Microsoft Defies Court Order, Will Not Give Emails To US Government 419
schwit1 sends this excerpt from a report about Microsoft:
Despite a federal court order directing Microsoft to turn overseas-held email data to federal authorities, the software giant said Friday it will continue to withhold that information as it waits for the case to wind through the appeals process. The judge has now ordered both Microsoft and federal prosecutors to advise her how to proceed by next Friday, September 5.
Let there be no doubt that Microsoft's actions in this controversial case are customer-centric. The firm isn't just standing up to the US government on moral principles. It's now defying a federal court order. "Microsoft will not be turning over the email and plans to appeal," a Microsoft statement notes. "Everyone agrees this case can and will proceed to the appeals court. This is simply about finding the appropriate procedure for that to happen."
Let there be no doubt that Microsoft's actions in this controversial case are customer-centric. The firm isn't just standing up to the US government on moral principles. It's now defying a federal court order. "Microsoft will not be turning over the email and plans to appeal," a Microsoft statement notes. "Everyone agrees this case can and will proceed to the appeals court. This is simply about finding the appropriate procedure for that to happen."
Comment removed (Score:5, Interesting)
Re:That's nice, but... (Score:4, Interesting)
What, is this all just for show? Why would the Feds want to make news over them demanding the data from Microsoft?
Is this just to make us believe they can't get the data without Microsoft's cooperation?
Re:That's nice, but... (Score:5, Interesting)
What, is this all just for show?
Its either plausible deniability or the need to demonstrate an unbroken and untainted chain of evidence. The NSA may in fact already have access to this data. But acting like they don't, or even loosing a minor case might set other criminals at ease about the security of their data within the Microsoft infrastructure. And they won't switch to a more secure platform. The chain of evidence might be needed to keep a subsequent trial from being thrown out due to tainted evidence. The NSA may already have the evidence (through questionable means), but getting a clean copy removes issues of it being fruit of the poisonous tree [wikipedia.org].
Re:That's nice, but... (Score:5, Informative)
Could you give an example of a more secure platform?
Sure. Any e-mail system which has users encrypt/decrypt their content locally and then use the storage and transport system solely for storage and transport Slap some directory and key management for (public keys only) on top of that and there you go.
You (the gov't) subpoena the content from the service provider? Sure, here's an encrypted copy. We don't have anything else. Need that decryption key? Go see the sender or recipient. We don't have that.
Re: (Score:3)
Ain't you so glad now that Microsoft has finally becomes a company with "MORAL PRINCIPLES"???
Technically true, though - if you define "protecting next-quarter profits" and "not wanting every country they do business in demanding the same favors" as moral principles.
From Microsoft's chair, they have no choice but to fight this - how many non-US countries and corporations are going to subscribe to Office365 and other MS-cloud services if it's publicly known that MS will give your information to a foreign government?
Re: (Score:2)
"Backdoor"? More of a freeway with HOV lanes.
Re:That's nice, but... (Score:5, Insightful)
The government could almost certainly get this data by going through the proper procedures in Ireland. That they can also get it surreptitiously doesn't matter; they're trying to establish precedent that they can legally get any data held by any US company anywhere in the world without involving any other government; that precedent is the important part, not the particular data involved.
Re:That's nice, but... (Score:5, Informative)
The government could almost certainly get this data by going through the proper procedures in Ireland.
Maybe not. If the Irish government caves in to American pressure, then data centers will start leaving Ireland, taking money and jobs with them, just like they are already leaving America. If Microsoft loses this case, and the extra-territorial reach of American Law is upheld, then, if you want privacy, you will need to not only store your data outside America, but not even with a company that does business there. The American government cares more about reading our mail than about keeping our jobs.
Re:That's nice, but... (Score:5, Insightful)
Will they? There are a lot of advantages to running this in Ireland: low tax rates without the negative publicity of operating in a tax haven, other favourable financial and tax rules that allow foreign companies to book their profits there to further reduce their tax bills, a skilled workforce, good infrastructure, and all the up-front costs that come from building and equipping the data centre in the first place have been paid already. Call me cynical, but I'm not convinced that many data centres will move if Irish law allows the authorities to get this data.
