

--
davecb@spamcop.net
Irrelevant by Anonymous Coward · 2018-01-21 12:20 · Score: 0

... before anyone conceived of cloud computing.

Corporations are answerable to sovereign (domestic) government or they aren't: The US DoJ creating a "fuck you, I got mine" end-run some 32 years ago, is irrelevant.

... ignores borders, treaties and international law ...

Considering the USA imposes onerous treaties on other countries of the world, one is driven to ask why the DoJ isn't using that leverage? I suspect this is a fishing expedition that would fail even that lax legal requirement.
Fuck Them by NicknameUnavailable · 2018-01-21 12:41 · Score: 1

They sellout every US citizen with Cortana, and they won't give up some foreigner? Jail all the executives for treason and be done with it.
1. Re:Fuck Them by Anonymous Coward · 2018-01-21 14:35 · Score: 0
  
  Jail all the executives for treason and be done with it.
  Ireland: "Revoke the corporate charter for Microsoft Ireland, and jail anyone who breaks the EU Data Protection Directive."
  US: "We want that data."
  Ireland: "NO."
  US: "..."
  Microsoft: "OK, spend some money to get the shills to quit costing us our data centers...."
2. Re: Fuck Them by Anonymous Coward · 2018-01-21 19:39 · Score: 0
  
  It's not their choice. They are legally required to give all private data of all Americans to the US government upon request, just like every other US-based company, while Microsoft Ireland is not allowed to give the customer data they store to an overseas third party, such as the US government. Microsoft's only way out would be to move out of the US altogether.
Has the data/email ever been access or crossed USA by Anonymous Coward · 2018-01-21 16:13 · Score: 0

Has the data/email ever been accessed in the USA? Or ever crossed into or out-of the USA?
If data from France to Ireland first goes to USA then to Ireland, then cannot the USA at least capture or request capture of data as it passes thru USA? Same for China or any other country! This is a danger with the internet and not controlling the path data takes.
Re: Scene: The trial of an oil or financial compan by Anonymous Coward · 2018-01-21 19:33 · Score: 0

That, and the fact that it would be illegal for the subsidiary to hand over the customer's data to an overseas kangaroo court.
WARNING by Anonymous Coward · 2018-01-22 02:11 · Score: 0

Danger Will Robinson, DANGER!
Remember that if the United States courts could issue a warrant for data in other countries, those countries could also issue a warrant for data in the United States.
Imagine if you sent an email being critical of Islam to somebody and they happen to be someplace in the Middle East, and that government arrested that person, but also issued a warrant for your email, and decided to file charges against you because it's illegal in THEIR country that you have never been to.
I hope your airplane doesn't fly over their country, or they will be forced to land so they can take you into their custody.
Sigh. by ledow · 2018-01-22 02:34 · Score: 1

Fail to comply: Get sued in the US.
Comply: Get sued by all the other countries.
There's a reason that we have jurisdictions.
Pretty much, even allowing the CAPABILITY for non-EU personnel to access EU data is an offence, which is why the EU side of Microsoft (an entirely different legal entity) cannot allow it to happen without an EU court order, cannot provide credentials that could make it happen, and cannot be seen to assist in any way, shape or form.
And technically, because the Microsoft US entity doesn't have control of that data, they are then unable to do anything about getting sued into oblivion because what they are being ordered to do is impossible for them to do anything about and the only place that can do anything would be breaking their own laws.
You want this data, you get the EU courts to order it. Good luck!
Re:Has the data/email ever been access or crossed by ledow · 2018-01-22 02:37 · Score: 1

If it did, it would be in breach of most of the data protection laws in the EU.
They are either data processors (which would be very difficult to organise legally across international boundaries) or not (in which case they shouldn't have access to the unencrypted data at all).
EU laws are much more strict in this, and I can't process any data for my employer outside the EU. Hence things like SurveyMonkey, etc. are off-limits as they are hosted in the US.
Relevance? by Anonymous Coward · 2018-01-22 06:03 · Score: 0

WTF exactly, does the Irish e-mail case have to do with partisan differences over immigration? Also you threw in "spending authority" for no known reason at all.
I mean, you could have made some kind of a sensible analogy. Except you failed to do so.
Troll babble gibberish nonsense! Gabble gabble burp fart squeak!
I hope MS wins this one... by Anonymous Coward · 2018-01-22 08:18 · Score: 0

...otherwise we end up with the BS that was perpetrated here in New Zealand against Mega-upload/Kim Dotcom - NZ, a sovereign nation, bowed to pressure from the US Federal Gov't (who were probably acting on called in electoral favor by the RIAA/MPAA).
A dawn raid, with Armed Offenders Squad, the NZ equivalent of SWAT, on four people in KDC's mansion near Auckland - the four people were KDC, his wife, and two children aged six and seven (ish) having loaded firearms in their faces.
It was a filthy act, over the top, and the NZ government should be ashamed of bowing the the US Federal Government like that. I hope the Irish government has bigger balls that ours.
What goes around, comes around by Anonymous Coward · 2018-01-23 09:03 · Score: 0

Let Ireland pass a law that makes it a felony for anyone anywhere in the world to order any business that stores data in Ireland to transfer it to another country in violation of the Irish data privacy law and without an Irish courts approval.
Prosecute the Prosecutor.
Issue a Interpol Red Note Warrant for the arrest of the U.S. Department of Justice Prosecutor.