Judge: US Search Warrants Apply To Overseas Computers

jfruh (300774) writes Investigators in a criminal case want to see some emails stored on Microsoft's servers in Ireland. Microsoft has resisted, on the grounds that U.S. law enforcement doesn't have jurisdiction there, but a New York judge ruled against them, responding to prosecutors' worries that web service providers could just move information around the world to avoid investigation. The case will be appealed.

It's almost sane(really)

[i kan reed]

Going to take a position I know will be unpopular in this thread, but:

The leverage they have is that you're accused of committing a crime within the borders of the US, and evidence you have access to can be demanded under a warrant that covers details related to that crime. Their physical inability to seize it by force(because it's in another jurisdiction) is about as relevant as their inability to unlock your bank safe. Either way they can punish you for not turning over evidence that is covered by the warrant.

Re:It's almost sane(really)

[Anonymous Coward]

It's all well and good so long as the USA don't mind, say, a Russian court issuing a warrant for data held on servers in the USA.

Re:It's almost sane(really)

[disposable60]

Or China, Iran, Pakistan, Myanmar or North Korea - you know, countries in which dissent of (heavens!) heresy/apostasy are capital offenses.

Re:

[Joel Cahoon]

If someone physically in Russia (or China, Iran, Pakistan, Myanmar or North Korea) allegedly violates the laws of their country, and the evidence of such resides on a server in the U.S., then no, I have no problem with, nor control over, said country imposing punishment on that person if they refuse to produce this evidence when lawfully required. My opinion on the laws of another state are irrelevant in this matter, if I am to respect their sovereignty. And if I don't respect their sovereignty, this issue

Re:It's almost sane(really)

[drinkypoo]

It's all well and good so long as the USA don't mind, say, a Russian court issuing a warrant for data held on servers in the USA.

There's nothing wrong with that, so long as they don't propose to use force to retrieve the data.

Re:It's almost sane(really)

[0a100b]

Using some force may be acceptable, like waterboarding Satya Nadella to get the data...

Re:

[tomhath]

If a Chinese company has data on a server in the US and routinely accesses that data, can the US government suddenly say the company can no longer have access to the data because a Chinese judge issued a warrant for it?

That seems different than the Chinese government demanding data from a US company like twitter when the data is stored on a server in the US

Re:It's almost sane(really)

[Anonymous Coward]

A Russian court issuing a warrant for data held by a Russian company on servers located in the US but controlled by the Russian company would be consistent with this ruling.

Re:

[silfen]

Why would "the USA mind"? Any country is free to issue warrants for whatever it wants. But, in practice, it can only enforce them within its jurisdiction or via treaty.

The US can enforce its warrant against Microsoft because Microsoft operates within its jurisdiction. Microsoft has to decide whether it values more operating in the US or whether it values the privacy of its foreign operations more. I think it's pretty clear how that's going to shake out.

Re:It's almost sane(really)

[Ghostworks]

But this is how it already works. For example, China could say to Google "give us access to G-Mail or we'll just block it completely, may be even kick your company out". Then it's a game of chicken. But China does have the right under their laws to block G-Mail or ban Google, as well as to demand unreasonable things from resident companies as the price of doing business. Laws everywhere have always worked this way. This is not new.

Now the question: if (beyond a certain point) businesses really have no choice but to deal with corrupt regimes, and customers have no choice but to deal with businesses that deal with corrupt regimes, what protects consumers in one jurisdiction from corruption in another? The answer is competing laws. If China imposes harsh penalties for failing to do X, but the U.S. or Europe impose equally harsh penalties for doing X, then businesses torn between them actually have some refuge through ceded responsibility.

This is exactly how U.S. bribery laws work: "We would love grease your palms, great Poo-bah, but U.S. law says that if we do then we can't do business there, which would mean we also don't have business to do here, so please don't even ask." When there is risk of cross-corruption in the market, it is the government's responsibility to step in and throw up a wall.

(As a side note, this notion of ceded responsibility is why there are some industries that actually petition for _stronger_ regulations. For example, it's common in some parts for large arms dealers to have to "sweeten the pot" with government buyers by agreeing to pay for side projects, such as the construction of a hospital, as a condition of sale. This is a cost arms dealers would rather avoid, so they petitioned Congress for years to have such "gifts" declared a form of illegal bribery.)

