Supreme Court Wrestles With Microsoft Data Privacy Fight

Supreme Court justices on Tuesday wrestled with Microsoft's dispute with the U.S. Justice Department over whether prosecutors can force technology companies to hand over data stored overseas, with some signaling support for the government and others urging Congress to pass a law to resolve the issue. From a report: Chief Justice John Roberts and Justice Samuel Alito, both conservatives, hinted during an hour-long argument in the case at support for the Justice Department's stance that because Microsoft is based in the United States it was obligated to turn over data sought by prosecutors in a U.S. warrant. As the nine justices grappled with the technological complexities of email data storage, liberals Ruth Bader Ginsburg and Sonia Sotomayor questioned whether the court needed to act in the data privacy case in light of Congress now considering bipartisan legislation that would resolve the legal issue. A ruling is due by the end of June.

Assume "yes"

[110010001000]

You should assume the answer is "yes" no matter what the court says. If you have data, don't give it to a corporation in the cloud.

Re: Assume "yes"

So rich people are allowed to keep their off shore bank accounts private but you and I aren't allowed to keep our email and files private, even when they're stored off shore?

American Companies Abide by American Laws

Microsoft owns that data, thus it is Microsoft property, and since Microsoft is an american citizen, it must adhere to American laws.

It's not complicated.

Re:American Companies Abide by American Laws

[olsmeister]

It says they are probably going to pass a law to resolve the issue. Maybe this is just a preemptive strike.

Re:American Companies Abide by American Laws

[AvitarX]

Could it not be argued that it is Microsoft Europe, Microsoft Europe is a European company, and it must adhere to European laws?

Assuming there is indeed a European entity.

Re:American Companies Abide by American Laws

[nwf]

Except, any Microsoft entity would likely be a wholly owned subsidiary. Unless they set up an independent company and license everything, but even then I'd be the courts wouldn't let them get away with that either since it's obviously just set up to get around the law.

Perhaps if they had a truly independent company they purchased services from and then had to way to actually get the data. Otherwise, if they have access to it and they are a steward of the data, they'll likely have to provide it. IANAL.

Apple's work in China may provide some intersection options down the road.

Re:American Companies Abide by American Laws

[suutar]

there is, and that is indeed the argument. The counterargument is that MS USA completely controls MS EU and therefore should be able and required to force MS EU to pony up despite European laws.

Re:American Companies Abide by American Laws

[jarkus4]

If the system would require action from someone in target country to access the data, they could truthfully say they can't get the data. That person would have full authority to refuse obeying any command that is against the local law and in case of firing would win big in court.

Re:American Companies Abide by American Laws

[Megol]

Imagine company A being created in North Korea. Imagine company B being a company owned and controlled by A incorporated in the US.
If company A is ordered to do something that is legal in NK should then company B comply even though it is illegal in the US?

Of course not, that is ridiculous.

Re:American Companies Abide by American Laws

[nwf]

I'd bet the courts would see though that and start assessing large fines.

Re:American Companies Abide by American Laws

[nwf]

Of course it is ridiculous as is international law. Why would NK care if it's legal in the US?

Re:American Companies Abide by American Laws

[arth1]

Microsoft owns that data, thus it is Microsoft property, and since Microsoft is an american citizen, it must adhere to American laws.

It's not complicated.

No it is not complicated. American law does not apply outside American territory, period.
If an American company owned elephants in India, and Indian law said that exports of elephants was illegal, should an American judge be able to decide that they must ship their elephants to the US? Does not Indian law apply on Indian soil because it's an American company?

Re:American Companies Abide by American Laws

[Whorhay]

It depends on which country they fear the most. The company or rather it's owners have decided to enter into business in two different countries with different laws. It is up to the company to figure out which direction to go when their is a conflict between those laws, but that doesn't mean they are absolved of the consequences which either or both countries might then implement.

Re:American Companies Abide by American Laws

[whoever57]

The counterargument is that MS USA completely controls MS EU

Until MS moves its headquarters to some tax haven that has strong laws about international interference in data. There are probably plenty of tax havens that would craft such a law in order to induce MS to move their HQ to that jurisdiction.

Whatever the outcome, the Justice Department are going to make doing business more difficult in the USA. This was and always will be an own goal by the Justice Department.

Re:American Companies Abide by American Laws

Imagine company A being created in North Korea. Imagine company B being a company owned and controlled by A incorporated in the US.
If company A is ordered to do something that is legal in NK should then company B comply even though it is illegal in the US?

It would come down to whether or not they're capable of doing it. You need to imagine the person at company A with a loaded gun literally pointed at their head. Can they obey the NK court? If they are able to do it, then they'll likely do it, to avoid NK court sanctions (i.e. death).

Why would anyone care whether or not it's illegal in the US? They have a NK gun pointed at their head. I would break any law anywhere, if it kept my brains from getting splattered. Law is irrelevant once there is a court order with sufficient force backing it.

If a US court demands Microsoft do something, they should either do it (and face consequences in Europe) or disobey and face consequences in US. That's the problem with having multiple masters. Don't like it? Don't have international capabilities.

If a schoolyard bully tells you to spit on another bully, what do you do? It's not like Microsoft can run away or go tell mommy. The bullies are it as far as force and authority go. You gotta pick sides, and if you try to get along with both bullies, you're just gonna get beat up twice as often.

Re:American Companies Abide by American Laws

[jd]

If you impose that rule, then EU companies in America are embassies protected by the Vienna Convention because they have to be in Europe to be under EU laws and you're saying that they are.

Can you begin to imagine the unintended consequences of that?

For a start, forget immigration controls. They're embassies, they can house whoever they damn well like, under EU laws. The US has no jurisdiction because this is EU turf not US turf by your own rules.

You can't have it both ways.

Re:American Companies Abide by American Laws

Tell that to the IRS, or to Assange.

Re:American Companies Abide by American Laws

[pnutjam]

If a corporation is a person, this is spot on.

Re:American Companies Abide by American Laws

[Teun]

Wholly owned or not, such companies are set up to enjoy tax advantages but especially to avoid liabilities.
It is very common knowledge when such a company would go bankrupt the parent company never has to pay up.
When this segregation is legally possible, and it is, then it would be the same for access to these mails.
And that's aside from the European point of view the mails are owned by their respective account holders, not the company that stores them.

Re:American Companies Abide by American Laws

[Teun]

Which courts and fines from who?
American courts have a fat Zero jurisdiction abroad and EU courts have no issue to act on.

Companies like MS have in anticipation of this problem already build EU based servers to store EU data and put them under EU (often Irish) jurisdiction.

Re:American Companies Abide by American Laws

Microsoft owns that data, thus it is Microsoft property

NO, Under EU law Microsoft DOES NOT own the data, a user retains all rights to his data even when housed on a companies server and said company must abide by those laws in handling of the data. The Data is governed within the borders of the EU under EU laws.

It's not complicated.

It is extremely complicated as you proved by getting almost everything wrong in your 2 line comment and the fact that even after several years the US supreme court can't work out the right decision.

Re:American Companies Abide by American Laws

[Teun]

There are lawyers specialising in this game, it's called Conflict of Law and it pays very well.
Rest assured MS has consulted these specialists years ago.

Re:American Companies Abide by American Laws

[Teun]

No, Microsoft sells a service to store data for third parties, they most certainly don't own the data.
If that were the case and something illegal was found in this data MS would be liable.

Re:American Companies Abide by American Laws

[BitterOak]

No it is not complicated. American law does not apply outside American territory, period.

That's simply not true. There is a presumption of non-extraterritoriality in U.S. law which means that if a law doesn't state otherwise, it is presumed to apply only on U.S. soil (or U.S. military bases, etc.), but laws can explicitly state that they apply outside the U.S. and U.S. courts have found them enforceable (usually when a citizen returns to the U.S. after a foreign trip.) Notable examples are the Foreign Corrupt Practices Act which make it a crime to bribe a foreign government. Another example is the Child Protect Act which makes it illegal for American citizens to hire child prostitutes even in countries where the practice is legal (eg. in the Netherlands, 16 years olds can legally work as prostitutes, but if a U.S. citizen hires one while visiting Amsterdam, they can be charged when they return to the U.S.). Another example are violations of certain travel restrictions, such as travel to Cuba, etc. Now, whether or not the search warrant in question is presumed to be non-extraterritorial or not is up to the Supreme Court to decide, but your blanket statement is clearly untrue.

