Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
The Courts Microsoft Privacy United States

Judge: US Search Warrants Apply To Overseas Computers 502

jfruh (300774) writes Investigators in a criminal case want to see some emails stored on Microsoft's servers in Ireland. Microsoft has resisted, on the grounds that U.S. law enforcement doesn't have jurisdiction there, but a New York judge ruled against them, responding to prosecutors' worries that web service providers could just move information around the world to avoid investigation. The case will be appealed.
This discussion has been archived. No new comments can be posted.

Judge: US Search Warrants Apply To Overseas Computers

Comments Filter:
  • by i kan reed ( 749298 ) on Friday August 01, 2014 @09:12AM (#47581063) Homepage Journal

    Going to take a position I know will be unpopular in this thread, but:

    The leverage they have is that you're accused of committing a crime within the borders of the US, and evidence you have access to can be demanded under a warrant that covers details related to that crime. Their physical inability to seize it by force(because it's in another jurisdiction) is about as relevant as their inability to unlock your bank safe. Either way they can punish you for not turning over evidence that is covered by the warrant.

    • by Anonymous Coward on Friday August 01, 2014 @09:18AM (#47581105)

      It's all well and good so long as the USA don't mind, say, a Russian court issuing a warrant for data held on servers in the USA.

      • by disposable60 ( 735022 ) on Friday August 01, 2014 @09:23AM (#47581161) Journal

        Or China, Iran, Pakistan, Myanmar or North Korea - you know, countries in which dissent of (heavens!) heresy/apostasy are capital offenses.

        • Re: (Score:3, Insightful)

          If someone physically in Russia (or China, Iran, Pakistan, Myanmar or North Korea) allegedly violates the laws of their country, and the evidence of such resides on a server in the U.S., then no, I have no problem with, nor control over, said country imposing punishment on that person if they refuse to produce this evidence when lawfully required. My opinion on the laws of another state are irrelevant in this matter, if I am to respect their sovereignty. And if I don't respect their sovereignty, this issue
      • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Friday August 01, 2014 @09:28AM (#47581201) Homepage Journal

        It's all well and good so long as the USA don't mind, say, a Russian court issuing a warrant for data held on servers in the USA.

        There's nothing wrong with that, so long as they don't propose to use force to retrieve the data.

      • by tomhath ( 637240 )

        If a Chinese company has data on a server in the US and routinely accesses that data, can the US government suddenly say the company can no longer have access to the data because a Chinese judge issued a warrant for it?

        That seems different than the Chinese government demanding data from a US company like twitter when the data is stored on a server in the US

      • by Anonymous Coward on Friday August 01, 2014 @09:35AM (#47581251)

        A Russian court issuing a warrant for data held by a Russian company on servers located in the US but controlled by the Russian company would be consistent with this ruling.

      • Re: (Score:3, Informative)

        by silfen ( 3720385 )

        Why would "the USA mind"? Any country is free to issue warrants for whatever it wants. But, in practice, it can only enforce them within its jurisdiction or via treaty.

        The US can enforce its warrant against Microsoft because Microsoft operates within its jurisdiction. Microsoft has to decide whether it values more operating in the US or whether it values the privacy of its foreign operations more. I think it's pretty clear how that's going to shake out.

      • by Ghostworks ( 991012 ) on Friday August 01, 2014 @10:46AM (#47581813)

        But this is how it already works. For example, China could say to Google "give us access to G-Mail or we'll just block it completely, may be even kick your company out". Then it's a game of chicken. But China does have the right under their laws to block G-Mail or ban Google, as well as to demand unreasonable things from resident companies as the price of doing business. Laws everywhere have always worked this way. This is not new.

        Now the question: if (beyond a certain point) businesses really have no choice but to deal with corrupt regimes, and customers have no choice but to deal with businesses that deal with corrupt regimes, what protects consumers in one jurisdiction from corruption in another? The answer is competing laws. If China imposes harsh penalties for failing to do X, but the U.S. or Europe impose equally harsh penalties for doing X, then businesses torn between them actually have some refuge through ceded responsibility.