Re:It's almost sane(really)

[NatasRevol]

You might want to go look up what is a crime in those countries. You better be ok with ALL their laws.

Re:It's almost sane(really)

[hawguy]

Going to take a position I know will be unpopular in this thread, but:

The leverage they have is that you're accused of committing a crime within the borders of the US, and evidence you have access to can be demanded under a warrant that covers details related to that crime. Their physical inability to seize it by force(because it's in another jurisdiction) is about as relevant as their inability to unlock your bank safe. Either way they can punish you for not turning over evidence that is covered by the warrant.

Is there any circumstance where you think USA prosecutors should not be allowed to force foreign entities to hand over evidence without going through that country's legal system?

Like if I'm arrested for smoking pot in the USA and USA prosecutors want to search my bedroom back home in Amsterdam to collect proof of my drug habit, you think its ok for USA police to force my parents to let them search my bedroom back home (or enter their home by force)? Even if my "crime" is only a crime in the USA?

Re:It's almost sane(really)

[CanHasDIY]

Like if I'm arrested for smoking pot in the USA and USA prosecutors want to search my bedroom back home in Amsterdam to collect proof of my drug habit, you think its ok for USA police to force my parents to let them search my bedroom back home (or enter their home by force)? Even if my "crime" is only a crime in the USA?

I'm having trouble determining whether this is a really good analogy, or a really bad one... Leaning towards the former.

Re:It's almost sane(really)

[TRRosen]

That is a completely irrelevant example. Were not talking about subpoenaing a foreign company or entity. We are talking about forcing companies operating in the US to turn over information that is in their possession (under there control).

The basic concept here is that data does not exist in the physical world. Where the electrons are is irrelevant if the entity that controls it exists in the US.
         

Re:It's almost sane(really)

[Dredd13]

If an American citizen owns the house in Amsterdam, how is that any different than the American company owning the server in Europe?

As an American citizen, in that revision of the analogy, be could be compelled to allow US investigators to search his Amsterdam residence.

Would you support that? Cuz "hellz no" for my part

Re:It's almost sane(really)

[John Nemesh]

That is the best analogy I have seen so far. Moreover, it allows the US to search the house WITHOUT the consent or cooperation of the foreign government! The EU has laws protecting the data of it's citizens. By complying with US law, and allowing the data to be handed over to US authorities, they will be in violation of the EU laws! This puts MS (and every other American tech company) in a VERY awkward position! Do they break US law or EU law? Either way, they will be breaking SOMEONE'S laws, whether they hand over the data or not! This is also going to accelerate the decline of the use American tech overseas. Germany has already stated that they are moving to open source software, due in no small part to the NSA's overreaching spying programs...and the UK has also expressed interest in moving away from Microsoft products and services. Expect those governments, as well as other foreign and multinational corporations to move even more quickly away from US tech to keep their data secure and away from the prying eyes of the NSA, CIA and other US agencies! Another casualty here will be the "cloud". NO ONE outside of the US is going to trust their sensitive data with Amazon, Microsoft, or Google (or any others based in the US) if the US takes the position that all data, stored ANYWHERE IN THE WORLD, is subject to their laws and could be searched and/or seized at any given moment, with or without the consent, permission or knowledge of foreign governments! This court just, single-handedly, shot the entire American tech sector squarely in the balls. It's going to have ramifications that will take YEARS to sort out.

Re:

[jbolden]

The legal situation has already been cleaned up, though Microsoft isn't happy about it. Microsoft has already published on this since the last ruling. What they are asserting is that the foreign customer (business) that uses Azure is knowingly transferring their data to the USA (regardless of where the physical servers are) when they use Azure and thus they are the ones legally responsible. So far that seems to be pasting muster with the EU.

I.e. Azure sells to company X in France. Company X has data th

Re:It's almost sane(really)

[Dredd13]

And in my revised analogy, the residence is controlled and accessible by US entities (the US citizen who owns it).

Re:

[jbolden]

They do that all the time. Why shouldn't they be able to regulate actions in foreign countries. The whole idea of diplomatic recognition is that governments recognize each other as legitimate and agree to some level of cooperation and coordination. Trade relations enhance this further. Other specific treaties extend it even further.