Re:American Companies Abide by American Laws

[youngone]

It is Microsoft Ireland, which has to live by Irish law, regardless of where the parent company is.
It puts Microsoft in a difficult position, because if the US passes a law forcing it to send the data back to the US, it might still be in breach of Irish law, or EU law, and open to prosecution there.
This looks like the US government trying to force it's law on the rest of the world, especially as there is a perfectly good mechanism for asking the Irish for the data, as detailed here.

Re:American Companies Abide by American Laws

[suutar]

Very true. I personally do not agree with the counterargument; I was just trying to explain it.

Re:American Companies Abide by American Laws

I'd bet the courts would see though that and start assessing large fines.

Well the NWO calls for the US to be de-developed and turned into the world's farmland and tech/industry to be located elsewhere.

This is just another move to force large multinational corporations and their HQs out of the US in keeping with the NWO agenda, in concert with the ongoing destruction of the US education system so that such firms won't have an educated local workforce to draw from, further incentivizing these firms to leave the US for greener pastures.

Re:American Companies Abide by American Laws

[Richard_at_work]

US law applies to US citizens and companies, regardless of where the data or assets lie.

The recent windfall tax by Trump on companies overseas cash piles is a good precedent in this area.

People seem to be confused about the fact that one countries law does not have to be compatible with another countries law - in your case, a US judge can certainly order a US entity to do something which would violate another countries laws, and its up to the entity themselves to resolve that conflict.

Re:American Companies Abide by American Laws

[Richard_at_work]

Microsoft Europe is owned by Microsoft US.

People seem to be under the misconception that a company, entity or person can only ever be subject to a single judicial jurisdiction at any single point in time. Thats wrong - they can be subject to multiple judicial jurisdictions, and those jurisdictions dont have to be compatible.

Re:American Companies Abide by American Laws

[Richard_at_work]

A US court can still require a US entity to do something - regardless of the fact that it requires a subsidiary in another country to act.

Re:American Companies Abide by American Laws

[Teun]

They can require all kinds of things but it's just not going to fly when it's against the law of the originating country and that's Ireland.
Because this is not a new issue MS will have put means in place to prevent any illegal access to their customers content in the EU.

Re:American Companies Abide by American Laws

[AHuxley]

So set up a company in the correct legal way and get to push another nations laws deep into the US legal system?
Enforce blasphemy laws in the USA? No saying bad things about a cult, faith?
Enforce another nations liable laws that are totally different from US free speech protections?
Move in some powerful German laws on the way history is presented and can be talked about in the USA?

Re:American Companies Abide by American Laws

[Anubis+IV]

You seem to be suggesting that American law trumps Irish law because Microsoft is an American company. That may very well be the way that this particular scenario plays out in practice (though I doubt it), but it's not an accurate picture of the legal situation.

Microsoft has a legal obligation as an American company to abide by American law and has a legal obligation as a company operating in Ireland to abide by Irish/EU law. Having legal obligations in different countries usually isn't an issue for companies, since it's generally agreed that American law applies in America and foreign law applies elsewhere (i.e. each country has sovereignty within its own borders). Inasmuch as one set of laws extends beyond that country's borders (e.g. US corporate taxes), it does not—and legally cannot—contravene the law in other jurisdictions.

Which, to be clear, is how it should be, since attempts to force your law in another country may potentially be viewed as an act of war, given that you would be violating that other nation's sovereignty. And nations tend to take their sovereignty pretty seriously, as you might imagine.

Anyway, all of this just means that the US lacks the authority to demand that—while in Ireland—Microsoft engage in activities that are contrary to Irish/EU law. Any attempt on the part of the US to do so would mean that the US is asserting the supremacy of its laws over Irish and EU laws within Ireland's borders, and could be construed as an act of war.

If only there was an avenue through which the US Justice Department could request that data without having to make demands.

Oh wait, there is!

We have treaties for resolving exactly these sorts of situations where one country wants something that they don't have the authority to demand. All the Justice Department needs to do is contact the Irish government and ask for its help in extraditing the data. Simple as that. Doing it that way ensures that no Irish laws are broken, no American laws are broken, that each nation's sovereignty is respected, and that no company is asked to choose between a rock and a hard place. The Irish government may deny America's request, but that's their prerogative, given that it's their country.

Unfortunately for Microsoft, they have to deal with reality, rather than legal theory, and the reality of the situation is that if they lose this appeal they'll have to choose between the rock and the hard place. If I were them, I'd be running the numbers to figure out what they'd be losing each way. Refusing to abide by the US order will likely result in some fines, but I'd imagine little else. Refusing to abide by Irish/EU privacy laws, however, seems like it could carry some significantly more severe consequences, not least of which is that they'd immediately lose a huge number of their European customers.

Re:American Companies Abide by American Laws

[Richard_at_work]

The laws in the third party country don't matter to the courts in the first party country - people here seem to be under the misconception that its otherwise...

The *only* thing MS can do to break the chain of authority between MS US and MS Ireland is to spin off MS Ireland into its own entirely separate company, with MS US holding no more than a minority share, having no say in how it runs its business etc. Anything less than waving goodbye to MS Ireland isnt good enough.

MS US haven't done that. They still own MS Ireland. They still have owners authority over MS Ireland. They can be ordered by a US court to do *anything* with regard to MS Ireland.

The fact that a US court order directed toward a US entity violates a foreign countries laws does not absolve the US entity from being obligated to fulfil that court order, or suffer consequences.

Re:American Companies Abide by American Laws

If company A is ordered to do something that is legal in NK should then company B comply even though it is illegal in the US?

If company B is the wholly owned subsidiary of company B, then company B likely has no choice. Which means company B will comply and should be punished by the US. Clearly if it's the case that company A and company B keep running into this situation, perhaps company A and B really should, you know, actually company A and B, not company C pretending that there's two wholly independent companies A and B.

In short, MS (and Google and Apple, among others) has only itself to blame for acting like it can be one company in many countries with contradictory laws and think it can just get away with flaunting those countries laws. In your example, it means not doing business in North Korea. In the real world, it means MS Europe shouldn't really exist because clear MS's MO today has absolutely nothing to do with consumer privacy. Same thing with Google Europe.

Re:American Companies Abide by American Laws

If company A cannot have its subsidiaries comply with the law in both places, then it should not open a subsidiary. If it does anyway, then it should pay the legal consequences. It's as simple as that.

Re:American Companies Abide by American Laws

It is not that simple, They would be compelling an individual to commit a crime on foreign soil, if that isn't a violation of your rights then the US is more fucked up then I thought. Whats worse those countries have extradition treaties which means you can then be arrested in the US and SENT to that country for prosecution.

Re:American Companies Abide by American Laws

[torkus]

there is, and that is indeed the argument. The counterargument is that MS USA completely controls MS EU and therefore should be able and required to force MS EU to pony up despite European laws.

So you're saying the USA can compel someone to break laws in another country? How about if that access required the action of someone in the EU - so they'd need to compel a non-US (EU) citizen to break their own local laws?

I see many twisted outcomes from this - mainly companies are going to just get more creative restricting access to data and compartmentalizing it. Also, this stupidity is going to force more and more companies to 'officially' be based somewhere besides the US. Not like they pay their taxes here anyhow... :)

Re:American Companies Abide by American Laws

[Frobnicator]

in your case, a US judge can certainly order a US entity to do something which would violate another countries laws, and its up to the entity themselves to resolve that conflict.

Which is exactly what they're doing here.

Go read the legal briefs submitted by various nations and international organizations. The European Commission, the government of the United Kingdom, the government of Ireland, the Council of Bars and Law Societies of Europe, the German Chamber of Industry and Commerce, the French Department of Business, and even the United Nations legal arm for data privacy. All of them said that if the US enforced the order they'd be violating all kinds of international, law, including violating treaties made by the US government. The Mutual Legal Assistance Treaty, MLAT, provides a method to get the data legally.

Urgent MLAT requests are handled immediately. Ireland has already said if the DoJ filed an MLAT request they would act immediately. But the DoJ is looking for powers that bypass judicial review and international legal review. It is a power grab, which they readily admit in the transcript linked to above. Scroll down to page 23 when asked why they can't use MLAT requests.

It is rather terrifying that they are so brazen about it in the SCOTUS arguments. They state that they could use MLAT, but they want the ability to bypass the courts; if they win the precedent: "We don't have to go to a court first. We just issue the instrument. The provider has to make disclosures."

Re:American Companies Abide by American Laws

The moment they do, say bye bye to any sales outside the US. All US companies would be considered off limits especially with the new GDPR laws coming into the EU in May. NO EU company could afford to have data hosted by a US controlled business. So if they do this, watch for the fallout.

Re:American Companies Abide by American Laws

[Cederic]

That's not true.

