No there aren't. To be extradited the crime has to be a crime in both jurisdictions. That's in the treaties. Following a court order means it ain't a crime in the USA, no extradition.
Courts remember are the people who toss people into boxes for months, years or decades where they lose regular access to their family, their career, their sex life... Getting some data short term is not remotely the extent of their powers.
There is a slew of missing applications for industry verticals where there is no race to the bottom. I don't see any evidence that the mobile world is even close to saturated. It may be that general audience horizontal applications aren't the best place for small teams but that isn't the end of the world. How many general purpose task managers and tower defense games do we need?
I'm going to stop arguing with an AC, especially one who is just making stuff up. you can have the last word
No European courts do not recognise US courts, if you want to subpoena European (or irish in this case) data then you need a local court
Recognizing a court means that the local court issues the document.
Microsoft and other companies DO PREVENT access by US staff
False.
, in many cases this is part of the deal to house privacy data within those countries as privacy data is not permitted to be accessible or shipped off shore by foreign entities
Microsoft's terms of usage, including in Europe explicitly state they comply with US law. They couldn't be more clear that they will ship data off to a court is validly served.
So even if asked in a court, under oath, they would be forced to deny it? Wouldn't that be forcing them to commit perjury?
They have a warrant to deny it. It isn't perjury since Congress specifically authorized it. It is an exception to the perjury statute.
So I understand that a Patriot act subpoena can force you to hand over information, even if that would force you to commit a crime by breaking data privacy and security laws in a foreign country where the data and you reside. Now, what else can these National Security Letters tell you to do, besides handing over data?
They can order you to not interfere in anyway with a data collection. They can require you to do anything covered by a normal subpoena (which is a lot) and on top of that they can order you not to interfere with their collection operations.
Where are the limits to the National Security Letters defined?
The patriot act and regulations which aren't public.
. I'm assuming that they actually give you a physical document, that you could give to a lawyer to check But how can a lawyer know if the request is within any limits of any law?
Yes but only an approved lawyer. The approved lawyer has access to someone who has access to someone in the know. So he can effectively get answers to his questions.
Up until know, it still seems that a National Security Letter can turn an ordinary American citizen into a spy or a criminal.
I think that's a bit strong. Part of your object is a generalized objection to the notion of subpoena you seem to have Nothing about those have changed. The US courts have always had the ability to compel people to tell them stuff and give them stuff.
if I am a customer in a foreign country, and I hire a company as a contractor that has any business at all in the US, the US government could at any time request that company to break the laws of my country, if a court makes a decision based on the Patriot Act Law, the contents and limits of this law being totally unknown to me.
Well you are conflating two things the patriot act which is relative new (since 2001) and subpoena law which has been around for centuries. So let's unconflate:
a) if I am a customer in a foreign country, and I hire a company as a contractor that has any business at all in the US, the US government could at any time request that company to hand over information even if doing so breaks the laws of my country, if a court makes a decision based on thousands of existing laws. The contents and limits of this law being totally knowable by me.
b) If any American receives a request under a Patriot act subpoena they not only will have to hand over the information but if they tell you they handed it over they could do lots of hard time. They may have some appeal rights (like a normal subpoena) but the appeal will often be heard by a secret court that does not follow normative US procedures, for example they may not be able to appear directly. Moreover the procedures and limits of the Patriot Act are likely classified beyond every American you know's authority to see. While the law (the Patriot Act) is public the regulatory framework around the law is not.
I'd say it is not where the data is stored but where the person is that matters. If the court and the person are in the same jurisdiction the court can enforce compliance.
Can it tell you to set a trap for your best friend, because the government thinks he is a terrorist?
No. But it can prevent you from notifying him of a trap.
Can it tell you that you must cooperate with the government agencies, as they plan to murder him?
It can tell you, you can't interfere.
Which courts? An open one? Or a secret one?
The open ones are getting access. The secret ones have more access.
And is the judge independent? Or a stooge?
Open = independent secret = semi-independeint
But that's yet again a different issue.
Is there a functioning system of "checks and balances", like the one US kids used to learn about in school?
Executive = CIA Legislative = Senate Intelligence Committee. Judicial = Security courts, JAG
public oversight. The congress has the right to revoke these laws at any time.
Not at all. The US government can, will and does call anyone they want a terrorist.