Re:That's nice, but... (Score:5, Interesting)
Isn't there a NSA backdoor to MS?
They do. The feds already have the data but cannot use it in court. Getting the companies in question to play ball is essential for legal procedures, not for the actual data acquisition.
Re:That's nice, but... (Score:5, Insightful)
Dunno, the Russian FSB has actually wrung Windows code reviews out of Microsoft so if they didn't find any back door in that code I'd say there are none to find..
A viable alternative is that they found and use the same back doors available to the NSA. It's speculation either way, because there are no independent reviews of Microsoft's source code and shipped binaries. The released binaries may not even match the source they provided for review.
Re: (Score:3)
code reviews are perfect and impossible ? (Score:5, Insightful)
> Russian FSB has actually wrung Windows code reviews out of Microsoft so if they didn't find any back door in that code I'd say there are none to find...
So it's entirely possible to do a code review of an entire operating system and be sure that there are no vulnerabilities?
Of course, you can't be sure that something as simple as an ssl library is safe, but an entire OS is no problem. Despite the fact that there's no way to know if the code you're reviewing matches the installed binaries.
> there is always the option of doing a personal code review of what is it now, 200 million plus? lines of Linux source code and then compiling your own Slackware
Yep, that'd be even easier than the Windows code review, especially since thousands of other people have already done some initial review for you. You can then compile it yourself and know that the source code matches the binary, unlike Windows.
(The trojaned compiler attack is fairly trivial to defeat, so don't bother going there .)
Re:code reviews are perfect and impossible ? (Score:5, Interesting)
Pick two or three compilers from different sources. It's okay if they are all trojaned.
Compile each compiler with the other two compilers. Unless they are all trojaned in precisely the same way, including exactly the right cross-trojans for each other, you can see which one(s) can be trusted.
https://www.schneier.com/blog/... [schneier.com]
Other defenses are also available. If you don't have the source to the compiler, you write a loop that automatically builds up the program line by line from "return 1". If adding one line of ansi C code adds several kilobytes of binary, there's a problem. Inspect the newly added portion using your choice of tool.
customer-centric (Score:5, Insightful)
Microsoft's actions might seem "customer-centric," but really they're fighting for their lives.
If MS can be forced to give up European data, stored on European servers, that's game over for them.
Lawsuits and investigations will flourish in Europe, because their data protection laws are much stronger/stricter than ours.
This could kill MS's European business.
Re:customer-centric (Score:5, Insightful)
You mean "Kill every company on the internet's business that serves customers in Europe and America."
Legal precedent would compel Google, and everyone else, to do the same stupid thing this judge has ordered, who is apparently unaware of international laws and seems to assume that US law is the only thing that exists or even should exist. If MS loses, everyone loses.
Re: (Score:2, Insightful)
judge has ordered, who is apparently unaware of international laws and seems to assume that US law is the only thing that exists or even should exist
A judge is demanding a United States company to play by the rules of the United States? And you have a problem with that? US law is and should be the only law the judge needs to consider. If US laws are incompatible with other nation's laws, then don't blame it on the judge, complain to your legislators.
Re:customer-centric (Score:4, Insightful)
Another great reason for an inversion besides taxes.
Re: (Score:3)
It wouldn't matter - any company with a presence in the US would be at risk, no matter where they hoard their earnings.
US laws ---- vs the world and blowback (Score:4, Informative)
Re: (Score:3)
Re:customer-centric (Score:5, Interesting)
A judge is demanding a United States company to play by the rules of the United States?
NO! This ruling is not limited to only American companies. It also applies to anyone doing business in America. So if America wants banking records of a German citizen, living in Germany, they could compel Deutschbank to provide them. Likewise, if the Chinese government wants records for an American citizen's account at Bank of America, then America will have no reason to protest since BofA has offices in China, and the principle of extra-territorial subpoenas has been established. If Microsoft loses this case, it will be a terrible precedent, and a victory for oppressive governments all around the world.