Microsoft Ireland can tell Microsoft US that they will not grant illegal access to data.

What are MS US going to do about that? Sack everyone in Ireland? They'd lose every single tribunal case.

The fact that a US court order directed toward a US entity violates a foreign countries laws does not absolve the US entity from being obligated to fulfil that court order, or suffer consequences.

Court orders MS to hand over data. MS says, "We don't have access to data, people in Ireland do. We've told them to hand it over" What consequences would you like?

Of course, we haven't even discussed whether the MS official demanding that MS Ireland break the law should be arrested on their next visit to the EU.

Re:American Companies Abide by American Laws

[Cederic]

should be able and required to force MS EU

How?

I've worked for multinational companies, and I've never been afraid to tell my US based manager that I can't comply with his request because it would break UK law.

Just how would MS force someone to break the law?

Re:American Companies Abide by American Laws

Also, if you go down that route, US judges are just ordinary people in other countries.
If they force something to commit a crime in a different country they could well be prosecuted for it there. They wouldn't be extradited but they might have a hard time travelling anywhere.
There is also the point that there are international treaties about getting help for accessing things in other countries, even if that does not violate the letter of those, it would well violate the spirit and might force the other countries to no longer respect them in retaliation.
These things are why, if you actually care about law and justice, you just shouldn't start a judicial pissing contest with foreign nations.

Re:American Companies Abide by American Laws

Uh, Microsoft Europe is under Irish jurisdiction, Microsoft US is under US.
None of them is under both.
Things are more complicated because Microsoft US can access data from Microsoft EU, but if that wasn't the case, the result would be:
Microsoft US orders Microsoft EU to produce the data (thus fulfilling their part of the court order), Microsoft EU says "can't do that", nothing changes.
Now, it seems Microsoft US can just access the data. However if they do it, the data protection commissioner can go to Microsoft EU and say "you failed to protect the privacy of your customers. Fix that or pay 4% of sales as a fine per year". With the result that Microsoft EU would have to make it impossible for Microsoft US to access data on European servers.
End result:: Everyone loses. Badly. That's why other countries are bright enough to not try such a stupid thing.

Re:American Companies Abide by American Laws

[nzkbuk]

"Unless they set up an independent company and license everything, but even then I'd be the courts wouldn't let them get away with that either since it's obviously just set up to get around the law"
Isn't that exactly how most companies run things for tax reasons ?

Re:American Companies Abide by American Laws

[suutar]

As I said, I don't agree with the counterargument, I was just trying to explain it.

Re:American Companies Abide by American Laws

[suutar]

As I said elsewhere, I don't agree with the counterargument, I was just trying to explain it.

Re: American Companies Abide by American Laws

It may be considered that way in the US, but no court outside the US will acknowledge or cooperate with the US's claim to extraterritorial jurisdiction. It can only ever be relevant for people who are physically present in actual US jurisdiction, who did something outside the US at some point in the past.

Re:American Companies Abide by American Laws

[david_thornley]

I wouldn't be surprised if a US court could order a US person in the US to commit something that would be a crime in another country. There are some pretty strange laws all over the globe. Therefore, Microsoft USA has no option but to try to collect the data. Similarly, Microsoft Ireland has no legal option but to not cooperate. If it were a matter of someone in Microsoft USA trying to get someone in Microsoft Ireland to break the law, it would be simple: Microsoft Ireland obeys the local laws.

However, if Microsoft USA has direct access to the Microsoft Ireland data, things get more interesting. The US court has jurisdiction in the US. The action of bringing that data to the US and turning it over would violate Irish law. So, nobody in Ireland broke Irish law in the specific action of getting that data.

Now, whether Microsoft Ireland broke the law by making confidential data automatically available to Microsoft USA is an interesting question.

My guess is that Microsoft is arguing this hard, because they know that, if they are forced to get the data, European countries will start passing laws forbidding private data to be automatically shared outside the EU, and that would complicate things for Microsoft.

Will kill US companies operating globally ...

If the US basically tries to assert that their laws trump the national laws in which these US companies operate, then those US companies will pretty much lose business.

The only logical conclusion would be that MS is now effectively an agent of the US government, and the use of their cloud stuff would be illegal in other countries or for certain kinds of data.

AND, this would be reciprocal, as MS would have no choice but to hand over data on US citizens to those local governments.

Don't give me the bullshit answer that it's OK for the US but not for anybody else, because we don't give a fuck.

So good luck when Iran wants to subpoena US records from MS. This is basically setting up a scenario in which the US wants their laws to be extraterritorial, in which case everyone else gets to do it.

Sorry, America, but you can't have it both ways.

Re:Will kill US companies operating globally ...

If the US basically tries to assert that their laws trump the national laws in which these US companies operate, .

The problem is, you are mis-stating the issue. The U.S. is doing no such thing. In fact, it's just the opposite.

A Microsoft employee, a U.S. citizen, sitting at a computer located in the U.S., can easily access the server containing the data in question. Therefore, the actual physical location of the server is irrelevant.

To claim that Microsoft is prohibited from doing this amounts to forcing EU law on the U.S.

Re:Will kill US companies operating globally ...

[green1]

Sorry, America, but you can't have it both ways.

Unfortunately for the entire world, America has always been able to do so in the past, so they see no reason not to continue doing so.

American law applies worldwide, all other laws stop at the US border. The only real question is, how far will the rest of the world let that go before they start to push back? so far most of the rest of the world tends to just roll over and let the US have their way. I don't anticipate that to continue forever though.

Re:Will kill US companies operating globally ...

[arth1]

A Microsoft employee, a U.S. citizen, sitting at a computer located in the U.S., can easily access the server containing the data in question. Therefore, the actual physical location of the server is irrelevant.

No, that does not follow. A Microsoft employee, a U.S. citizen, sitting at a computer located in the U.S., can easily access a server in Germany and upload holocaust denial material. The physical location of the server is very relevant.

Re:Will kill US companies operating globally ...

[Sique]

Being possible is not the same as being legal, a common mistake.

If you affect a computer in the EU in a way that is illegal in the EU, then you commit a crime in the EU. End of story.

Re:Will kill US companies operating globally ...

[gravewax]

you are the one miss stating the issue. They could tell you to murder the president of another country, sign and seal it in a US court, it doesn't make it legal for you to go to that country and do it. this is the same, nothing a US court can say will make your action legal or exempt you from the laws of another country where your action is taking place and hence they are ordering them to commit a criminal act. Just like if a Irish court issued an order for a Microsoft employee locally that had access to US servers they would not be legally allowed to hand over all assets of the company, or perhaps they had access to US military servers (will be plenty with that), they could order all US data taken from US servers. It simply doesn't and CAN'T work that way, international borders need to be respected otherwise everything goes to shit.

Re:Will kill US companies operating globally ...

Let's continue your logic. A german then should be completely immune to german law if he's remoted into a computer in the US? So he can email holocast denials all over Germany, because he's remoted into a computer in the US?

Re:Will kill US companies operating globally ...

[BlueStrat]

Sorry, America, but you can't have it both ways.

Unfortunately for the entire world, America has always been able to do so in the past, so they see no reason not to continue doing so.

American law applies worldwide, all other laws stop at the US border. The only real question is, how far will the rest of the world let that go before they start to push back? so far most of the rest of the world tends to just roll over and let the US have their way. I don't anticipate that to continue forever though.

What would be interesting is if the court orders MS-US to comply and the Irish government sends in police and seizes control of MS-IRL's severs, data-storage, and facilities.

Or, less dramatically, the Irish government simply says they will arrest and prosecute anyone at MS-IRL who attempts to comply with the illegal US order and seek to extradite MS-US persons who issue such an illegal order and the judge(s) that created the illegal order to likewise prosecute them as well.

This could get quite popcorn-worthy.

Strat

Re:Will kill US companies operating globally ...

[Teun]

You make the same error as the second commend on the subject, this is not about servers and equipment owned by MS.
Don't forget the data is not owned by Microsoft, according to EU law it is very much stored in the EU, owned by the people that have the accounts and it will be treated as such.
The USofA has it's second amendment where everyone can be a 1-man militia, in Europe we have privacy and consumer laws protecting our population against unruly companies.

Re:Will kill US companies operating globally ...

[AHuxley]

AC the "the actual physical location of the server is irrelevant" is all about another nations privacy laws.
Who wants to invite any big US brand into their nation if the US brand is just going to use US law to bypass any and all local privacy laws?
Using a US brand in another nation is not like becoming a part of the US legal system.

Re:Will kill US companies operating globally ...