No they don't. Chapter 113 of the criminal code defines terrorism. An international terrorist must: involve violent acts or acts dangerous to human life that are a violation of the criminal laws of the United States or of any State, or that would be a criminal violation if committed within the jurisdiction of the United States or of any State. These acts must appear to be intended— (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and And they must occur occur primarily outside the territorial jurisdiction of the United States, or transcend national boundaries in terms of the means by which they are accomplished, the persons they appear intended to intimidate or coerce, or the locale in which their perpetrators operate or seek asylum;
Sure. This discussion is about being cute about non compliance. It is perfectly acceptable to work with a lawyer to best comply. But people with a subpoena can demand you hand over things immediately as well. If you don't and those records disappear...
The US government has admitted that it uses them to rubber stamp those National Security Letters, which are court decisions forcing companies to give the government access to whatever data they want
The scope of those courts are determined by the patriot act. I don't like the Patriot act but it isn't quite so open ended.
The US courts have already decided that it is legal for the government to order US citizens to be killed by drones.
No they haven't. The major rulings by the courts are that the legal justification for the drone strikes cannot be classified so high that the courts can't review the memos. They are still making rulings establishing that they would even have the right to hear the case.
And the US government has also clearly stated that they will kill anyone, anywhere, in the world they want.
Again false. The drone program's scope is determined by the Senate Intelligence Committee. We don't know the scope but they have never indicated the scope would be anything like that broad. They've said much the opposite: terrorism related suspects who present a high level of threat in countries where the government can't or won't control the territory... That's far from anyone, anywhere.
when they are delivered one of these National Security Letter court decisions
National Security letter's scope is defined by law.
That is the situation with Microsoft. It doesn't mater. They are wholly owned subsidiary and thus the American parent company can still compel them to do things. So they have to.
Now if you mean setup pick an overseas provider that doesn't have an American parent (like Interxion) sure a company can do that. Microsoft can't though, Microsoft has to be out of the loop almost entirely (maybe they just sell licenses for their software). On the other hand since Interxion is purely foreign it has no protection under USA law and so the NSA / CIA can collect information with no apologies or domestic controversy at all. Also Microsoft could be compelled not to sell Interxion licenses if they refused to voluntarily comply with a USA request.
US DOJ subpoena the US parent bank for "contents of safety deposit boxes 1 through 2000 from your London branch" - Bank says "our UK subsidiary is not permitted in law to do that just on our instruction"
I agree your analogy is better. And I'm going to say that under USA law the US parent company is obligated to compel the UK subsidiary to search the 2000 safety deposit boxes. If the US company can get to X, even if the UK subsidiary would prefer not get to X, they must.
US DOJ can serve the UK subsidiary in the correct jurisdiction
Can is not the issue. The issue is whether they have to or they can just interact with the parent company.
MS can't actually just change the policies because they are written into contracts
The contract is pretty clear, "We will not disclose Customer Data to a third party (including law enforcement, other government entity, or civil litigant; excluding our subcontractors) except as you direct or unless required by law. Should a third party contact us with a demand for Customer Data, we will attempt to redirect the third party to request it directly from you. As part of that, we may provide your basic contact information to the third party. If compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited." They couldn't be more clear that they intend to comply with laws. They have an entire set of pages where they track these disclosures: http://www.microsoft.com/about...
If you read the contract (too long) about non-tranference of data Azure is crystal clear that the regulatory authority is the U.S. Department of Commerce. They have the final say on what data can and should move where. Microsoft is ultimately a Washington State corporation. The laws governing Azure are whatever the State of Washington wants the laws governing Azure to be. You cannot have contractual provisions to commit crimes or refuse to comply with valid orders under American law.
Even if Microsoft had ever signed a contract that they wouldn't comply with a US court that clause would legally be null. They don't have to rewrite the contracts they those (hypothetical clauses) don't legally exist. Any contract with Microsoft (global) is under USA law. USA law doesn't consider complying with a court order to be a breach of contract ever. Companies have tried to claim that it still is a breach and have gotten their heads handed to them for it. If Microsoft were sued for breach of contract for obeying a court order the person suing would likely end up paying damages to Microsoft for daring to bring such a suit.
What you want to achieve regarding EU privacy cannot be achieved with a USA company under US law. The USA will never consider laws of foreign powers to be coequal to USA laws. You may not like that, but that is USA law. You want a data center provider that is not subject to USA law you are going to have to go with someone like Interxion, Microsoft is not an option.
"Overseas records must be disclosed domestically when a valid subpoena, order, or warrant compels their production" That was the claim literally word for word.
"Can you get it?" is not a good test, as I can get all sorts of things from my employer's computers (being a system administrator), but legally I can't turn them over to you, even if you have a subpoena, as I don't "own" the data.
Your analogy is correct. Your analysis of the legal situation is false. If I walked into your office with a subpoena for Betsy in the next cube's car and you know she keeps her keys in her purse you are obligated to get the keys from her purse even though you don't own the car nor the purse. Ownership or "the right" to the data doesn't matter. What matters is do you have access.