So for example American airlines (or any plane that flies to the USA) still have to follow USA maintenance schedules even if the plane is currently abroad.

Re:

[Dredd13]

Those warrants and subpoenas have the value of toilet tissue as soon as you try to execute them off-shore.

And the execution of a search warrant happens "where the thing to be searched is", not "where people who have access to it are".

Re:

[CaptainDork]

Appreciate that no country is being served a subpoena to hand over data.

Microsoft has been served with a subpoena.

Microsoft is saying, "that data is being stored out of your jurisdiction."

The court is saying, "No matter, the defendant and you are within our jurisdiction."

Microsoft is the custodian of the data and, most likely, is the only entity that can comply with the subpoena.

Re:It's almost sane(really)

[jbolden]

What if the data was in my locked briefcase in Microsoft's London office.... Do you think they should just hand it over to USA prosecutors without going through the UK's legal process?

Yes. Microsoft USA has a legal obligation to get it from Microsoft UK even if the data is in the London office. Microsoft UK may not care but Microsoft USA must.

Re:

[NatasRevol]

You might want to cite some reference for you position.

Make sure to include references where they're also operating in separate countries.

http://www.microsoft.com/en-gb... [microsoft.com]

Re:

[TRRosen]

Actually doesn't matter if your US or Foreign a subpoena is a subpoena. You must produce the evidence if it is in your control. Where the evidence is irrelevant you are within the jurisdiction you are compelled to produce it. This has been applied to physical documents. Not this is not seizing evidence it is compelling an entity to produce it.

Re:It's almost sane(really)

[jbolden]

The structure is this
Microsoft Washington owns a Nevada corporation owns a Bermuda corporation owns Microsoft Ireland. The data is on Microsoft Ireland's physical servers but they hire Microsoft Washington for services and another subsidiary for licensing.

Re:

[CanHasDIY]

OK, thought of a good counter analogy:

- You've hidden bombs on public transit all over the country, and the list of where you hid them is stored on a server in the UK; should the government be able to get a warrant for that information?

And a not so appropriate, yet still thought provoking one:

- You're a serial killer in the US, but every time you murder someone you drive to your Canadian cabin in the woods to hide the body; should the US be able to get search warrants for said cabin?

Re:It's almost sane(really)

[Anonymous Coward]

The US should be able to get search warrants...

wait for it...

In Canadian courts. MIND BLOWN.

Re:

[Zero__Kelvin]

Really? So if the courts believe I have a gun stored in a lock box in another country they can compell me to go to that country, pick it up, and bring it to them? Are you sure about that? Maybe you want to think about it some more?

Re:It's almost sane(really)

[Nemyst]

To both cases: this is why organizations like Interpol exist. So a police force from one country can work in tandem with another to solve a case that crosses national borders. If the US want data stored in an Ireland server, they should work with the police there to get it, instead of saying that their jurisdiction extends worldwide unilaterally.

Re:It's almost sane(really)

[Culture20]

I thought Interpol existed to catch Carmen SanDiego.

Re:It's almost sane(really)

[hawguy]

OK, thought of a good counter analogy:

- You've hidden bombs on public transit all over the country, and the list of where you hid them is stored on a server in the UK; should the government be able to get a warrant for that information?

Of course they should... Through a UK court, not a USA court.

Re:It's almost sane(really)

[Minwee]

- You're a serial killer in the US, but every time you murder someone you drive to your Canadian cabin in the woods to hide the body; should the US be able to get search warrants for said cabin?

This may sound a little bit crazy, but murdering people was recently declared illegal in Canada too. All Special Agent Scully would have to do is pick up the phone and call her counterpart with the RCMP (They recently had phone service installed at both of their igloos!) who would then search the cabin for her, looking for evidence of a crime as defined by Canadian law. Once that was found it there would be some discussions at the nearest Tim Horton's over poutine and coffee (double-double, naturally) about just who would be charged and tried under what laws and whether evidence would be canoed across the border to the USA or the suspect extradited to Canada, Eh.

It's almost as if this sort of thing has come up before. The situation gets more interesting when a US citizen does something which is only illegal in the USA but not Canada. Something like failing to volunteer to join the army, supporting an unpopular political party or copying music from CD to a tape.