[arth1]

Let's continue your logic. A german then should be completely immune to german law if he's remoted into a computer in the US? So he can email holocast denials all over Germany, because he's remoted into a computer in the US?

You must be American, because of your display of binary thinking. It's not either/or, it's both. German law applies in Germany, and US laws in the US. The German in Germany is subject to German law for everything he does. He can also (I know, difficult concept) be subject to US law if he breaks US law on a US server.

Re: Will kill US companies operating globally ...

[Type44Q]

You must be American, because of your display of binary thinking

Just curious... what kind of "thinking" do you call that?

Re:Will kill US companies operating globally ...

[green1]

Except we all know that won't happen.

The most likely outcome is that MS-US simply takes the data, which is likely accessible to them remotely anyway, and nobody from either country gets in any trouble. Some people in Ireland make a big stink about it, but no policies ever get changed, and it's forgotten about before the next sitting of the EU parliament.

Conversely of course, if the roles were reversed, the data would never leave the US, and anyone in Ireland who tried would be extradited to the USA to face trial.

Unfortunately the world is not a fair place, it's full of double standards, and the USA is the king of exploiting those double standards. We have example after example after example of exactly these sorts of things happening, and yet each time we pretend that this time is somehow different, and that things won't go the way they've gone every single previous time. Newsflash, things aren't different, and they won't go a different way.

Eventually some other governments will start to get fed-up and push back, but I've seen no indication that's going to happen any time soon. No government wants to be seen to piss off the USA, even if it would be better for the entire planet in the long run.

Re:Will kill US companies operating globally ...

[green1]

And yet in those "70 years of peace" over 12 million people have been killed in war by American soldiers in 19 different wars. That's just the ones killed by Americans.

I'm sure many of the people on the receiving end of this "peace" feel that form of "leadership" isn't helping them much.

Re:Will kill US companies operating globally ...

[gravewax]

you made an illogical jump their. He would be subject to the laws in BOTH countries, it isn't an either/or as he is still within germany and his act was to send emails to germany. So he would still be able to be prosecuted for what he did, if he also broke laws in the US while on that server he could be prosecuted by the US for those too. In fact the US has enforced such prosecutions for hackers in the past which is an interesting contradiction as it seems servers and data being under foreign laws only apply when convenient.

Re:Will kill US companies operating globally ...

given the current rollout of GDPR this is not something that will be able to be swept under the carpet and forgotten. Especially since the US has perfectly legal avenues of obtaining the data through EU courts and are intentionally seeking authority to bypass the current legal mechanisms to sieze assets in a foreign country, this is not something politicians and courts tend to be willing to just wave past.

Re:Will kill US companies operating globally ...

[green1]

You're quite the idealist.

This is nothing new, it has happened many times before, and it's always forgotten about quickly. This will be no different.

I'd like to think something will change, but there's just no rational reason to believe it will. There's nothing different about this time to all the previous times this has happened.

Re:Will kill US companies operating globally ...

[SimonInOz]

America already has it both ways. Virtually alone in the world, the USA demands its citizens submit tax returns even when they are resident and employed overseas. It further demands (using what can only be described as blackmail) records on bank accounts held by American individuals overseas, including people resident there (FATCA).
So if an American moves to - say - an African country, and works there, earning a small amount of money which is not taxed, Uncle Sam still wants to know about it.
Virtually no other countries do this. (Only the United States, the Philippines, and Eritrea). Basically normal countries accept that you should be taxed where you earn the money.

Re:Will kill US companies operating globally ...

With the upcoming GDPR however, this would render MS non-compliant and would force all european companies to cease using MS products that are non-compliant. MS would lose the entire european market for azure/office365.

Re:Will kill US companies operating globally ...

[jabuzz]

You are assuming that is the case. It may well be, and would be technically easy to implement a system by which data held in the EU was encrypted using keys that are not available to Microsoft employees located in the USA. In fact with upcoming GDPR legislation that this is likely exactly what Microsoft have done otherwise it would be difficult for Microsoft to comply with the GDPR and that would make Azure/Office 365 illegal to use in the E.U. which is an extremely large market to just walk away from; which is why Microsoft are fighting this tooth and nail.

Re:Will kill US companies operating globally ...

[Ihlosi]

Basically normal countries accept that you should be taxed where you earn the money.

The normal way of taxation is by place of residence, afaik.

Re:Will kill US companies operating globally ...

America already has it both ways. Virtually alone in the world, the USA demands its citizens submit tax returns even when they are resident and employed overseas. It further demands (using what can only be described as blackmail) records on bank accounts held by American individuals overseas, including people resident there (FATCA).
So if an American moves to - say - an African country, and works there, earning a small amount of money which is not taxed, Uncle Sam still wants to know about it.
Virtually no other countries do this. (Only the United States, the Philippines, and Eritrea). Basically normal countries accept that you should be taxed where you earn the money.

Actually, that is quite different, as it is a case of a sovereign nation claiming some authority over its citizens, regardless of their location. Since citizenship can be changed, all a U.S. citizen needs to do in order to get out of this is renounce their U.S. citizenship.
What the SCOTUS seems to want to do is quite different - they want to compel Microsoft to commit a crime outside the U.S.

Re:Will kill US companies operating globally ...

[Cederic]

which is likely accessible to them remotely anyway

Only if the employees in Ireland are horrifically negligent.

They've had years to assure that data can't be accessed from the US, and every reason to do so.

Re:Will kill US companies operating globally ...

Unless you have a second citizenship, you cannot renounce U.S. citizenship (or rather, international treaties forbid the US from accepting that as nobody may be made to have no citizenship).

Re:Will kill US companies operating globally ...

[green1]

Funny. You think laws actually apply to governments and large corporations.

There would be an exception 100% guaranteed.

"too big to fail" comes to mind.

Re:Will kill US companies operating globally ...

[green1]

Cloud storage isn't so useful when it's not accessible remotely....
If they didn't want anyone to access the data, they'd have been better off simply deleting it. (And before we talk about obstruction of justice for doing so, remember that the argument is that they aren't subject to US law anyway, so there's no difference here between refusing to deliver it, and deleting it entirely)

Re:Will kill US companies operating globally ...

The EU didn't have GDPR before or massive fine and penalties. Letting them get away with it would undermine the billions they have just invested in it and set a precedent that compliance is optional.

Re:Will kill US companies operating globally ...

[gravewax]

GDPR is SPECIFICALLY targeted at large corporations and governments.

Re:Will kill US companies operating globally ...

[green1]

Ok, get back to me when this is all done and played out.

Your world view is far more optimistic than anything that has EVER happened in the history of mankind.

Re:Will kill US companies operating globally ...

[green1]

Sure, you go ahead and believe that.

This exact law didn't exist before, and this exact challenge didn't happen before, but the exact same mental gymnastics as to who has authority over what and why have.

The only way that this could possibly go down without one side or the other caving is an all out war. And that's not going to happen over this issue. I highly doubt the US is going to cave, so that leaves the EU which has caved to US pressure too many times to count.

If it's EU data, then no, they can't.

(Except for when there is a treaty of course.)

As that would put them legal jeopardy in the EU, and the EU "government" imposes actual fines, while the US government is staffed by employees aka lobbyists aka TV experts aka politicians from Microsoft. (Among others wo mostly agree.)

Don't worry though, Murica, as the corps are hard on guaranteeing this is the case in the EU too. So you will soon be number one again. All we need is a more catchy redneck name for the lands of just enough corporate oligarchy. How about 'Rope?

Re:If it's EU data, then no, they can't.

[AHuxley]

AC if the USA wins this and can "enforce" US laws in the EU?
Wait for the EU to start enforcing EU laws in the USA for their EU brands.

Absurd

[Luthair]

Consider the physical space, if a bank has headquarters in the USA would that mean the US government is entitled to access a safety deposit box in a foreign country?

If they are granted access then this is effectively the end of the use of US based tech companies for cloud services by a wide variety of industries (e.g. government, medical, legal). One also wonders whether the access would even be illegal in the foreign jurisdiction.

Re:Absurd

[Gilgaron]

With the companies all having goofy headquarters for tax reasons, what happens when MS Ireland tells MS US "No" when they ask for the email or whatever? Does the US just freeze MS Ireland CEO's assets until he complies or something?

Re:Absurd

In this case it would be illegagal in the foreign juristicion, which one reason Microsoft is fighting it. They are stuck between a rock and a hard place here.

Re:Absurd

[Impy+the+Impiuos+Imp]

That still won't resolve the risk of jail in Ireland for disregarding Irish law.