. Even if I was actually the one who gathered data in response to a subpoena, I wouldn't be the one to turn it over to you...I would give it to the person who has the legal authority to act for the company in those sorts of dealings.
Nope. If you conspire with the person who has legal authority to act on behalf of the company to not comply with a court order that's still obstruction of justice for you. You should work with them to comply, you are legal obligated to circumvent them if their intent is not to comply.
a) US judge tells American in the US to do something which would normally be illegal. b) US judge tells an Irish person in Ireland to do something which is illegal in Ireland.
Indemnification involves (b). Judges have the authority to do (a).
I'm still calling bullshit on your claim that US judges can make it legal to break other countries laws in their own country.
I never claimed that. I claimed that US judges can order people in the USA to ignore foreign laws. That's not the same thing.
So if there are no Americans in the Irish MS then what?
The Irish people probably aren't involved. There is no reason that Micrsoft global is going to expose their Irish employees to legal jeopardy if they can't avoid it. Azure isn't administered by MIOL it is administered by other Microsoft entities. Those other entities just get the data.
Now there was a hypothetical that the Irish people block the American ownership in which case their ability to block is removed by ownership. They aren't employees anymore.
If Ireland thinks the Americans are going to break the law it might deport them all.
Ireland most certainly could shutdown MIOL over violating European data protection laws. That's fine, within their rights and within their power. That's different though than Microsoft not complying with a US court.
You didn't mention who has final jurisdiction of a joint venture, concerned your precedent will give ALL your info to China when they decide to claim the same bullshit?
If it is a Chinese joint venture than absolutely the Chinese government has authority over the data. Of course.
Actually, they could. The US would then have to appeal to the Chinese legal system for a warrant to search the Chinese facility holding the property or for extradition of the property.
No that's not what happens. They tell the USA owner to go get the antique. There is no involvement of the Chinese legal system because the American has access. There is no search warrant this is a subpoena. If the American fails to turn it, and gets charged with obstruction of justice then on top of all that the Chinese legal system might get involved to get the antique back. But the American is still going to jail.
If the US wants the servers, they should follow proper legal procedures to get the servers.
I'm obligated to answer a subpoena even if I put it the data in a place where there is no legal jurisdiction. So for example if I had servers under the ocean I'd still have to get the data off them if ordered to do by a court.
"if you have operations in the US, you are subject to US jurisdiction even if you are a foreign corporation and even if the data is not in the US."
That's a different situation than Microsoft. There it is entirely possible that the USA employees don't have access and can't force access . The USA employees may be genuinely unable to comply with the subpoena. Under USA law the corporate owner is obligated to voluntarily comply. Failure to do so might mean their right to conduct business is the United States is withdrawn. But it wouldn't be obstruction of justice (criminal), they might have to shut down (civil).
Microsoft represents its hosting as being global, "Azure is available in 89 countries". What they say is that storage can be restricted to a single country. They never say that Microsoft USA doesn't have access. Because they do. The hosting is run globally. But even if they did say that and Microsoft Ireland Operations Limited (MIOL) was the only one who had access it still wouldn't matter. MIOL is a wholly owned subsidiary. They could just change the policy and now USA people have access. Which means that Americans can get the data and thus they are obligated to do so.
Someone else on this thread had a good analogy. Saying "the gun I used in the murder is in pants at my son's house so I can't answer the subpoena" is not going to cut it with the courts.
The UK government has the right to extradite anyone they want. It not having been a crime in the UK gives them the right to refuse under the extradition treaty not the obligation to refuse.
Slashdot Mirror
No there aren't. To be extradited the crime has to be a crime in both jurisdictions. That's in the treaties. Following a court order means it ain't a crime in the USA, no extradition.
They are. Some of the administration is global.
I'd assume everyone knows something about a few specific things. If not partner with an SME who does.
Courts remember are the people who toss people into boxes for months, years or decades where they lose regular access to their family, their career, their sex life... Getting some data short term is not remotely the extent of their powers.
As long as it isn't so obvious that 12 of your peers would see obstruction in it, you are fine. Otherwise....
There is a slew of missing applications for industry verticals where there is no race to the bottom. I don't see any evidence that the mobile world is even close to saturated. It may be that general audience horizontal applications aren't the best place for small teams but that isn't the end of the world. How many general purpose task managers and tower defense games do we need?
I'm going to stop arguing with an AC, especially one who is just making stuff up. you can have the last word
Recognizing a court means that the local court issues the document.
False.
Microsoft's terms of usage, including in Europe explicitly state they comply with US law. They couldn't be more clear that they will ship data off to a court is validly served.