Re: (Score:3)
That assumes that the US division of Deutsche Bank actually has access to the banking records of German citizens. If the chain of command is set up correctly within the company, then the US division should be unable to get access to German records without the agreement of someone sufficiently senior in Germany.
Employees located in a different country would not be subject to the laws, but they are still subject to the hierarchy of their own business - that is if their boss is located in the US and compelled
Re:customer-centric (Score:4, Informative)
Re: (Score:2, Insightful)
The data is owned and controlled by the US division of Microsoft. The judge issued a decree that the US division of Microsoft must produce the data. If Microsoft does it from foreign servers, or local copies, or by recording the farting of the birds, no one cares. All that matters is that the US division of Microsoft must produce the data.
The fact that the data is currently stored overseas is irrelevant.
Re:customer-centric (Score:4, Informative)
The data belongs to a US company, and is on servers which US based employees have access to. Those employees are beholden to US laws, and should retrieve the data if directed to do so by a US court.
Also the Irish company is a subsidiary of the US company. The Irish employees don't have to obey US law, but they do have to obey their bosses who in turn do have to obey US law.
So long as the data is stored on servers operated by an organisation which has a chain of command extending upwards in the US, they are beholden to the demands of the US government. The opposite probably wouldn't apply, as the Irish employees wouldn't have seniority over the US and thus couldn't compel them to do anything.
If they don't like it, the Irish part could be spun off as an entirely separate entity free of US control.
Re: (Score:3)
The Irish employees don't have to obey US law, but they do have to obey their bosses who in turn do have to obey US law.t compel them to do anything.
Not if what the US bosses ask them something which is forbidden by Irish law.
Re: (Score:3)
I'm not a Microsoft fan in any way, but MS is dead right on this one. A US judge does not have jurisdiction over foreign e-mails. He can claim jurisdiction all he wants, butwishing will not make the world bend to his black-robed will.
Well, whether this survives appeal is anybody's guess. However, if the US Supreme Court upholds it then MS will end up turning over the data. This isn't about making the world bend to his "black-robed will" - this is about making Microsoft bend to it. Once the appeals are exhausted they'll be told to produce the data. If they refuse then they'll be fined a million dollars a day, and the fines will be increased if that doesn't seem to be enough. Eventually Microsoft either goes out of business, or it ca
Re: (Score:2)
He may be aware of other country's laws. He just doesn't care. When/until the USA signs a treaty on this companies with physical presence in the USA are going to give up data when ordered.
Re: (Score:3, Funny)
Re:customer-centric (Score:5, Interesting)
You mean "Kill every company on the internet's business that serves customers in Europe and America."
Legal precedent would compel Google, and everyone else, to do the same stupid thing this judge has ordered, who is apparently unaware of international laws and seems to assume that US law is the only thing that exists or even should exist. If MS loses, everyone loses.
Actually, this same scenario happened with the banking industry and what the judge is proposing actually follows the international law and treaties that came out of it. In short, it doesn't matter where the assets are stored as to who has jurisdiction, but as to who has control over them. For instance if the IRA had deposits in Irish Allied Bank, but the cash was stored in the US, then the Irish Government could still freeze the account. So, if the data is stored somewhere else, but the company is headquartered in their land, why not the same thing?
Re: (Score:3)
Re:customer-centric (Score:5, Insightful)
It's all just a matter of legal principle. Can any internet company be publicly ordered to break laws in other countries, regardless of where it is based. So M$ is challenging the order to publicly establish a principle and protect it and all other internet companies in this regard. Technically speaking all other internet companies are now getting a free ride on M$'s dime, so it seems sometimes they do pay back to the industry. This is an important principle of law and something the US Federal government should be paying attention to and legislating to ensure the future of all US internet companies is not severely threatened.
Re: (Score:2)
Can any internet company be publicly ordered to break laws in other countries, regardless of where it is based?
Why shouldn't they? MS is a United States company. Why should MS, or any other corporation, be able to only abide by US law when it is convenient for them, and break it other times? If the laws of two jurisdictions are incompatible with each other, the corporation should have to make a hard choice and only operate in a single jurisdiction, and use other avenues to expand business to the other.