Clearly you're not Canadian.

[BitterOak]

The parent post was clearly not written by a Canadian, as any good Canadian knows that Tim Horton's does NOT serve poutine. Otherwise though, your post is spot on.

Re:

[DutchUncle]

Microsoft is an American company. The court is asking Microsoft for license and registration, whichever pocket it happens to be in at the moment (oops, I meant email and whichever server). That's different from you being a Dutch citizen (I assume if you are from Amsterdam) and being arrested for doing something *here*. The comparison would be, if a Dutch court wanted to talk to you about your account on a US game company's servers.

so if I say take a position that the CCP

[0xdeaddead]

is full of crap, which is of course illegal in china. so the CCP can get MS to give them all my incriminating 'speech' because it's saved in the US?

Yeah this is going to be a 'good thing'.

Re:

[i kan reed]

Here's how it works:

1. You're a government.
2. You have leverage over the entity in question.
3. Your own legal system allows it.

Without 2, you've got nothing, but the case in question is pretty clearly targetting providers who might move information. Not those that don't operate in the US at all.

Applies oversea or applies to local access?

[Carewolf]

If the local branch of Microsoft has access to and control over the servers, they only need to demand the local branch to do so, that doesn't mean they are extended juristiction. If the data could only be accessed from outside the US it would be more interesting.

Re:Applies oversea or applies to local access?

[Anonymous Coward]

If the local branch of Microsoft has access to and control over the servers, they only need to demand the local branch to do so, that doesn't mean they are extended juristiction.

That could make it more difficult for multinationals to operate though. One of the reasons why companies put data centers in Ireland is to comply with EU rules about the locations of personal information. If the US can pierce EU rules regarding personal information simply because someone in the US has access to the servers, then that could lead to EU rules prohibiting such access.

During an earlier discussion I thought someone said that the information involved was owned by a US person or organization that was trying to hide by putting it in the EU. That would matter more to me than whether Microsoft had domestic access to the servers.

I'm not sure that a US court should be deciding this though. It might make more sense to have to appeal to an EU court to pierce this particular veil. That would support EU rights in protecting their data while offering a method for US litigants to gain rightful access to data. Of course, it would also be rather clumsy. But I would rather put clumsiness on litigants than on multinational businesses.

Re:Applies oversea or applies to local access?

[Trepidity]

That appears to be the argument, yes. The court isn't claiming authority to send police officers to Ireland and physically seize the data, or authority to force Irish police to conduct a search. Instead they're demanding that Microsoft (a U.S.-based company) produce the requested evidence, if indeed its U.S. staff have access to it (which they probably do).

I think it's problematic from a practical perspective, but I could see how someone could reach that conclusion. Usually jurisdiction of U.S. persons does extend to their overseas assets, e.g. in an investigation of fraud a U.S. court can demand that you turn over your Swiss bank account records, even though these accounts are (of course) in Switzerland.

The main problem IMO is that it puts companies operating in multiple jurisdictions in a bit of a bind. For example, Microsoft Ireland may have responsibility under EU law to not release data except in certain cases, while Microsoft U.S. is required to release it, meaning the company will violate the law somewhere no matter what they do. I'm not sure whether it's possible to avoid that by really firewalling the access, e.g. make Microsoft Ireland an operationally separate subsidiary whose servers cannot be directly accessed by Microsoft USA staff. But that would certainly complicate operations in other ways.

Moving information for Freedom....

[Anonymous Coward]

"...responding to prosecutors' worries that web service providers could just move information around the world to avoid *dictatorships suppressing said information*".

Fixed it for ya.

If country X bans something, I happily move somewhere else where it's allowed assuming it was important to me.

Now what if this worked the other way. Some muslim country gets to search people's US computers even if they know they can't store their Porn on their Muslim country computer. Now they can say that storing that data in t

Re:

[CanHasDIY]

Now what if this worked the other way. Some muslim country gets to search people's US computers even if they know they can't store their Porn on their Muslim country computer. Now they can say that storing that data in the USA isn't enough reason to avoid getting thrown in jail.