They have a warrant to deny it. It isn't perjury since Congress specifically authorized it. It is an exception to the perjury statute.
They can order you to not interfere in anyway with a data collection. They can require you to do anything covered by a normal subpoena (which is a lot) and on top of that they can order you not to interfere with their collection operations.
The patriot act and regulations which aren't public.
Yes but only an approved lawyer. The approved lawyer has access to someone who has access to someone in the know. So he can effectively get answers to his questions.
I think that's a bit strong. Part of your object is a generalized objection to the notion of subpoena you seem to have Nothing about those have changed. The US courts have always had the ability to compel people to tell them stuff and give them stuff.
Well you are conflating two things the patriot act which is relative new (since 2001) and subpoena law which has been around for centuries. So let's unconflate:
a) if I am a customer in a foreign country, and I hire a company as a contractor that has any business at all in the US, the US government could at any time request that company to hand over information even if doing so breaks the laws of my country, if a court makes a decision based on thousands of existing laws. The contents and limits of this law being totally knowable by me.
b) If any American receives a request under a Patriot act subpoena they not only will have to hand over the information but if they tell you they handed it over they could do lots of hard time. They may have some appeal rights (like a normal subpoena) but the appeal will often be heard by a secret court that does not follow normative US procedures, for example they may not be able to appear directly. Moreover the procedures and limits of the Patriot Act are likely classified beyond every American you know's authority to see. While the law (the Patriot Act) is public the regulatory framework around the law is not.
I'd say it is not where the data is stored but where the person is that matters. If the court and the person are in the same jurisdiction the court can enforce compliance.
The Patriot act. The limits are in the law.
No. But it can prevent you from notifying him of a trap.
It can tell you, you can't interfere.
The open ones are getting access. The secret ones have more access.
Open = independent
secret = semi-independeint
But that's yet again a different issue.
Executive = CIA
Legislative = Senate Intelligence Committee.
Judicial = Security courts, JAG
public oversight. The congress has the right to revoke these laws at any time.
No they don't. Chapter 113 of the criminal code defines terrorism. An international terrorist must: involve violent acts or acts dangerous to human life that are a violation of the criminal laws of the United States or of any State, or that would be a criminal violation if committed within the jurisdiction of the United States or of any State. These acts must appear to be intended—
(i) to intimidate or coerce a civilian population;
(ii) to influence the policy of a government by intimidation or coercion; or
(iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and
And they must occur occur primarily outside the territorial jurisdiction of the United States, or transcend national boundaries in terms of the means by which they are accomplished, the persons they appear intended to intimidate or coerce, or the locale in which their perpetrators operate or seek asylum;
Read the thread! It is about Microsoft and the rules governing the employees in America. From the start.
Sure. This discussion is about being cute about non compliance. It is perfectly acceptable to work with a lawyer to best comply. But people with a subpoena can demand you hand over things immediately as well. If you don't and those records disappear...
The scope of those courts are determined by the patriot act. I don't like the Patriot act but it isn't quite so open ended.
No they haven't. The major rulings by the courts are that the legal justification for the drone strikes cannot be classified so high that the courts can't review the memos. They are still making rulings establishing that they would even have the right to hear the case.
Again false. The drone program's scope is determined by the Senate Intelligence Committee. We don't know the scope but they have never indicated the scope would be anything like that broad. They've said much the opposite: terrorism related suspects who present a high level of threat in countries where the government can't or won't control the territory... That's far from anyone, anywhere.
National Security letter's scope is defined by law.
That is the situation with Microsoft. It doesn't mater. They are wholly owned subsidiary and thus the American parent company can still compel them to do things. So they have to.
Now if you mean setup pick an overseas provider that doesn't have an American parent (like Interxion) sure a company can do that. Microsoft can't though, Microsoft has to be out of the loop almost entirely (maybe they just sell licenses for their software). On the other hand since Interxion is purely foreign it has no protection under USA law and so the NSA / CIA can collect information with no apologies or domestic controversy at all. Also Microsoft could be compelled not to sell Interxion licenses if they refused to voluntarily comply with a USA request.
I agree your analogy is better. And I'm going to say that under USA law the US parent company is obligated to compel the UK subsidiary to search the 2000 safety deposit boxes. If the US company can get to X, even if the UK subsidiary would prefer not get to X, they must.
Can is not the issue. The issue is whether they have to or they can just interact with the parent company.