        This is exactly how U.S. bribery laws work: "We would love grease your palms, great Poo-bah, but U.S. law says that if we do then we can't do business there, which would mean we also don't have business to do here, so please don't even ask." When there is risk of cross-corruption in the market, it is the government's responsibility to step in and throw up a wall.

        (As a side note, this notion of ceded responsibility is why there are some industries that actually petition for _stronger_ regulations. For example, it's common in some parts for large arms dealers to have to "sweeten the pot" with government buyers by agreeing to pay for side projects, such as the construction of a hospital, as a condition of sale. This is a cost arms dealers would rather avoid, so they petitioned Congress for years to have such "gifts" declared a form of illegal bribery.)

    • by hawguy ( 1600213 ) on Friday August 01, 2014 @09:22AM (#47581149)

      Going to take a position I know will be unpopular in this thread, but:

      The leverage they have is that you're accused of committing a crime within the borders of the US, and evidence you have access to can be demanded under a warrant that covers details related to that crime. Their physical inability to seize it by force(because it's in another jurisdiction) is about as relevant as their inability to unlock your bank safe. Either way they can punish you for not turning over evidence that is covered by the warrant.

      Is there any circumstance where you think USA prosecutors should not be allowed to force foreign entities to hand over evidence without going through that country's legal system?

      Like if I'm arrested for smoking pot in the USA and USA prosecutors want to search my bedroom back home in Amsterdam to collect proof of my drug habit, you think its ok for USA police to force my parents to let them search my bedroom back home (or enter their home by force)? Even if my "crime" is only a crime in the USA?

      • by CanHasDIY ( 1672858 ) on Friday August 01, 2014 @09:27AM (#47581193) Homepage Journal

        Like if I'm arrested for smoking pot in the USA and USA prosecutors want to search my bedroom back home in Amsterdam to collect proof of my drug habit, you think its ok for USA police to force my parents to let them search my bedroom back home (or enter their home by force)? Even if my "crime" is only a crime in the USA?

        I'm having trouble determining whether this is a really good analogy, or a really bad one... Leaning towards the former.

      • by TRRosen ( 720617 ) on Friday August 01, 2014 @09:41AM (#47581297)

        That is a completely irrelevant example. Were not talking about subpoenaing a foreign company or entity. We are talking about forcing companies operating in the US to turn over information that is in their possession (under there control).

        The basic concept here is that data does not exist in the physical world. Where the electrons are is irrelevant if the entity that controls it exists in the US.
                 

        • by Dredd13 ( 14750 ) <dredd@megacity.org> on Friday August 01, 2014 @10:42AM (#47581767) Homepage

          If an American citizen owns the house in Amsterdam, how is that any different than the American company owning the server in Europe?

          As an American citizen, in that revision of the analogy, be could be compelled to allow US investigators to search his Amsterdam residence.

          Would you support that? Cuz "hellz no" for my part

          • by John Nemesh ( 3244653 ) on Friday August 01, 2014 @10:52AM (#47581867)
            That is the best analogy I have seen so far. Moreover, it allows the US to search the house WITHOUT the consent or cooperation of the foreign government! The EU has laws protecting the data of it's citizens. By complying with US law, and allowing the data to be handed over to US authorities, they will be in violation of the EU laws! This puts MS (and every other American tech company) in a VERY awkward position! Do they break US law or EU law? Either way, they will be breaking SOMEONE'S laws, whether they hand over the data or not! This is also going to accelerate the decline of the use American tech overseas. Germany has already stated that they are moving to open source software, due in no small part to the NSA's overreaching spying programs...and the UK has also expressed interest in moving away from Microsoft products and services. Expect those governments, as well as other foreign and multinational corporations to move even more quickly away from US tech to keep their data secure and away from the prying eyes of the NSA, CIA and other US agencies! Another casualty here will be the "cloud". NO ONE outside of the US is going to trust their sensitive data with Amazon, Microsoft, or Google (or any others based in the US) if the US takes the position that all data, stored ANYWHERE IN THE WORLD, is subject to their laws and could be searched and/or seized at any given moment, with or without the consent, permission or knowledge of foreign governments! This court just, single-handedly, shot the entire American tech sector squarely in the balls. It's going to have ramifications that will take YEARS to sort out.
            • by jbolden ( 176878 )

              The legal situation has already been cleaned up, though Microsoft isn't happy about it. Microsoft has already published on this since the last ruling. What they are asserting is that the foreign customer (business) that uses Azure is knowingly transferring their data to the USA (regardless of where the physical servers are) when they use Azure and thus they are the ones legally responsible. So far that seems to be pasting muster with the EU.