If said accused person is a citizen of the aforementioned Muslim country, and even moreso if they are operating a business there, then yes, all their shit very well should be accessible to their government with a legal warrant, no matter where they try to hide it.

Otherwise, you start having the issue of, "if you're rich enough, you can skirt the law."

Re:

[thaylin]

No, our government should be required to go through the other government to get that information. Our government does not have jurisdiction in other countries PERIOD.

Re:

[CanHasDIY]

Our government has jurisdiction over its citizens, and businesses that operate within its borders.

Basically, what you're saying is that you think that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without jumping through a crapton of legal hoops?

Re:Moving information for Freedom....

[thaylin]

Most defiantly yes. The government does not have free reign to just enter into our lives when it wants to and how it wants to, it has to follow local and global laws. Getting a warrant in the US is crazy easy, and there is little oversight. Requiring them to actually follow the law is not a bad thing. The law is there to protect the citizens, and allowing them to break it adds to the probably that innocents will be harmed.

Re:

[Archtech]

"Basically, what you're saying is that you think that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without jumping through a crapton of legal hoops?"

No, what we are saying is that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without respecting the legal systems of whatever foreign nations are involved. Just as those nations woul

Re:

[swillden]

No, our government should be required to go through the other government to get that information. Our government does not have jurisdiction in other countries PERIOD.

True, but irrelevant in cases like this. The US government does have jurisdiction over Microsoft's US operations, and Microsoft's US operations have the ability to retrieve the information from Microsoft's servers in Ireland. The mere fact that the data is in Ireland is no reason that the US company can't be ordered to retrieve the data they control and have access to.

Similarly, if you were being investigated for a crime you could be required by the courts to turn over the records of you Swiss bank accoun

Re:

[thaylin]

There is no evidence that they are using it as a "safe" to hide information. There is just evidence that it is on the other servers. The problem is this means that our servers are open to other countries who dont want to have to follow our laws, and we all lose security and privacy.

Re:

[Anonymous Coward]

What you keep missing is that what if I live in multiple different countries and travel between them frequently?

When I'm in the USA I can legally watch porn.
When I'm in Amsterdam I can legally smoke pot.
When In a Muslim country both are things that would get me killed.

So just because I live in all these countries at various times in the year doesn't mean the Muslim country gets to search my US computer for porn and suddenly sentence me to death. Then the US country searches my Amsterdam computer and finds i

Cuts both ways

[jmv]

It's going to be interesting when the Chinese government issues Google a warrant to get data from the US.

Re:

[CanHasDIY]

Is Google a Chinese company?

Re:

[thaylin]

Itis a multinational with headquarters in China, so yes, so the same degree that it is a US company.

Re:

[CanHasDIY]

Then I would say, if China has evidence that the Chinese Google office has done illegal things in their country, and hidden the evidence on US servers, then yea, they should be able to get a warrant for that information, and vice versa.

Re:

[thaylin]

You are using this "hidden the evidence" phrase as though this is the issue happening here. It is not. There is data of some possible issue on the other servers. There is no evidence that they hide it there as a direction action. And in any case, NO, China should be required to go to the US courts and ask permission to get that information, otherwise, as I stated previously, our privacy and freedom takes a direct hit. There is a reason for sovereignty of nations.

Re:

[CanHasDIY]

To be honest, I'm kind of up in the air on this one; on the one hand, I hate the fact that rich people and corporations use national borders to commit crimes (like hiding assets from taxation); On the other hand, I know that if the precedent is set, our government will abuse the holy living shit out of the privilege.

I suppose the wise decision would be to err on the side of caution and limit the government's ability to access information. Better 10 guilty men go free than one innocent suffer, right?

Re:

[zlives]

the issue is not of Goggle the company having done wrong but rather a Chinese criminal (dissenter?) may be hiding data outside China and Google must then open access for prosecution according to the laws of China.

Re:

[tomhath]

I didn't know Google was a Chinese company.

Bye bye US cloud

[johanw]

Microsoft always sold their cloudservices in the EU with the argument that the data is physically located outside the US so the Patriot Act doesn't apply. Now that this has been proven false, EU-based cloudfirms will use this argument to choose a non-US based firm even more in their commercials than they do already. Good for the non-US based firms.