This is not a case of the US trying to compel a European Company into doing something, it is compelling Microsoft, s
Re:customer-centric (Score:5, Insightful)
Can any internet company be publicly ordered to break laws in other countries, regardless of where it is based?
Why shouldn't they? MS is a United States company. Why should MS, or any other corporation, be able to only abide by US law when it is convenient for them, and break it other times? If the laws of two jurisdictions are incompatible with each other, the corporation should have to make a hard choice and only operate in a single jurisdiction, and use other avenues to expand business to the other.
This is not a case of the US trying to compel a European Company into doing something, it is compelling Microsoft, subject to US law, to turn over data it holds, albeit in a different company. If an American individual is subpoenaed for information relating to a crime, resisting turning it over because it's held in a safe deposit box abroad, is no more an acceptable excuse than "it's in my other pants".
An individual in the United States must abide by US law even when abroad, in addition to abiding by the rules of the foreign country. It's still illegal for an American to smoke weed or solicit 14 year old prostitutes abroad, despite those being legal in some places of the world. If American persons have to play by United States rules 24x7, why should a corporation get to pick and choose?
The US legal system starts and ENDS at the US borders. You seem to have completely misunderstood this situation, For example your safe deposit box example, if the US wanted the contents of a safe deposit box in Europe they cannot legally seize it, doing so would be a violation of europan law and the US officials doing it would be guilty of bank robbery and treated like any other common criminal. They must go through the countries legal system that holds the goods they want to seize, similarly the same applies to Data, the US can get access to it as long as it follows the appropriate laws and procedures. What the US government is trying to do is say other countries laws don't matter with data and therefore are asking a US companies to break another countries laws. You yourself said it that when in other countries you must abide by that countries rules, you cannot compel an individual or company to break the laws of another country. No one is suggesting that MS gets to ignore US laws, it is the US government saying that they get it ignore other countries laws and can compel US companies to do the same while they are in those countries.
Since when did Microsoft become a EU company (Score:3, Informative)
The US legal system starts and ENDS at the US borders.
Microsoft is headquartered and incorporated in the US and thus subject to US law. QED.
Re: (Score:2)
The legal question is not so much where the corporation is based, but who owns the data that they have been entrusted with.
Re: (Score:3)
The question is not about whether they are subject to US law, they are, it is whether US can tell a US based company to ignore another countries laws. The argument here is that what the US court is demanding isn't legal and the US doesn't have the legal authority to do.
Re: (Score:3)
Microsoft is headquartered and incorporated in the US and thus subject to US law.
The data in dispute is not subject to US law.
Microsoft Ireland Operations Limited leases and operates the data center in question.
A US judge has no jurisdiction.
QED
Re:Since when did Microsoft become a EU company (Score:4, Insightful)
Microsoft is headquartered and incorporated in the US and thus subject to US law.
Yep. That's completely true. So if there were some data held on a server in the EU, and a judge decided it was relevant to a lawsuit and demanded that it be presented, they could reasonably hold some representative of the corporation to be in contempt of court until such time as they produced the data in question. However, it would not actually establish any entitlement to that data, nor make it not a violation of various laws if they were to seize it be force.
QED.
QED, what you have said is irrelevant.
Re: (Score:2)
The analogy is right, your understanding of the law is not. If a USA company had records in a Europeans safe deposit box a USA federal court could demand they retrieve it and present it to the court. They would not have to get a warrant in Europe. That's an option of course but just an option.
Re: (Score:2)
No, the others had it right. To draw on the analogy some more, the US isn't invading Europe to open the safe deposit box: it's ordering Microsoft to produce documents that it knows they possess, which is something that courts all over the world are allowed to do and do all the time. As a US company, Microsoft is subject to US law, even when abroad (e.g. laws outlawing bribes in foreign countries), including orders to produce the requested information. If I'm the bookkeeper for an organization, the courts ca
However... (Score:3)
Re: (Score:2)
This isn't seizing. This is ordering an entity to produce evidence. Yes, the US could order a US company to produce the contents of a safe deposit box in Europe. If the company doesn't comply, the US arm would be fined until it does comply. That is if the US couldn't get cooperation from local authorities to get it seized.