The contract is pretty clear, "We will not disclose Customer Data to a third party (including law enforcement, other government entity, or civil litigant; excluding our subcontractors) except as you direct or unless required by law. Should a third party contact us with a demand for Customer Data, we will attempt to redirect the third party to request it directly from you. As part of that, we may provide your basic contact information to the third party. If compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited." They couldn't be more clear that they intend to comply with laws. They have an entire set of pages where they track these disclosures: http://www.microsoft.com/about...
If you read the contract (too long) about non-tranference of data Azure is crystal clear that the regulatory authority is the U.S. Department of Commerce. They have the final say on what data can and should move where. Microsoft is ultimately a Washington State corporation. The laws governing Azure are whatever the State of Washington wants the laws governing Azure to be. You cannot have contractual provisions to commit crimes or refuse to comply with valid orders under American law.
Even if Microsoft had ever signed a contract that they wouldn't comply with a US court that clause would legally be null. They don't have to rewrite the contracts they those (hypothetical clauses) don't legally exist. Any contract with Microsoft (global) is under USA law. USA law doesn't consider complying with a court order to be a breach of contract ever. Companies have tried to claim that it still is a breach and have gotten their heads handed to them for it. If Microsoft were sued for breach of contract for obeying a court order the person suing would likely end up paying damages to Microsoft for daring to bring such a suit.
What you want to achieve regarding EU privacy cannot be achieved with a USA company under US law. The USA will never consider laws of foreign powers to be coequal to USA laws. You may not like that, but that is USA law. You want a data center provider that is not subject to USA law you are going to have to go with someone like Interxion, Microsoft is not an option.
"Overseas records must be disclosed domestically when a valid subpoena, order, or warrant compels their production" That was the claim literally word for word.
Your analogy is correct. Your analysis of the legal situation is false. If I walked into your office with a subpoena for Betsy in the next cube's car and you know she keeps her keys in her purse you are obligated to get the keys from her purse even though you don't own the car nor the purse. Ownership or "the right" to the data doesn't matter. What matters is do you have access.
Nope. If you conspire with the person who has legal authority to act on behalf of the company to not comply with a court order that's still obstruction of justice for you. You should work with them to comply, you are legal obligated to circumvent them if their intent is not to comply.
That's two different situations.
a) US judge tells American in the US to do something which would normally be illegal.
b) US judge tells an Irish person in Ireland to do something which is illegal in Ireland.
Indemnification involves (b). Judges have the authority to do (a).
I never claimed that. I claimed that US judges can order people in the USA to ignore foreign laws. That's not the same thing.
The Irish people probably aren't involved. There is no reason that Micrsoft global is going to expose their Irish employees to legal jeopardy if they can't avoid it. Azure isn't administered by MIOL it is administered by other Microsoft entities. Those other entities just get the data.
Now there was a hypothetical that the Irish people block the American ownership in which case their ability to block is removed by ownership. They aren't employees anymore.
Ireland most certainly could shutdown MIOL over violating European data protection laws. That's fine, within their rights and within their power. That's different though than Microsoft not complying with a US court.
If it is a Chinese joint venture than absolutely the Chinese government has authority over the data. Of course.
No that's not what happens. They tell the USA owner to go get the antique. There is no involvement of the Chinese legal system because the American has access. There is no search warrant this is a subpoena. If the American fails to turn it, and gets charged with obstruction of justice then on top of all that the Chinese legal system might get involved to get the antique back. But the American is still going to jail.
I'm obligated to answer a subpoena even if I put it the data in a place where there is no legal jurisdiction. So for example if I had servers under the ocean I'd still have to get the data off them if ordered to do by a court.
That's a different situation than Microsoft. There it is entirely possible that the USA employees don't have access and can't force access . The USA employees may be genuinely unable to comply with the subpoena. Under USA law the corporate owner is obligated to voluntarily comply. Failure to do so might mean their right to conduct business is the United States is withdrawn. But it wouldn't be obstruction of justice (criminal), they might have to shut down (civil).
The Irish people are governed by Ireland. They aren't subject to US courts. The Americans are.
Microsoft represents its hosting as being global, "Azure is available in 89 countries". What they say is that storage can be restricted to a single country. They never say that Microsoft USA doesn't have access. Because they do. The hosting is run globally. But even if they did say that and Microsoft Ireland Operations Limited (MIOL) was the only one who had access it still wouldn't matter. MIOL is a wholly owned subsidiary. They could just change the policy and now USA people have access. Which means that Americans can get the data and thus they are obligated to do so.
Someone else on this thread had a good analogy. Saying "the gun I used in the murder is in pants at my son's house so I can't answer the subpoena" is not going to cut it with the courts.
The UK government has the right to extradite anyone they want. It not having been a crime in the UK gives them the right to refuse under the extradition treaty not the obligation to refuse.