              I.e. Azure sells to company X in France. Company X has data th

      • OK, thought of a good counter analogy:

        - You've hidden bombs on public transit all over the country, and the list of where you hid them is stored on a server in the UK; should the government be able to get a warrant for that information?

        And a not so appropriate, yet still thought provoking one:

        - You're a serial killer in the US, but every time you murder someone you drive to your Canadian cabin in the woods to hide the body; should the US be able to get search warrants for said cabin?

        • by Anonymous Coward on Friday August 01, 2014 @09:59AM (#47581437)

          The US should be able to get search warrants...

          wait for it...

          In Canadian courts. MIND BLOWN.

        • by Nemyst ( 1383049 ) on Friday August 01, 2014 @10:02AM (#47581461) Homepage
          To both cases: this is why organizations like Interpol exist. So a police force from one country can work in tandem with another to solve a case that crosses national borders. If the US want data stored in an Ireland server, they should work with the police there to get it, instead of saying that their jurisdiction extends worldwide unilaterally.
        • by hawguy ( 1600213 ) on Friday August 01, 2014 @10:14AM (#47581569)

          OK, thought of a good counter analogy:

          - You've hidden bombs on public transit all over the country, and the list of where you hid them is stored on a server in the UK; should the government be able to get a warrant for that information?

          Of course they should... Through a UK court, not a USA court.

        • by Minwee ( 522556 ) <dcr@neverwhen.org> on Friday August 01, 2014 @11:14AM (#47582085) Homepage

          - You're a serial killer in the US, but every time you murder someone you drive to your Canadian cabin in the woods to hide the body; should the US be able to get search warrants for said cabin?

          This may sound a little bit crazy, but murdering people was recently declared illegal in Canada too. All Special Agent Scully would have to do is pick up the phone and call her counterpart with the RCMP (They recently had phone service installed at both of their igloos!) who would then search the cabin for her, looking for evidence of a crime as defined by Canadian law. Once that was found it there would be some discussions at the nearest Tim Horton's over poutine and coffee (double-double, naturally) about just who would be charged and tried under what laws and whether evidence would be canoed across the border to the USA or the suspect extradited to Canada, Eh.

          It's almost as if this sort of thing has come up before. The situation gets more interesting when a US citizen does something which is only illegal in the USA but not Canada. Something like failing to volunteer to join the army, supporting an unpopular political party or copying music from CD to a tape.

      • Microsoft is an American company. The court is asking Microsoft for license and registration, whichever pocket it happens to be in at the moment (oops, I meant email and whichever server). That's different from you being a Dutch citizen (I assume if you are from Amsterdam) and being arrested for doing something *here*. The comparison would be, if a Dutch court wanted to talk to you about your account on a US game company's servers.
    • is full of crap, which is of course illegal in china. so the CCP can get MS to give them all my incriminating 'speech' because it's saved in the US?

      Yeah this is going to be a 'good thing'.

  • by Carewolf ( 581105 ) on Friday August 01, 2014 @09:13AM (#47581069) Homepage

    If the local branch of Microsoft has access to and control over the servers, they only need to demand the local branch to do so, that doesn't mean they are extended juristiction. If the data could only be accessed from outside the US it would be more interesting.

    • by Anonymous Coward on Friday August 01, 2014 @09:28AM (#47581199)

      If the local branch of Microsoft has access to and control over the servers, they only need to demand the local branch to do so, that doesn't mean they are extended juristiction.

      That could make it more difficult for multinationals to operate though. One of the reasons why companies put data centers in Ireland is to comply with EU rules about the locations of personal information. If the US can pierce EU rules regarding personal information simply because someone in the US has access to the servers, then that could lead to EU rules prohibiting such access.