Re:Absurd

Plus the US has a legal avenue to get the data. At any point they could have used the mutual legal assistance treaty (MLAT) to have the Irish government (which is also the opinion of Ireland, the EU, .....). Which would have resulted in the US government almost certainly having had the data years ago.

It's a bad hand to play on the international stage. Very odd that the US government is pushing this.

Re:Absurd

[Wrath0fb0b]

The same thing that happens when any subordinate company employee refuses to comply with a court order -- the court tells the company to effect the order.

In this case, the court would order MS US to give effect to the order, and MS US would either have to order/discipline/fire people at MS Ireland until they complied, or else be in noncompliance with the court's order.

The courts certainly aren't going to dick around figuring out which subordinate where needs to do what. Compliance is the company's problem.

Re:Absurd

Consider the physical space, if a bank has headquarters in the USA would that mean the US government is entitled to access a safety deposit box in a foreign country?

That is an entirely different situation. What you are talking about requires **PHYSICAL ACCESS**. In this case, no physical access is required. It's not the same thing and to claim it is the same is to deliberately mis-state the issue.

One also wonders whether the access would even be illegal in the foreign jurisdiction./quote>How is it illegal? Every time you got to a website located outside your country you are accessing a server is a "foreign jurisdiction". Companies who operate data centers around the world routinely access servers remotely.

Re:Absurd

[mysidia]

In this case, the court would order MS US to give effect to the order, and MS US would either have to order/discipline/fire people at MS Ireland until they complied

But since MS US does not have any legal authority over MS Ireland; it's a moot point; Microsoft US has no capability to "order", "discipline", or "fire people" in the other business unit.

Re: Absurd

[cyber-vandal]

And if that breaks Irish law?

Re:Absurd

[jd]

In the example you gave, usually extra-territorial is off-limits, except for crimes on the high seas, which can be prosecuted by the owning state, the state of arrival or the states of the individuals concerned.

The LIBOR scandal was partly uncovered by somewhat forceful access to Swiss bank accounts by the British, albeit with begrudging Swiss approval. Eventually. The Panama Papers and Paradise Papers revealed further abuses that really should have been uncovered a lot sooner and which can't be effectively dealt with. International Banking has laws and an exchange system which lie outside any territorial boundaries by definition, yet must be enforced.

So we have a system that is (a) not very well designed, not particularly honest and exceedingly fragile (fake transfers are known to get through on the exchange system), and (b) requires an international approach even if it was well-designed and honest. Treaties are only effective if nations can be forced to obey or overridden if they dishonestly refuse.

But this covers only a tiny fraction of the activity of the banking system and most of the time the jurisdiction is clear-cut.

Then there's the unintended consequence of enforcing such a system. It means US recognition of ALL national laws regarding prohibited speech and ALL national/EU laws governing data privacy and the right to be forgotten. Even when it's a US company operating in that nation or political domain.

Is the US prepared to renounce its exceptionalism stance with regards EU data protection? If not, it has a problem. You can't say it's their jurisdiction but only for the laws of theirs you like. It means deliberately transferring data outside the EU without imposing equal protection measures is a crime, that the US will neither protect nor defend any US company operating in the EU that commits that crime and that the US will approach EU nations and offer absolute guarantees that it will respect EU law and will support nations wishing to prosecute such an offence.

I don't think the US government has the guts, to be honest. Which means it's trying to play both sides of the fence, according to what plays better with the home crowd. That's a good way to get burned.

If they say that nationality of the corporation overrides all, then we have the inverse consequence. Any EU corporation in America is automatically covered by EU law, not American law. I don't imagine THAT would go down terribly well. In other words, the reverse ruling makes all corporations de-facto embassies. Which would wreck havoc if corporations actually enforced that.

(Note: This could solve some Brexit issues. If companies are embassies, then EU companies in the UK are not subject to any UK laws, only EU ones. It would also cause widespread rioting.)

Re:Absurd

[Gilgaron]

But in this case, for tax purposes, the US entity is generally the subordinate one, yes?

Re:Absurd

Somehow I doubt your assertion that MS US has no authority over MS Ireland. I believe that MS US could completely sack all of MS Ireland in a day. Nowhere in the MS argument is it stated that MS Ireland is a completely independent entity. MS US would be quite foolish to create an independent subsidiary. Subsidiaries are never independent from ownership.

Re:Absurd

[Wrath0fb0b]

If, as you claim, they are independent companies and no one at MS US exercises supervisory or contractual authority over MS Ireland, then MS US can truthfully go to the court and say they have no means to comply with the order.

If, on the other hand, MS US, either through direct control or via contractual obligations, directs the actions of MS Ireland, then MS US would be required to comply with the order as they have the means to do so.

Re:Absurd

[Teun]

They are, if just for tax and liability reasons. More recently MS has acted on the legal threats and separated their EU subsidiaries even more.

Re:Absurd

[Teun]

Indeed, that would be the proper way.
The USofA can start legal proceedings in Ireland to get what they want.
But contrary what you state the demand of the USofA would very likely have no standing.

Re:Absurd

[Teun]

What you are talking about requires **PHYSICAL ACCESS**. In this case, no physical access is required.

Wrong.
This is not about physical access, this is about ownership and privacy law.

Re:Absurd

[Richard_at_work]

The US already requires foreign banks with bank accounts owned by US citizens to pass data to the IRS on that bank accounts usage. This has been the case for many years.

So its not absurd, and plenty of precedent already exists.

Re:Absurd

[Richard_at_work]

If MS US had no legal authority over MS Ireland, then this entire court case would have been over and dusted a decade ago - a company with no ownership rights, authority or interest in another company cannot be forced to make that other company do anything.

In this case, MS US owns MS Ireland. Legal authority exists as part of those ownership rights.

Re:Absurd

[Luthair]

Its actually only a few of years, and the part that you're missing is it required the US negotiate treaties.

Re:Absurd

[gravewax]

They operate under EU laws their, you cannot fire someone because they refused to commit a crime on your behalf.

Re:Absurd

The US had to go through legal negotiations and establish international treaties and agreements with those banks to get that in place. Such treaties already exist for this type of data too, but the US is trying to bypass those legal treaties so they can seize the information directly.

Re:Absurd

[jabuzz]

They do that by saying if you as a bank wish to interact with the US banking system you must pass data to the IRS on US citizen's. So if as a bank I have no wish to interact with the US banking system then I can tell the US government to go pound sand and there is nothing the US government can do about it.

Of course this is quite limiting for a large bank so they generally comply. However I would imagine that some of the smaller building societies in the UK for example don't do international banking with the USA and/or could exist quite happily not doing so and thus be under no compulsion to tell the IRS the details of the US citizens accounts.

Re:Absurd

[Ihlosi]

They do that by saying if you as a bank wish to interact with the US banking system you must pass data to the IRS on US citizen's. So if as a bank I have no wish to interact with the US banking system then I can tell the US government to go pound sand and there is nothing the US government can do about it.

Yes it can. Simply make a bilateral treaty with the other country, and the requirement to pass US person financial information to the IRS can be passed into law in the other country.

The other country also gets financial information on their citiziens in the USA; but since only two countries in the world tax based on citizenship instead of residence, the information is basically useless to the other country.

Re:Absurd

[Cederic]

the reverse ruling makes all corporations de-facto embassies

No, it does not. Embassies are not companies and companies are not embassies. A US ruling (or its reverse) does not change this.

Even if MS Ireland are subject to US law (which is debatable, even if the US Supreme Court rules in favour of the government) they very definitely remain subject to Irish law. That may leave them forced to break a law, but sure as fuck doesn't give them immunity if they break the law in Ireland.

Re:Absurd

[mysidia]

In this case, MS US owns MS Ireland. Legal authority exists as part of those ownership rights.

Perhaps MS US owns MS Ireland, BUT Legal authority does not extend into breaking the law.

If it would be a violation of the laws in Ireland for MS Ireland to transfer the data outside of Ireland, then
not even the owner of MS Ireland has the legal authority to do so, even if they might have means of physically coercing MS Ireland to break the law; doing so would by definition be an unlawful attempt to exercise authority.

Re: Absurd

[guruevi]

Then someone in Ireland has to file suit and they can come up with damages. Given the deed will already have been done, the only thing that can be done is restorative at that point.

If yes, corporate structure will need to change

Most companies function in other countries as subsidies or foreign branches. Both for most legal cases act as an independent entity which is how Enron hid their losses from US audits and how many companies get out of paying tax. If this is yes, there is no reason the IRS could not ask/demand for a complete set of books in all countries and tax accordingly.