Re:

[Trepidity]

Yeah they've been really playing that up angle when competing against Google Apps for Business in particular.

Re:

[Nemyst]

Problem is that this case could repeat itself for any company operating in the US, even if the entire hosting is in the EU. EU-based cloud hosts would have to NEVER do business in the US in order to be off-limits, basically (and even then I'm sure they could find a reason).

Re:

[Jahta]

Microsoft always sold their cloudservices in the EU with the argument that the data is physically located outside the US so the Patriot Act doesn't apply. Now that this has been proven false, EU-based cloudfirms will use this argument to choose a non-US based firm even more in their commercials than they do already. Good for the non-US based firms.

Yes indeed. In my current job, we are currently looking at cloud providers. We'll be watching this case (and the appeal) with great interest!

Like extradition, but for evidence

[MobyDisk]

Is there something equivalent to "extradition" laws, but that apply to overseas evidence instead of oversees defendants?

Re:Like extradition, but for evidence

[silas_moeckel]

Yea it's called asking a judge in Ireland.

Murica

[korbulon]

I never fail to find the bravado and hubris underlying American exceptionalism... exceptional.

Land of the free... as long as you're not in one of our many many prisons ( http://nomadcapitalist.com/201... [nomadcapitalist.com] ), which has a higher per capita incarceration rate than Cuba, which is second on the list. Oh, and speaking of Cuba, there's always http://en.wikipedia.org/wiki/G... [wikipedia.org].

Home of the brave... because you'd be pretty brave too if your military budget was larger than the nearest eight other countries combined ( http://pgpf.org/Chart-Archive/... [pgpf.org] )

Where all men are created equal... except, of course, when they're not ( http://www.pbs.org/newshour/ru... [pbs.org] ) and a man can make something from himself even if he starts out life with nothing (but probably not): http://money.cnn.com/2013/12/0... [cnn.com] )

And where the rule of law is universal and sacrosanct... except in those cases where it's not convenient ( https://www.globalpolicy.org/u... [globalpolicy.org] ) and ( https://www.eff.org/nsa-spying... [eff.org] )

Oh well, enjoy your "freedoms".

Re:

[thaylin]

Greatest country in what regards? there are other countries with more freedom, better education, better economies...I am a US citizen myself, but am having a hard time figuring out what we are the best at, besides war and being a blind patriot.

Re:Murica

[thaylin]

After looking at the source material for those wiki article, particularly the Urugauy one, I see why wiki is not a reliable source. After all sourcing proposed laws as enforced laws are exactly the same thing..

But of course the US also has anti-hate speech:

In 1942, the Supreme Court sustained the conviction of a Jehovah's witness who addressed a police officer as a "God dammed racketeer" and "a damned facist" (Chaplinksy v. New Hampshire). The Court's opinion in the case stated that there was a category of face-to-face epithets, or "fighting words," that was wholly outside of the protection of the First Amendment: those words "which by their very utterance inflict injury" and which "are no essential part of any exposition of ideas."

Re:

[thaylin]

So Iran should be able to get evidence that one of its citizens is a Christian, off US servers? I mean it is not like they are persecuted over there or something.

Re:

[thaylin]

You seem to be having some issues, so I will help. No one is complaining about getting a search in your home country, it is the remote country, that has separate distinct laws.... So If you are an Iranian, and someone get to the US for a Christian conference because you are a Christian, should the Iranians have the right to bypass the US government to get information from US servers to prove that you are a Christian, while in Iran? It is the same situation as what you are supporting, just from another count

Re:

[thaylin]

Actually it is. this is not an subpoena compelling them to give them the information, this is a SEARCH warrant, which is giving them the right to actually physically look through those servers in another jurisdiction..

In other news...

[Type44Q]

In other news, judges in North Korea, Iran, Indonesia, Saudi Arabia, the UK and China all declare their rulings (regarding international jurisdiction of their respective nations' laws) to have jurisdiction internationally...

Re:In other news...

[Jason Levine]

Sadly, North Korea, Iran, Saudi Arabia, and a bunch of other countries have wanted this for awhile. They want the "law of the Internet" to be that if you do X and you doing X is visible in their country where X is illegal, you've broken the law and can be prosecuted. They drool at the thought of being able to force their laws on the Internet at large. Sadly, this US judge is only helping their plan with his short-sighted ruling.