      During an earlier discussion I thought someone said that the information involved was owned by a US person or organization that was trying to hide by putting it in the EU. That would matter more to me than whether Microsoft had domestic access to the servers.

      I'm not sure that a US court should be deciding this though. It might make more sense to have to appeal to an EU court to pierce this particular veil. That would support EU rights in protecting their data while offering a method for US litigants to gain rightful access to data. Of course, it would also be rather clumsy. But I would rather put clumsiness on litigants than on multinational businesses.

    • That appears to be the argument, yes. The court isn't claiming authority to send police officers to Ireland and physically seize the data, or authority to force Irish police to conduct a search. Instead they're demanding that Microsoft (a U.S.-based company) produce the requested evidence, if indeed its U.S. staff have access to it (which they probably do).

      I think it's problematic from a practical perspective, but I could see how someone could reach that conclusion. Usually jurisdiction of U.S. persons does extend to their overseas assets, e.g. in an investigation of fraud a U.S. court can demand that you turn over your Swiss bank account records, even though these accounts are (of course) in Switzerland.

      The main problem IMO is that it puts companies operating in multiple jurisdictions in a bit of a bind. For example, Microsoft Ireland may have responsibility under EU law to not release data except in certain cases, while Microsoft U.S. is required to release it, meaning the company will violate the law somewhere no matter what they do. I'm not sure whether it's possible to avoid that by really firewalling the access, e.g. make Microsoft Ireland an operationally separate subsidiary whose servers cannot be directly accessed by Microsoft USA staff. But that would certainly complicate operations in other ways.

  • by Anonymous Coward

    "...responding to prosecutors' worries that web service providers could just move information around the world to avoid *dictatorships suppressing said information*".

    Fixed it for ya.

    If country X bans something, I happily move somewhere else where it's allowed assuming it was important to me.

    Now what if this worked the other way. Some muslim country gets to search people's US computers even if they know they can't store their Porn on their Muslim country computer. Now they can say that storing that data in t

    • Now what if this worked the other way. Some muslim country gets to search people's US computers even if they know they can't store their Porn on their Muslim country computer. Now they can say that storing that data in the USA isn't enough reason to avoid getting thrown in jail.

      If said accused person is a citizen of the aforementioned Muslim country, and even moreso if they are operating a business there, then yes, all their shit very well should be accessible to their government with a legal warrant, no matter where they try to hide it.

      Otherwise, you start having the issue of, "if you're rich enough, you can skirt the law."

      • by thaylin ( 555395 )
        No, our government should be required to go through the other government to get that information. Our government does not have jurisdiction in other countries PERIOD.
        • Our government has jurisdiction over its citizens, and businesses that operate within its borders.

          Basically, what you're saying is that you think that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without jumping through a crapton of legal hoops?

          • by thaylin ( 555395 ) on Friday August 01, 2014 @09:55AM (#47581409)
            Most defiantly yes. The government does not have free reign to just enter into our lives when it wants to and how it wants to, it has to follow local and global laws. Getting a warrant in the US is crazy easy, and there is little oversight. Requiring them to actually follow the law is not a bad thing. The law is there to protect the citizens, and allowing them to break it adds to the probably that innocents will be harmed.
          • "Basically, what you're saying is that you think that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without jumping through a crapton of legal hoops?"

            No, what we are saying is that if someone on US soil does something illegal, and hides the evidence offshore, the government shouldn't be able to get to said evidence without respecting the legal systems of whatever foreign nations are involved. Just as those nations woul

        • No, our government should be required to go through the other government to get that information. Our government does not have jurisdiction in other countries PERIOD.

          True, but irrelevant in cases like this. The US government does have jurisdiction over Microsoft's US operations, and Microsoft's US operations have the ability to retrieve the information from Microsoft's servers in Ireland. The mere fact that the data is in Ireland is no reason that the US company can't be ordered to retrieve the data they control and have access to.

          Similarly, if you were being investigated for a crime you could be required by the courts to turn over the records of you Swiss bank accoun

  • Cuts both ways (Score:4, Interesting)

    by jmv ( 93421 ) on Friday August 01, 2014 @09:22AM (#47581147) Homepage

    It's going to be interesting when the Chinese government issues Google a warrant to get data from the US.