Likely they will have to reorganize at a further arms length with some sort of trust or functional representative owning the foreign entities. This is still possible, but it gets ridiculous quickly. The whole point is there is a legal understanding of 'entity' that limits the responsiveness of a corporation. Saying yes will blow it away with many consequences initially, but lawyers and even other countries will quickly construct a more separate entity. This is a stupid grasp by the government way outside established law and it becomes team america world police or the company with more effort still gets their separate entity protections.

Such a shame to fight over privacy rights

We could be making tools that will quickly put an end to this waste of time "debating" bullshit. You won't prevent spying. So let's do the next best thing and make sure the state/corp never gets the advantage over the individual. If they spy on us, we are entitled to spy on them. This is the rule to enforce, without any stupid "debates", much less "wrestling".

Re:Such a shame to fight over privacy rights

[guruevi]

Microsoft and Google could've prevented this by doing what Apple and a very small few other cloud providers does: We don't store data unencrypted and we don't have access to our customer's keys. They would've missed out on the advertising dollars but hey, you pick your battles.

Re:Such a shame to fight over privacy rights

[Ihlosi]

We don't store data unencrypted and we don't have access to our customer's keys.

Err ... really? Apple doesn't have a backdoor to encrypted data on the users device, but most things stored in their cloud service are readable to them.

US Companies in Europe Also Abide by EU laws

[Roger+W+Moore]

Microsoft owns that data, thus it is Microsoft property, and since Microsoft is an american citizen, it must adhere to American laws.

Yes, but any American citizen in Europe must obey European laws. If you happen to be a holocaust denier and get arrested in Germany explaining about the US constitution's protections on free speech will get you nowhere.US companies have the choice not to go to Europe but, if they do, they must follow the law there. European law says that Microsoft cannot hand the data over to foreign (US) authorities. There is no law that the US Congress can pass that can relieve them of this responsibility and, if the US forces MS to hand over the data, it will make it close to impossible for US companies to do business in Europe since they will be unable to follow the law and so be liable for financial and possibly criminal penalties.

Re:US Companies in Europe Also Abide by EU laws

[jd]

As long as the companies are considered on EU turf, you are absolutely correct. Ergo, the only way the US can impose its laws on Microsoft in Europe is to get a treaty with the EU declaring that companies on someone else's turf are embassies covered by the Vienna Convention. Microsoft would then be on US soil anywhere in Europe and so subject to US laws.

Aaaaand it will take you all of five seconds to figure out why that would be such an incredibly bad idea.

Nonetheless, it would work, and if the Supreme Court ruled that way then it is instructing Congress to put forward such a treaty. Otherwise, it's like ruling the moon is made of green cheese.

Ultimately, there will be unintended consequences, and essentially every law ever passed will have them, because very few people stop to think past a single talking point. Particularly politicians. Judges might, but the rules on activist judges prevent them.

Re:US Companies in Europe Also Abide by EU laws

My position is the law has crashed. It is utterly unlawful to create a situation where it is no longer possible for somebody to comply with all the laws that are over them. On issuing that warrant, the situation was made manifest.

Re:US Companies in Europe Also Abide by EU laws

[ChatHuant]

But, USA law also says you can charged for any USA law that you break while outside of the USA as soon as you return to the USA (either under your own will or through extradition).

Fair enough, since corporations are apparently people now - and that's what the DoJ should do. They should charge Microsoft Ireland as soon as it returns to the USA. More than that, they should wait at the airport, and, as soon as Microsoft Ireland steps on American soil, agents should jump in, wrestle him to the ground and read his Miranda rights. I think I'd like to see that.

Re:US Companies in Europe Also Abide by EU laws

[Richard_at_work]

Why is it unlawful? Doesn't that claim mean a sovereign country is restricted from passing its own laws, on the basis that those laws are incompatible with another sovereign countries, even when no treaty between the two exists? I don't think *any* country is going to agree with you on that one...

Re:US Companies in Europe Also Abide by EU laws

[Kiuas]

European law says that Microsoft cannot hand the data over to foreign (US) authorities.

The law does not say that, actually, nor is the argument MS is making; MS is not saying that handing over the data would be illegal for them to do on the EU side, but that as the search warrant being used is a domestic one, said warrant does not apply to data outside the US. The law in Europe says that Microsoft or any other corporation cannot process data concerning EU citizens outside the Union without following European law. This means 2 things:

1) If the data in question is not of European citizens but American citizens, in so far as I understand, there's nothing that prevents Microsoft from handing over the data. Although even if this is the case this doesn't mean they have to do so. But my current understanding is that nothing in the Data Protection Directive (which is about to be replaced by General Data Protection Regulation coming into effect in May this year) prevents handing over the data of non-EU citizens.

2) The data is not inaccessible to US authorities if you follow the correct procedure. Contact the authorities in the country that the data is located in and present the evidence for your case and if it is solid said authorities can force MS to hand over the data and then hand it over to the US.

The laws are meant to protect people's privacy, which is a good thing. However, this does not mean evidence for a case will always be inaccessible, or that any transfer of data from EU to the US is in all cases forbidden. it just means you need to co-operate with the local authorities to get it.

Even if the US supreme courts eventually rules against MS, that doesn't negate either of the 2 points above. Meaning, even if the supreme court decides that domestic US search warrants apply to data abroad, the US authorities still cannot compel corporations to hand over data of EU citizens without co-operation from local authorities.

Re:US Companies in Europe Also Abide by EU laws

Not true. If you go to Holland and smoke a joint, you won't be arrested for that on returning to the US.

There are some very narrow, specific exceptions to this rule, mostly aimed at money launderers and sex tourists - but they're very specific.

Re:US Companies in Europe Also Abide by EU laws

[Frobnicator]

Good summary. The links to the full arguments are up along with links to the other details. Scotsblog post generally, and today's transcript specifically.

The list of amici curiae is impressive. The European Commission, the government of the United Kingdom, the government of Ireland, the Council of Bars and Law Societies of Europe, the German Chamber of Industry and Commerce, the French Department of Business, and even the United Nations legal arm for data privacy. All of them said that if the US enforced the order they'd be violating all kinds of international, law, including violating treaties made by the US regarding preserving privacy of some of the information the government is demanding. The Mutual Legal Assistance Treaty, MLAT,

They also all state point #2 that you made, which is the same thing Microsoft says: There is already a procedure for this, done through international treaty, by filing an MLAT request. The procedure is followed all the time and does not take years like the federal government is suggesting. Nations have a solid history of acting on urgent request immediately, generally as soon as the call or email or request is made. Ireland's government has stated at every level of the case that they would immediately act on the request if the justice department would follow the international treaties that are already in place.

The government lawyer stated EXACTLY the reason they want this on page 23 of the transcript. Justice Alito asked why the government didn't use any of the conventional methods to get the data. Government's reply: " We don't have to go to a court first. We just issue the instrument. The provider has to make disclosures. " They freely admit that this is an attempt to grab information in a way that bypasses the courts, bypasses international treaties and MLAT requirements and extraterritorial law, and bypasses the US due process requirements. It is nothing more or less than a power grab to bypass legal protections.

Re:US Companies in Europe Also Abide by EU laws

[david_thornley]

Except that, as I understand it, Microsoft USA has full access to the data. Therefore, the court is ordering employees of Microsoft USA to do something on US soil. that would be illegal if Microsoft Ireland tried it in Ireland. The court is requiring absolutely nothing from anyone outside US borders, and it does have jurisdiction in the US.

There's a good argument to be made that the actual geographic location of the servers is irrelevant to the US court, and it seems clear to me that a court could order someone in the US to do something that might be illegal elsewhere.

Re:US Companies in Europe Also Abide by EU laws

[Roger+W+Moore]

It is utterly unlawful to create a situation where it is no longer possible for somebody to comply with all the laws that are over them.

No, it's stupid, shortsighted and undermines everyone's confidence in the law but unless there is a law which says that this is unlawful it is perfectly legal for this situation to arise. If it happens within the laws of a single country then a judge would be able to resolve it be ruling what the correct course of action is. However, when the laws of two independent countries collide there is no single authority which can resolve the contradiction. The usual way this is avoided is by not extending your laws beyond your national boundaries but since the US seems to be completely ignoring this constraint now this type of problem is likely to keep cropping up for US companies and citizens.

Re:US Companies in Europe Also Abide by EU laws

[Roger+W+Moore]

MS is not saying that handing over the data would be illegal for them to do on the EU side

Hence, as stated, European law says that MS cannot hand the data over to US authorities in this situation. That does not rule out that there are other, legal ways to get the data only that in this situation it would be illegal for them to do so.

Wrong sides?

