Judge: US Search Warrants Apply To Overseas Computers

jfruh (300774) writes Investigators in a criminal case want to see some emails stored on Microsoft's servers in Ireland. Microsoft has resisted, on the grounds that U.S. law enforcement doesn't have jurisdiction there, but a New York judge ruled against them, responding to prosecutors' worries that web service providers could just move information around the world to avoid investigation. The case will be appealed.

Re:Finally!

[i kan reed]

Unfortunately, no. Jurisdiction for the crime isn't the same as jurisdiction for evidence.

Moving information for Freedom....

[Anonymous Coward]

"...responding to prosecutors' worries that web service providers could just move information around the world to avoid *dictatorships suppressing said information*".

Fixed it for ya.

If country X bans something, I happily move somewhere else where it's allowed assuming it was important to me.

Now what if this worked the other way. Some muslim country gets to search people's US computers even if they know they can't store their Porn on their Muslim country computer. Now they can say that storing that data in the USA isn't enough reason to avoid getting thrown in jail.

Re:It's almost sane(really)

[Anonymous Coward]

It's all well and good so long as the USA don't mind, say, a Russian court issuing a warrant for data held on servers in the USA.

Bye bye US cloud

[johanw]

Microsoft always sold their cloudservices in the EU with the argument that the data is physically located outside the US so the Patriot Act doesn't apply. Now that this has been proven false, EU-based cloudfirms will use this argument to choose a non-US based firm even more in their commercials than they do already. Good for the non-US based firms.

Re:It's almost sane(really)

[disposable60]

Or China, Iran, Pakistan, Myanmar or North Korea - you know, countries in which dissent of (heavens!) heresy/apostasy are capital offenses.

Re:It's almost sane(really)

[CanHasDIY]

Like if I'm arrested for smoking pot in the USA and USA prosecutors want to search my bedroom back home in Amsterdam to collect proof of my drug habit, you think its ok for USA police to force my parents to let them search my bedroom back home (or enter their home by force)? Even if my "crime" is only a crime in the USA?

I'm having trouble determining whether this is a really good analogy, or a really bad one... Leaning towards the former.

Re:It's almost sane(really)

[drinkypoo]

It's all well and good so long as the USA don't mind, say, a Russian court issuing a warrant for data held on servers in the USA.

There's nothing wrong with that, so long as they don't propose to use force to retrieve the data.

Murica

[korbulon]

I never fail to find the bravado and hubris underlying American exceptionalism... exceptional.

Land of the free... as long as you're not in one of our many many prisons ( http://nomadcapitalist.com/201... [nomadcapitalist.com] ), which has a higher per capita incarceration rate than Cuba, which is second on the list. Oh, and speaking of Cuba, there's always http://en.wikipedia.org/wiki/G... [wikipedia.org].

Home of the brave... because you'd be pretty brave too if your military budget was larger than the nearest eight other countries combined ( http://pgpf.org/Chart-Archive/... [pgpf.org] )

Where all men are created equal... except, of course, when they're not ( http://www.pbs.org/newshour/ru... [pbs.org] ) and a man can make something from himself even if he starts out life with nothing (but probably not): http://money.cnn.com/2013/12/0... [cnn.com] )

And where the rule of law is universal and sacrosanct... except in those cases where it's not convenient ( https://www.globalpolicy.org/u... [globalpolicy.org] ) and ( https://www.eff.org/nsa-spying... [eff.org] )

Oh well, enjoy your "freedoms".

Re:Finally!

[retchdog]

yeah, i would. it would be a nice reminder about why not to do business with totalitarian states.

and, yes, i also think that this case is a nice reminder for other countries not to do business with the US for exactly the same reason.

Re:It's almost sane(really)

[Anonymous Coward]

A Russian court issuing a warrant for data held by a Russian company on servers located in the US but controlled by the Russian company would be consistent with this ruling.

Re:Applies oversea or applies to local access?

[Trepidity]

That appears to be the argument, yes. The court isn't claiming authority to send police officers to Ireland and physically seize the data, or authority to force Irish police to conduct a search. Instead they're demanding that Microsoft (a U.S.-based company) produce the requested evidence, if indeed its U.S. staff have access to it (which they probably do).

I think it's problematic from a practical perspective, but I could see how someone could reach that conclusion. Usually jurisdiction of U.S. persons does extend to their overseas assets, e.g. in an investigation of fraud a U.S. court can demand that you turn over your Swiss bank account records, even though these accounts are (of course) in Switzerland.

The main problem IMO is that it puts companies operating in multiple jurisdictions in a bit of a bind. For example, Microsoft Ireland may have responsibility under EU law to not release data except in certain cases, while Microsoft U.S. is required to release it, meaning the company will violate the law somewhere no matter what they do. I'm not sure whether it's possible to avoid that by really firewalling the access, e.g. make Microsoft Ireland an operationally separate subsidiary whose servers cannot be directly accessed by Microsoft USA staff. But that would certainly complicate operations in other ways.

Re:It's almost sane(really)

[TRRosen]

That is a completely irrelevant example. Were not talking about subpoenaing a foreign company or entity. We are talking about forcing companies operating in the US to turn over information that is in their possession (under there control).

The basic concept here is that data does not exist in the physical world. Where the electrons are is irrelevant if the entity that controls it exists in the US.
         