    • Is Google a Chinese company?

      • by thaylin ( 555395 )
        Itis a multinational with headquarters in China, so yes, so the same degree that it is a US company.
        • Then I would say, if China has evidence that the Chinese Google office has done illegal things in their country, and hidden the evidence on US servers, then yea, they should be able to get a warrant for that information, and vice versa.

          • by thaylin ( 555395 )
            You are using this "hidden the evidence" phrase as though this is the issue happening here. It is not. There is data of some possible issue on the other servers. There is no evidence that they hide it there as a direction action. And in any case, NO, China should be required to go to the US courts and ask permission to get that information, otherwise, as I stated previously, our privacy and freedom takes a direct hit. There is a reason for sovereignty of nations.
            • To be honest, I'm kind of up in the air on this one; on the one hand, I hate the fact that rich people and corporations use national borders to commit crimes (like hiding assets from taxation); On the other hand, I know that if the precedent is set, our government will abuse the holy living shit out of the privilege.

              I suppose the wise decision would be to err on the side of caution and limit the government's ability to access information. Better 10 guilty men go free than one innocent suffer, right?

          • by zlives ( 2009072 )

            the issue is not of Goggle the company having done wrong but rather a Chinese criminal (dissenter?) may be hiding data outside China and Google must then open access for prosecution according to the laws of China.

    • by tomhath ( 637240 )
      I didn't know Google was a Chinese company.
  • Bye bye US cloud (Score:5, Insightful)

    by johanw ( 1001493 ) on Friday August 01, 2014 @09:22AM (#47581151)

    Microsoft always sold their cloudservices in the EU with the argument that the data is physically located outside the US so the Patriot Act doesn't apply. Now that this has been proven false, EU-based cloudfirms will use this argument to choose a non-US based firm even more in their commercials than they do already. Good for the non-US based firms.

    • by Trepidity ( 597 )

      Yeah they've been really playing that up angle when competing against Google Apps for Business in particular.

    • by Nemyst ( 1383049 )
      Problem is that this case could repeat itself for any company operating in the US, even if the entire hosting is in the EU. EU-based cloud hosts would have to NEVER do business in the US in order to be off-limits, basically (and even then I'm sure they could find a reason).
    • by Jahta ( 1141213 )

      Microsoft always sold their cloudservices in the EU with the argument that the data is physically located outside the US so the Patriot Act doesn't apply. Now that this has been proven false, EU-based cloudfirms will use this argument to choose a non-US based firm even more in their commercials than they do already. Good for the non-US based firms.

      Yes indeed. In my current job, we are currently looking at cloud providers. We'll be watching this case (and the appeal) with great interest!

  • by MobyDisk ( 75490 ) on Friday August 01, 2014 @09:24AM (#47581171) Homepage

    Is there something equivalent to "extradition" laws, but that apply to overseas evidence instead of oversees defendants?

  • Murica (Score:4, Insightful)

    by korbulon ( 2792438 ) on Friday August 01, 2014 @09:31AM (#47581225)

    I never fail to find the bravado and hubris underlying American exceptionalism... exceptional.

    Land of the free... as long as you're not in one of our many many prisons ( http://nomadcapitalist.com/201... [nomadcapitalist.com] ), which has a higher per capita incarceration rate than Cuba, which is second on the list. Oh, and speaking of Cuba, there's always http://en.wikipedia.org/wiki/G... [wikipedia.org].

    Home of the brave... because you'd be pretty brave too if your military budget was larger than the nearest eight other countries combined ( http://pgpf.org/Chart-Archive/... [pgpf.org] )

    Where all men are created equal... except, of course, when they're not ( http://www.pbs.org/newshour/ru... [pbs.org] ) and a man can make something from himself even if he starts out life with nothing (but probably not): http://money.cnn.com/2013/12/0... [cnn.com] )

    And where the rule of law is universal and sacrosanct... except in those cases where it's not convenient ( https://www.globalpolicy.org/u... [globalpolicy.org] ) and ( https://www.eff.org/nsa-spying... [eff.org] )

    Oh well, enjoy your "freedoms".