[Nemyst]

Shouldn't the so-called "conservative" judges be in favor of personal privacy, against governmental overreach, and pro-business? The definition of conservative seems to get twisted more and more every day.

Re:Wrong sides?

Shouldn't the so-called "conservative" judges be in favor of personal privacy, against governmental overreach, and pro-business? The definition of conservative seems to get twisted more and more every day.

To categorize a justice as "conservative" or "liberal" is to reduce their philosophy and thought process to a simplistic one-dimensional metric. When you do that, you will get nonsense. This is not due to a justice being inconsistent. It is due to your understanding of their thought process being garbage.

Re:Wrong sides?

Shouldn't the so-called "conservative" judges be in favor of personal privacy, against governmental overreach, and pro-business? The definition of conservative seems to get twisted more and more every day.

To categorize a justice as "conservative" or "liberal" is to reduce their philosophy and thought process to a simplistic one-dimensional metric. When you do that, you will get nonsense. This is not due to a justice being inconsistent. It is due to your understanding of their thought process being garbage.

if you had viewed the rulings for many cases you would see they are indeed one dimensional and more often then not rule with there political leanings. hence fights about who to appoint to the supreme court as the political numbers will determine how they will rule in many cases

Re:Wrong sides?

That would be the theory except that so-called "conservatives" are always in favor of of big gov't with respect to law enforcement of things they disapprove of. They'll gladly employ any number of officers, build any amount of prisons.

Re:Wrong sides?

[guruevi]

The judiciary is not supposed to be in favor of anything, they're supposed to interpret the law as they are written. In that context, "conservative" judges typically seek to abide by the letter of the law and "liberal" judges seek to reinterpret and make up new laws.

Overreach.

Supreme Court justices on Tuesday wrestled with Microsoft's dispute with the U.S. Justice Department over whether prosecutors can force technology companies to hand over data stored overseas, with some signaling support for the government and others urging Congress to pass a law to resolve the issue.

Now just imagine the Chinese wants data from US citizens stored in the US? And yes Microsoft has a subsidiary in China. See the problem now?

From a second grader's knowledge

From a second grader's knowledge of the division of the US government, why shouldn't this be a problem of congress?

Re: From a second grader's knowledge

Courts are empowered regarding the handling of legal decisions and judgements, the Executive negotiates treaties.

Congress could conceivably direct the courts. Ore expressly, but they have not.

Supreme Court Wrestles

That's Justice Alito, off the top rope! Oh, that had to have hurt! And is that... OH MY GOD IT'S JUSTICE GINSBURG WITH THE STEEL CHAIR! She smacks Alito clear out of the ring! In all my years as an announcer I have never before seen wrestling quite like this, ladies and gentlemen. This is just... savage.

Captcha: prejudge

Unintended Consequences

[jd]

If the Supreme Court rules that data follows the laws of the nation that it is in, then the EU's data protection laws and right to forget automatically apply to all data in the EU even if held by a US company. I doubt the court will consider that, but that is simply a matter of fact.

If the Supreme Court rules that data follows the laws of the nation of the holding company, then European-based companies in the US automatically follow those aforementioned EU laws. The fact that they're in the US would be incidental. The Supreme Court decision would override all State and Federal rights as they are the supreme arbiters.

There can be only one law on the subject, one rule, one criterion for whose laws matter.

I don't believe for a second that the majority of fans of either side have considered the ramifications. It is human nature to look at things in isolation, even though nothing exists in such a state. So, here's a chance. I'l like people to reply to me with a consequence they hate yet know must be faced if the decision went the way they wanted it to. The inevitable consequence of the dichotomies of an us-v-them political situation. From a systems standpoint rather than in isolation, is it a useful dichotomy? Is it a useful consequence, even if you hate it? There will always be one, but it useful?

If the consequences serve no useful purpose or are even harmful, then maybe the problem is not in who holds jurisdiction but why we're asking that particular question and not something else.

Re:Unintended Consequences

[Solandri]

Yeah, this case is basically the U.S. version of the German cases requiring search engines to strike Nazi results worldwide, and French cases requiring websites abroad to block content deemed illegal in France.

It's one of those situations where you only see the advantages if you consider only yourself (your country). But the disadvantages become obvious when you consider the world as a whole. e.g. "What if you could have sex with anyone who wanted?" Most people think that would be fantastic. "What if anyone could have sex with you?" Suddenly it doesn't seem like such a great idea.

The only decision which makes sense if you want to preserve the integrity of national borders is that U.S. law stops at the U.S. border, German law stops at the German border, French law stops at France's border. If the U.S. wants to get its hands on information Microsoft is storing in Ireland, they should file a request with Irish authorities (similar to an extradition request). Then Ireland can decide whether or not it should honor that request, and legally force Microsoft to turn the info over.

Re:Unintended Consequences

[gravewax]

The EU's data protection laws ALREADY applies to all data residing in the EU. No if's but's or maybes and regardless of which way the US supreme court rules that is a simple fact, the US does not have the power or right to override those laws. Should they choose to saw those laws can be overridden by US authorities then they put US companies in a truly fucked up position and will cost companies massive amounts of business and/or see many companies relocate out of the US so they are not put in such a fucked up position. It isn't even like the US has no way to get the data, their are existing international treaties that allow them to request the data through Irelands courts and it would almost certainly be turned over to the US.

Re:Unintended Consequences

[Attila+Dimedici]

I am sorry, but you are mistaken. The Supreme Court is under no obligation to take other country's laws into consideration when deciding the meaning of U.S. laws. So your conclusion that if the Supreme Court decides that Microsoft is obligated to turn over data sought by the prosecution which it currently holds in a database located in Europe, it would mean that European companies with a U.S. presence are not subject to U.S. laws is incorrect. It is perfectly possible that the Supreme Court can rule that companies with a presence in the U.S. must follow U.S. law, even if that law is contradictory to the law in other countries where those companies have a presence. Not only is it possible for it to rule that way, it may be the only legitimate way for it to rule depending on how the law is written. It is the job of the President and Congress, primarily Congress, to resolve such conflicts.

Re:Unintended Consequences

[AHuxley]

The US gov goes full "Letter of marque" on Ireland? https://en.wikipedia.org/wiki/...
Other nations will sit up and take note of what US brands and the US gov will do.
That allowing any US brand in opens their legal system up to many different US laws.

The US can go back to its past and enforce a trade deal and laws onto the EU?
United States expedition to Korea https://en.wikipedia.org/wiki/...
Go full Perry Expedition into Ireland https://en.wikipedia.org/wiki/... ?

Re:Unintended Consequences

Even more unintended consequences: all you have to do to make your data immune to US law is to move it overseas. Feel free to hide the evidence of crimes overseas, it can't be subpoena'd!

Re:Unintended Consequences

Free speech cases are not the same.

Asking a website company to not display certain speech in their country isn't the same as asking a company to give up data of potential EU citizens to the US.

In free speech case, a country is asking you not to do something illegal in their country, but curtailing your speech in e.g. Germany isn't illegal in the US. In Microsoft's case, the company is arguing that by comply with US authorities, that they would be doing something illegal in another country.

Re:Unintended Consequences

[X!0mbarg]

First, it's Data.

Then, it's monies/commodities.

All in all, the owners' rights should also supersede the rights of those holding the items for another, in spite of where those items are being held.

After all, burying monies to avoid taxation is tax evasion, and inherently illegal. Hiding incriminating data, or simply holding data that is of illegal content or for illegal use should follow in its legal state, regardless of location.

I don't see this ultimately going anywhere, as this would open the floodgates of Fat-Cats getting their illegal offshore monetary streams compromised, and taxed by their country of origin. And they'd all whine incessantly about it being so "unfair".

If all a persons' data and money were tied to them legally, no matter where they choose to store/hide it, that would be more along the lines of "fair".

Getting "everybody" in all countries on board... that'll take some arm twisting (for obvious reasons).

Re:Unintended Consequences

[Attila+Dimedici]

So, now you are concluding that if the Supreme Court rules that U.S. laws apply to data which Microsoft stores on servers in Ireland that the President will start a war over enforcing those laws. You really need to spend some time studying the separation of powers as laid out in the U.S. Constitution. The Supreme Court is not nearly as powerful (or, at least not intended to be) under the U.S. Constitution as you seem to imagine.

What you are saying is that it would be a bad idea for U.S. laws to apply to company assets in other countries. I do no disagree, but if the law is written in such a way as to claim such application, it is not the Supreme Court's job, nor is it within the Supreme Court's authority, to rule that it does not. The Supreme Court does not have the authority to fix laws which they think are stupid, it only has the authority to adjudicate on what the law means and whether it is consistent with the U.S. Constitution.