Better yet, store it "nowhere"

[larwe]

Better still, web-based companies with datacenters in many jurisdictions could store your data in a completely distributed fashion, where it isn't possible to retrieve the original without access to all (or at least several) of the servers. So they could subpoena all the data held in the US, and the UK, and Australia, and all the other surveillance states, but without a copy of the complementary data in Switzerland and Belize and on a pirate barge in the middle of the Pacific, they won't be able to reconstr

Don't do business with the USA

[green1]

This is one more reason to make extra sure that companies that you deal with have zero US presence. In fact in many jurisdictions it would be illegal to follow these US laws due local privacy laws. By doing business in the US, any data on individuals that you have, even stored in other jurisdictions is subject to their laws, meaning you'll often have the choice of breaking US law, or breaking the laws of the country you're in.

Much safer to just avoid all dealings with the USA.

Yet Microsoft spies for the gov

[jader3rd]

As a reader of Slashdot, I know that Microsoft only exists for the sole purpose of spying on behalf of the US government. So I know that this story is pure fiction. I mean whoever made it up didn't even put much effort into good names; Brad Smith? Come on, that's so generic.

Damned if you do...

[Inf0phreak]

MS's employees in Ireland might be criminally liable in the EU if they transmit the data outside EU borders. They might really really like Microsoft, but to the point of being willing to go to prison for the company? I think not.

We could potentially end up in a situation where the main branch of MS screams at the EU branch from across the Atlantic and no one over here is willing to comply.

Re:

[ledow]

Ah, the American answer-to-everything.... :-)

What if Ireland seized the data?

[schwit1]

And told the US courts that it must make its request through them.

Covered under current law.

[sjbe]

but a New York judge ruled against them, responding to prosecutors' worries that web service providers could just move information around the world to avoid investigation.

IANAL but when information is subpoenaed the company is breaking the law if they move, destroy or hide any requested information. If the party receiving the subpoena is found to have hidden evidence then the judge can rule against them as if the evidence was available and damaging. (it's more complicated than what I'm saying but I think this is the basic process) So I'm not really sure what the prosecutors are worried about that isn't already adequately covered under current law. It would be no differen

Lazy @$$ investigators

[redelm]

A warrant is not something that requires cooperation. It is legal permission for investigators to break-in to a certain place, search for and take listed things. So if this is justified, let them do it!

The warrant should allow particular investigators to break-into whichever servers listed, grep around and download listed items. Done. If they cannot, find 1337r agents. If you need keys, get warrants for physical access to machines.

These "compell" warrants are quite a stretch -- they compell MS to violate EU law, to certify what they turn over, and to never be sure they've fully complied (how could they know they got it all)?

US

[ledow]

If Microsoft comply, they will be sued by their EU customers and maybe even the EU governments themselves.

There's a reason that jurisdiction applies. You can't be legally required to do something in one country, and then legally required by another country to not do it.

Sorry, US, but if Microsoft comply without getting it right, the EU are likely to fine them into oblivion, and the EU is JUST AS BIG, if not larger, a market as their US market.

Seriously, America, you do not own the world.

Re:Finally!

[i kan reed]

Unfortunately, no. Jurisdiction for the crime isn't the same as jurisdiction for evidence.

Re:

[ray-auch]

The Irish police will say "why are you bothering us? Ask an (Irish) judge like you usually do (via MLAT)". It is the judiciary that need to be involved first. Funnily enough that is also what former Irish attorney general and various senior EU officials have said - the correct approach is to use the MLAT, which is there for exactly this purpose. With a warrant from an Irish court the Irish police will be happy to help, should the Irish operators of the Irish data centre need a hand pushing the button in

Re:Finally!

[LordLimecat]

So would you be in favor of China being able to subpoena any / all of Microsofts records, regardless of where they are stored?

Re:Finally!

[retchdog]

yeah, i would. it would be a nice reminder about why not to do business with totalitarian states.

and, yes, i also think that this case is a nice reminder for other countries not to do business with the US for exactly the same reason.

Re:

[Nemyst]

You wouldn't have to do business in the country for them to attempt to subpoena you, mind. They can fabricate a reason for doing so.