  • by Type44Q ( 1233630 ) on Friday August 01, 2014 @09:32AM (#47581237)
    In other news, judges in North Korea, Iran, Indonesia, Saudi Arabia, the UK and China all declare their rulings (regarding international jurisdiction of their respective nations' laws) to have jurisdiction internationally...
    • Re:In other news... (Score:4, Interesting)

      by Jason Levine ( 196982 ) on Friday August 01, 2014 @10:18AM (#47581591) Homepage

      Sadly, North Korea, Iran, Saudi Arabia, and a bunch of other countries have wanted this for awhile. They want the "law of the Internet" to be that if you do X and you doing X is visible in their country where X is illegal, you've broken the law and can be prosecuted. They drool at the thought of being able to force their laws on the Internet at large. Sadly, this US judge is only helping their plan with his short-sighted ruling.

  • Better still, web-based companies with datacenters in many jurisdictions could store your data in a completely distributed fashion, where it isn't possible to retrieve the original without access to all (or at least several) of the servers. So they could subpoena all the data held in the US, and the UK, and Australia, and all the other surveillance states, but without a copy of the complementary data in Switzerland and Belize and on a pirate barge in the middle of the Pacific, they won't be able to reconstr
  • by green1 ( 322787 ) on Friday August 01, 2014 @09:45AM (#47581331)

    This is one more reason to make extra sure that companies that you deal with have zero US presence. In fact in many jurisdictions it would be illegal to follow these US laws due local privacy laws. By doing business in the US, any data on individuals that you have, even stored in other jurisdictions is subject to their laws, meaning you'll often have the choice of breaking US law, or breaking the laws of the country you're in.

    Much safer to just avoid all dealings with the USA.

  • by jader3rd ( 2222716 ) on Friday August 01, 2014 @09:46AM (#47581339)
    As a reader of Slashdot, I know that Microsoft only exists for the sole purpose of spying on behalf of the US government. So I know that this story is pure fiction. I mean whoever made it up didn't even put much effort into good names; Brad Smith? Come on, that's so generic.
  • MS's employees in Ireland might be criminally liable in the EU if they transmit the data outside EU borders. They might really really like Microsoft, but to the point of being willing to go to prison for the company? I think not.

    We could potentially end up in a situation where the main branch of MS screams at the EU branch from across the Atlantic and no one over here is willing to comply.

  • And told the US courts that it must make its request through them.

  • but a New York judge ruled against them, responding to prosecutors' worries that web service providers could just move information around the world to avoid investigation.

    IANAL but when information is subpoenaed the company is breaking the law if they move, destroy or hide any requested information. If the party receiving the subpoena is found to have hidden evidence then the judge can rule against them as if the evidence was available and damaging. (it's more complicated than what I'm saying but I think this is the basic process) So I'm not really sure what the prosecutors are worried about that isn't already adequately covered under current law. It would be no differen

  • by redelm ( 54142 ) on Friday August 01, 2014 @10:50AM (#47581847) Homepage

    A warrant is not something that requires cooperation. It is legal permission for investigators to break-in to a certain place, search for and take listed things. So if this is justified, let them do it!

    The warrant should allow particular investigators to break-into whichever servers listed, grep around and download listed items. Done. If they cannot, find 1337r agents. If you need keys, get warrants for physical access to machines.

    These "compell" warrants are quite a stretch -- they compell MS to violate EU law, to certify what they turn over, and to never be sure they've fully complied (how could they know they got it all)?

  • by ledow ( 319597 ) on Friday August 01, 2014 @11:00AM (#47581953) Homepage

    If Microsoft comply, they will be sued by their EU customers and maybe even the EU governments themselves.

    There's a reason that jurisdiction applies. You can't be legally required to do something in one country, and then legally required by another country to not do it.

    Sorry, US, but if Microsoft comply without getting it right, the EU are likely to fine them into oblivion, and the EU is JUST AS BIG, if not larger, a market as their US market.

    Seriously, America, you do not own the world.

You are always doing something marginal when the boss drops by your desk.

Working...