Don't do business with the USA

[green1]

This is one more reason to make extra sure that companies that you deal with have zero US presence. In fact in many jurisdictions it would be illegal to follow these US laws due local privacy laws. By doing business in the US, any data on individuals that you have, even stored in other jurisdictions is subject to their laws, meaning you'll often have the choice of breaking US law, or breaking the laws of the country you're in.

Much safer to just avoid all dealings with the USA.

Re:Moving information for Freedom....

[thaylin]

Most defiantly yes. The government does not have free reign to just enter into our lives when it wants to and how it wants to, it has to follow local and global laws. Getting a warrant in the US is crazy easy, and there is little oversight. Requiring them to actually follow the law is not a bad thing. The law is there to protect the citizens, and allowing them to break it adds to the probably that innocents will be harmed.

Re:It's almost sane(really)

[Anonymous Coward]

The US should be able to get search warrants...

wait for it...

In Canadian courts. MIND BLOWN.

Re:Like extradition, but for evidence

[silas_moeckel]

Yea it's called asking a judge in Ireland.

Re:It's almost sane(really)

[Nemyst]

To both cases: this is why organizations like Interpol exist. So a police force from one country can work in tandem with another to solve a case that crosses national borders. If the US want data stored in an Ireland server, they should work with the police there to get it, instead of saying that their jurisdiction extends worldwide unilaterally.

Re:Moving information for Freedom....

[Anonymous Coward]

What you keep missing is that what if I live in multiple different countries and travel between them frequently?

When I'm in the USA I can legally watch porn.
When I'm in Amsterdam I can legally smoke pot.
When In a Muslim country both are things that would get me killed.

So just because I live in all these countries at various times in the year doesn't mean the Muslim country gets to search my US computer for porn and suddenly sentence me to death. Then the US country searches my Amsterdam computer and finds images of me smoking pot there....

The point was that the document (evidence) would be in the country where I'm doing the stuff..... (where it's legal). I'm not intentionally moving anything around. I just do whats legal in the place I currently am.

According to this ruling, now my perfectly legal activities abroad, are subject to US law. Essentially no escaping their grasp now.

Re:It's almost sane(really)

[hawguy]

OK, thought of a good counter analogy:

- You've hidden bombs on public transit all over the country, and the list of where you hid them is stored on a server in the UK; should the government be able to get a warrant for that information?

Of course they should... Through a UK court, not a USA court.

Re:It's almost sane(really)

[NatasRevol]

You might want to go look up what is a crime in those countries. You better be ok with ALL their laws.

Re:It's almost sane(really)

[Dredd13]

If an American citizen owns the house in Amsterdam, how is that any different than the American company owning the server in Europe?

As an American citizen, in that revision of the analogy, be could be compelled to allow US investigators to search his Amsterdam residence.

Would you support that? Cuz "hellz no" for my part

Re:It's almost sane(really)

[John Nemesh]

That is the best analogy I have seen so far. Moreover, it allows the US to search the house WITHOUT the consent or cooperation of the foreign government! The EU has laws protecting the data of it's citizens. By complying with US law, and allowing the data to be handed over to US authorities, they will be in violation of the EU laws! This puts MS (and every other American tech company) in a VERY awkward position! Do they break US law or EU law? Either way, they will be breaking SOMEONE'S laws, whether they hand over the data or not! This is also going to accelerate the decline of the use American tech overseas. Germany has already stated that they are moving to open source software, due in no small part to the NSA's overreaching spying programs...and the UK has also expressed interest in moving away from Microsoft products and services. Expect those governments, as well as other foreign and multinational corporations to move even more quickly away from US tech to keep their data secure and away from the prying eyes of the NSA, CIA and other US agencies! Another casualty here will be the "cloud". NO ONE outside of the US is going to trust their sensitive data with Amazon, Microsoft, or Google (or any others based in the US) if the US takes the position that all data, stored ANYWHERE IN THE WORLD, is subject to their laws and could be searched and/or seized at any given moment, with or without the consent, permission or knowledge of foreign governments! This court just, single-handedly, shot the entire American tech sector squarely in the balls. It's going to have ramifications that will take YEARS to sort out.

Re:It's almost sane(really)

[Dredd13]

And in my revised analogy, the residence is controlled and accessible by US entities (the US citizen who owns it).

Re:It's almost sane(really)

[jbolden]

What if the data was in my locked briefcase in Microsoft's London office.... Do you think they should just hand it over to USA prosecutors without going through the UK's legal process?

Yes. Microsoft USA has a legal obligation to get it from Microsoft UK even if the data is in the London office. Microsoft UK may not care but Microsoft USA must.

Re:It's almost sane(really)

[Joel Cahoon]

If someone physically in Russia (or China, Iran, Pakistan, Myanmar or North Korea) allegedly violates the laws of their country, and the evidence of such resides on a server in the U.S., then no, I have no problem with, nor control over, said country imposing punishment on that person if they refuse to produce this evidence when lawfully required. My opinion on the laws of another state are irrelevant in this matter, if I am to respect their sovereignty. And if I don't respect their sovereignty, this issue is of least concern.

Re: Finally!

[Darinbob]

Because it's irrelevant and the Irish police can not do anything here. The "button" to download all the email resides in the US. Someone in Redmond just has to push that button. So the judge says "give us the email", Microsoft says "we can't, it's in Ireland" The warrant is against a US company to provide some evidence, to US based employees who have direct access to that evidence, who can push a button the US to retrieve that evidence. All the Irish police would say is "why are you bothering us?"