The US government isn't saying anything about other countries' laws not applying. The US government is saying its own do. Where there is a conflict, it really isn't the US government's pro
Re:customer-centric (Score:4, Interesting)
if the US wanted the contents of a safe deposit box in Europe they cannot legally seize it, doing so would be a violation of europan law
They can't take the box by force, but the US can instead throw you, the owner of it, in the slammer until you cough up the requested evidence. Where the evidence is, is irrelevant.
Re:customer-centric (Score:5, Insightful)
Actually they data is in Europe the judge is trying to say since they have access to it from the US they need to turn it over. The data is under the control of a division incorporated in Europe.
There is established procedure to get this it called ask the European courts.
Re: (Score:2)
Are the emails that the government wants the emails of Americans or Europeans? If they belong to the latter, and they are stored on European servers, it is calls into question on what legal basis the United States government has to view those emails.
For what it is worth, I work for a United States based company that works in the legal technology field. We have operations in Europe. We had to stand up separate infrastructure in Europe in order to comply with European data privacy laws for our European cli
Re: (Score:2)
The answer is going to be yes. The USA government can order USA companies to break other country's laws. The alternative would be that the USA loses sovereignty on its own soil. I'd say that Microsoft is just making it crystal clear there is a real problem so perhaps a treaty can be negotiated.
Re: (Score:2)
It's all just a matter of legal principle. Can any internet company be publicly ordered to break laws in other countries, regardless of where it is based. So M$ is challenging the order to publicly establish a principle and protect it and all other internet companies in this regard. Technically speaking all other internet companies are now getting a free ride on M$'s dime, so it seems sometimes they do pay back to the industry. This is an important principle of law and something the US Federal government should be paying attention to and legislating to ensure the future of all US internet companies is not severely threatened.
Should a bank be publicly orederd to break laws in other countries, regardles of where it is based? That has already been answered in the affirmative. Banks are held to the laws of the country they are chartered in. Why should internet companies be different? Microsoft has no problem trying to hold foreign companies liable for US patent infringement, even if their local patent laws are different. Companies can't have it both ways. If you are a US company, you can't cry foul when US laws work against you b
Re: (Score:3)
Microsoft has protected themselves. Their notices indicate that giving data to Azure is agreement to exporting the data. Thus Azure cannot store data for which export is illegal. Essentially they are in a terrible bind where USA law and European law conflict and now they are pushing against both with two different strategies.
IMHO there is no chance they win their appeal in the USA federal courts. USA courts are not going to allow court ordered subpoenas to not be binding because the entity being subpoen
Re: (Score:2)
Microsoft's actions might seem "customer-centric," but really they're fighting for their lives.
If MS can be forced to give up European data, stored on European servers, that's game over for them.
Lawsuits and investigations will flourish in Europe, because their data protection laws are much stronger/stricter than ours.
This could kill MS's European business.
What largish Linux push in Europe was squashed in favor of MicroSoft products?
Microsoft has a lot to lose if they ignore international law and act as
the blind agent of a US court.
China is working to replace all MS and Cisco software already as
well as replace all Intel and other non-Chinese processors with their own
chip designs. Their early hardware efforts have shown that there
are few technical problems in their way to nationalize large markets.
Re:customer-centric (Score:5, Insightful)
Its an American's data stored under a European account in European servers.
Perhaps. But if it was an American, residing on European soil, there would be extradition procedures to follow. And those would involve having the local (EU) police generate their own warrant and make their own arrest based upon a formal request. The aprehended suspect would then be turned over to the requesting country.
The same sort of thing should happen here. The USA should make a formal request to the Irish court to secure the evidence and turn it over to US authorities.
Re:customer-centric (Score:4, Interesting)
Its an American's data stored under a European account in European servers.
Perhaps. But if it was an American, residing on European soil, there would be extradition procedures to follow. And those would involve having the local (EU) police generate their own warrant and make their own arrest based upon a formal request. The aprehended suspect would then be turned over to the requesting country.
The same sort of thing should happen here. The USA should make a formal request to the Irish court to secure the evidence and turn it over to US authorities.