Re:

[Yebyen]

And how would they enforce their subpoena in this imaginary world where governments you don't ever interact with in any way can somehow affect you personally?

[/american]

Re:

[jbolden]

If they aren't in China then it doesn't matter. This is only about business in the USA.

Re:

[thaylin]

So I take it if you travel to any other country you have no issue if they get a warrant for your material back here to see if you are violating any of their laws while you are a t home...

Re:

[thieh]

Don't forget that NSA probably has almost everything. They are just trying to make it legal to use them in court by putting up legitimate means of extracting the info.

Re:

[jbolden]

The NSA isn't about prosecution. The FBI, Customs... would care far more.

Re:

[nucrash]

The current justice system has no respect for boundaries and is willing to strip away what ever rights to privacy they feel they need to bring about their form of justice. While I might not be a fan of Microsoft or Apple or any other company which uses loopholes to evade taxes, I don't want to see privacy violated either. This includes corporate entities like Microsoft.

Re:Finally!

[ai4px]

You say loopholes and evade taxes. It's like you've presupposed they are doing evil. Despite what they use being called a loophole, if it's legal, don't blame them for playing by the rules. Blame the idiots who poorly crafted a law.

A certain paper company used a green energy law that said if you use alternative fuels you can get a tax credit. The paper industry has been burning black liquor since the 1930s and in 2008 figured out they could get the tax credit if they /added/ diesel fuel to their alternative fuel. Congress fixed it within a year. The company did nothing except follow the rules (which are like walking thru a minefield.)

Re:

[anagama]

Masterfully crafted after being purchased by lobbyists for the companies. The financial return of lobbying is massive -- more than making cool products people love.

We find firms lobbying for this provision have a return in excess of $220 for every $1 spent on lobbying, or 22,000%.

http://papers.ssrn.com/sol3/pa... [ssrn.com]

That said, I think the nature of the parties in this instance is clouding /.'s judgment. Let's say it was a secure email provider who stored all data offshore, but was a US company. Would /. in

Re:

[i kan reed]

On the other hand, it's only becoming precedent in an era where the common person actually has the ability to move things(specifically data) overseas with ease.

Re:

[CanHasDIY]

On the other hand, it's only becoming precedent in an era where the common person actually has the ability to move things(specifically data) overseas with ease.

The "common person" who can afford that crap.

When your application of justice become predicated on the income level of the accused, it's not justice anymore.

Re:

[thaylin]

There are a host of free services you can use overseas to do this, so any common person with an internet connection can afford it. And since libraries offer free internet connections, that means anyone.

Re:

[CanHasDIY]

How? Details, please.

You know, just in case I commit some heinous crime and need somewhere to stash the evidence.

Re:

[LordLimecat]

No, its a bad precedent, and you can now look forward to China / Russia / India issuing subpoenas for things like email inboxes and documents stored on the cloud for US citizens.

Ive never really gotten how slashdot has so many people with apparent astigmatism, only able to see the close up things and always missing the bigger picture.

Re:

[CanHasDIY]

No, its a bad precedent, and you can now look forward to China / Russia / India issuing subpoenas for things like email inboxes and documents stored on the cloud for US citizens.

Now, now. This isn't PRISM we're talking about, it's a specific, 4th Amendment sound warrant for information regarding a US company's actions in the US, the evidence for which they've hidden on a foreign server. There's no need for hyperbole

Ive never really gotten how slashdot has so many people with apparent astigmatism, only able to see the close up things and always missing the bigger picture.

The irony of this statement is not lost on me.

Re:

[thaylin]

Again with this strawman. This is not what is happening here, this is the slippery slope argument the government is presenting, but still no. What is on foreign soil the US has NO right to without going through the other government. PERIOD.

what other foreign laws do you think the US has the right to trample on just because it feels like it?

Re:

[Jason Levine]

No, it's like if you take a bunch of information to a country border and hand it off to someone on the other side.

Now, say that information you passed to the foreign national was stolen nuclear launch codes, or a list of where you hid the bodies. Do you really think the government should not be able to get a warrant for that information, just because it's not on US soil anymore?

Of course, the government should be able to get a warrant for that information. The difference is that the government should go to