Re:Unintended Consequences

[jd]

Precisely. The question is whether SCOTUS will think of that.

Re:Unintended Consequences

[jd]

Already done. in the LIBOR scandal, it was revealed banks were actively assisting customers in hiding money overseas in Switzerland. For a donation.

And therein lies the problem. Whichever way SCOTUS swings, everyone is fully aware of the loopholes criminals can exploit. Every path they can go down has unintended consequences that threaten the stability and integrity of enough of the nation to pose a serious problem.

There is no solution to this within the existing framework. The framework has to be changed. You need some form of ever-closer union, at some level, if you're going to eliminate the paradoxes within the framework. Merely suggesting that would send half of America ballistic and has already sent just over half of Britain into apoplectic fury. Keeping the peace by keeping laws national is going to mean more Paradise Papers and more Panama Papers. Sooner or later, that'll have the same result.

Re:Unintended Consequences

[jd]

The US Supreme Court can take into consideration whatever it likes, including a Tarot reading if it so wishes.

However, US laws only apply to US soil and as Microsoft is not an embassy under the Vienna Convention (yet), their servers in Ireland are not on US soil.

If it is sufficient to say that Microsoft is American, then Americans abroad are under US law as well as the law of the nation they are in. That means US government officials are bound by the US Constitution when operating abroad. Personally, I'd argue they are, since it's a law specifically restricting government and not a law about how to govern the United States. That would make violations by US government officials of, say, the right to a fair trial by mere suspects living abroad a serious criminal offence. Many argue that it is. But this is the sort of thing that will worry SCOTUS. They interpret. They actually are activist judges, by design and by nature. They get to decide what any law actually means and who it applies to. That is their job.

SCOTUS aren't stupid, they'll be aware of the ramifications of a decision either way. My concern is that they may be careless. Whatever their ruling, it will have loopholes that could be catastrophic. SCOTUS doesn't have to care, but they will. How they look matters. Image matters. But ramifications also matter. These court rulings are lengthy and detailed, not for amusement but to minimize the collateral damage. Because of political pressures, they may skimp on that and produce a devastating international incident as a result.

Congress? Psychologists and neurologists are in broad agreement that they're all psychopaths. The President? The boy does nothing.

Is it truly absurd?

Is it truly absurd? Should an international corporation be allowed to hide evidence by moving it around? Should international corporations then be immune to the laws of all nations? How exactly do you prove where the data is stored in a cryptographically protected distributed file system? Your argument is extremely close to saying that that multinationals have a carte blanch to do whatever they want "in the cloud" without being subject to the laws of any jurisdiction.

Re:Is it truly absurd?

it is nothing of the sort. We are talking about an individuals data here, not Microsoft's. Microsoft has to obey the data handling laws of the country the data resides in. If this was Microsoft Data it would be a completely different story.

What we need is home servers and static IPs.

Maybe a ready-made OwnCloud image ... done.

You can offer it to trusted friends and family too. Not everyone needs to be an expert

Freedom

Big Internet companies should move into the ocean and declare complete independence from any country.

cryptographically distributed is above the law?

Yeah, the problem is that you want to give corporations the ability to evade laws by shifting data around. Haha, you can't have the evidence because I moved it elsewhere.

Even better, should microsoft be able to hide all data from all jurisdictions by cryprographically distributing it, so it isn't solely in one country? Do you really want to give companies that immunity?

Nope! Simplistic Thinking

First of all, international law presumes that national boundaries are sacrosanct. In fact it was a major change in international law when the U.S. (successfully) pressured the international community for even a limited exception to this.

From memory, so take this with a grain of salt. I believe it was during the dissolution of Yugoslavia, which created a devastating civil war. No one wanted to get involved (it actually should have been the EU, but they dithered and stalled endlessly). Finally the slaughter got so great that the U.S. got international agreement that if a nation "failed to prevent ethnic cleansing or genocide", other nations could intervene and not have that be an act of war or a breach of international law. And if it wasn't Yugoslavia it was Rwanda.

There is no exemption for civil matters.

As to whether Microsoft is an American citizen, are you sure? I don't know either, but companies routinely create independent corporate entities for international operations. It might not be "Microsoft" we are dealing with here, it might be "Microsoft Ireland", "Microsoft Italy", "Microsoft Europe", etc.

Next is the issue of the customer's citizenship. If the customer is a citizen of another country, that country might decide their citizen's rights pre-empt any rights or obligations of the corporation they are doing business with. In fact I believe the European Union takes exactly this position on the rights of their citizens.

Finally, you state that Microsoft "owns that data." Well they might. Or they might not. Have you read the EULA & TOS? Has anyone? In particular, did the citizen who's data is being demanded by law enforcement, did they read that EULA & TOS? This depends both on the actual wording of the TOS, and whether informed consent can be given if the citizen was not actually informed.

Another way to look at this

[MobyDisk]

The conversation keeps revolving around where the company is located and where the server is located. No decision based on those criteria will ever be consistent. Perhaps it makes more sense to assign jurisdiction not based on where the data is held, or where the company headquarters resides, but based on where the individual resides. In that interpretation, the US government could get a warrant to obtain files on American citizens, but not on Irish citizens. This resolves some of the scenarios where someone says "Well, suppose [evil regime X] wants information on an American citizen, then should Microsoft provide it?" It also avoids confusion with applying European data privacy laws to American citizens whose data happens to be on a server in Europe. The case gets even more absurd as data moves around. If a US server has a backup in Europe, whose data privacy law would apply? Oooh, even crazier, what if we stripe the data 3 ways with some bits in America, some in Europe, and the parity bit in Asia? These kinds of problems go away when viewed in terms of residency.

We need a treaty to make this happen.

Re: Another way to look at this

Problem: NK ex-citizen is probably viewed by NK as a citizen. You replaced something well-defined with something ill-defined.

Re:Another way to look at this

so all they would have to do is grant honorary citizenshipt to anyone and spying free for fall ensues?

What constitutes transferring digital data?

So one of the more interesting arguments is that the search and seizure only actually occurs when Microsoft US hands the actual data files over to the government not when they copy the data from where it is stored to a new storage location in the US.
Notice the thought process there, and the way it involves copying data. Now think about the implications for digital content licensing. I bet the entertainment industry would have a different opinion about this than the Justice Department.

Bye Bye tax haven profit shifting.

Well, for example if MS Europe or Ireland HAD to do what US law says secretly, it is not longer a European entity. Then it would have to show its books - and what some call ultimate owners. In short if the US lawmakers decide yes, then all favorable tax shifting ends tomorrow. I foresee Europe declaring any 51% American anything data, illegal.

But other than that

[Impy+the+Impiuos+Imp]

That's fine but it has to spark and evolve there, not adapt from richer climes.

Also 1/100th the atmosphere may be livable but is another monkey wrench the cold desert doesn't come close to duplicating.

Also this claim has been made for extremophiles before, notably antarctic lichen.

How about the scummy Win 10 Data Theft / Spying?

Why do we need to not only have it spy on us forcibly but also have an advertising ID so someone else can make money?

Fuck Microsoft

No.

I think y'all are arguing about the wrong thing. The law in question already only applies to US data. The problem that is being grappled with is that the law can easily be circumvented by moving the data around to hide it. The flip side is that data that should be protected due to its being elsewhere can easily be brought to the US. The ease of those opposing problems was not contemplated at the time the law was passed in 1986.

Of course, the law itself was stupid even at the time, for example because it considered email to be "stored communication" and claimed that it was no longer just communication if it was stored for more than 180 days. Even in 1986, such a thing as backups existed.

Also, the current court seems to think that the problem at hand did not exist when the law was passed in 1986. That's ridiculous. FTP has existed since the 70s, and multinational companies like IBM with international networks could move data around internationally at will even before the "internet" existed (though probably not before arpanet existed, though arpanet would not have been used for it).

This is all part and parcel of the idiocy with net neutrality claiming that ISPs are not common carriers.

Oversimplified

Your statement that "The Supreme Court is under no obligation to take other country's laws into consideration..." is correct as far as it goes.

However do you know what is always relevant? Jurisdiction. All courts have to consider jurisdiction at all times, and they have no business ruling on matters not in their jurisdiction. They also make findings of fact when a law attempts to assert jurisdiction in an area where it cannot do so.

Any US law which attempts to co-opt jurisdiction in a foreign country is an illegal law. Full stop. The US Supreme Court is fully within it's rights to make such a finding. In fact it is the obligation of the US Supreme Court to do so.