That is true, but it's not about an American, but an American's data that is in question. You can only extridte people. If an American only needs to store their data in a foreign country to keep from complying with a warrant, then every criminal organization will do that. What the court is saying is that jurisdiction follows whoever has control over the data, which in this case is Microsoft, but could just as easily be drug cartel or terrorist group.
Re: (Score:2)
But if an American visits a foreign country, they and their property are subject to the laws of that county. We expect the same of foreign visitors entering our country. And if that foreign countries data protection laws differ from those of the USA, they should still be honored.
Having some foreign government insist on the right to root around in their citizens possesions while in this country, either as a tourist or a refugee would open up a human rights as well as an intellectual property can of worms. I
Re:customer-centric (Score:5, Insightful)
But if an American visits a foreign country, they and their property are subject to the laws of that county. We expect the same of foreign visitors entering our country. And if that foreign countries data protection laws differ from those of the USA, they should still be honored.
Having some foreign government insist on the right to root around in their citizens possesions while in this country, either as a tourist or a refugee would open up a human rights as well as an intellectual property can of worms. Imagine an H-1B worker's home country insisting on receiving copies of all of their work product while employed here.
But the criminal in question didn't visit Ireland and leave his data there. Microsoft didn't visit Ireland, either, but it did send the data there. Also, this is not tangible personal property. It is a bunch of electrons.
As for the H-1B worker, that is a strawman argument and has nothing to do with this. Here is a concrete example of what is going on here. I steal a painting in the US and send it via FedEx to Amerstam where it sits in FedEx's hangar waiting to be picked up. The feds arrest me and ask FedEx to send the painting back for evidence. Should FedEx say no, because it is now in their possession in a foreign country? Before you answer, the courts have already answered it and said yes, FedEx would need to return it as long as it is still in their possession.
Or, lets say two child pornographers both store the pictures they have taken in the US (so US law is broken) on Google's servers and one of the pornographers pictures happen to reside on a server under Google's control in Ireland and the other on a server under Google's control in the US. Is guy who had the luck of his data being routed to Ireland off scott free while the other guy goes to jail, when both of these accounts and servers are under Google's control? While the courts haven't answered this question, they have done so with banking and found that US banks must still turn over seized assets of US bank holders even if those assets are now held in foreign countries. Most other countries also have the same laws, too.
So, the question really is whether or not a criminal should be able to use a US company to hide it's data just because the US company has a server farm somewhere other than the US?
Re:customer-centric (Score:5, Informative)
But if it was an American, residing on European soil, there would be extradition procedures to follow. And those would involve having the local (EU) police generate their own warrant and make their own arrest based upon a formal request.
If you had followed this case, you would know that this is exactly what the US tried to do.
The US asked an Irish court to issue a warrant to force production of the data. The Irish court refused to issue the warrant. So, the US issued a subpoena to Microsoft, who rightly told the US that although the data was on a Microsoft computer, the data was owned by a customer of Microsoft, therefore a warrant would be required. The US court then issued a warrant for Microsoft to produce the data. Microsoft refused, noting that the data was in a foreign country, and warrants are only valid when issued by a court that has jurisdiction over the location of the requested object/data/person. No US court has jurisdiction over Irish soil, thus we end up at today's story.
The actual point of Microsoft's appeal is that the US wants to have a court to be able to issue an order that has the all the advantages of both a warrant and a subpoena, while ignoring their limitatations. The problem with this is that subpoenas are allowed to be fairly vague and apply to anything that is "owned" by the target of the subpoena, regardless of where it is located. Warrants, OTOH, can force the target to hand over something they don't own but over which they have control, but can only request very specific items/data, and have to be issued by a court that has jurisdiction over where the item/data is located.
Re:customer-centric (Score:5, Insightful)
Except it isn't European data, Its an American's data stored under a European account in European servers. Small difference.
It is not the data that is the issue.
It is a US Judge requiring a company to reach out across international borders and
as an agent of the judge grab the data and spirit it across international borders and
deliver it to the judge. This something that the US judge could not require of the
State Department, CIA or NSA any other government agency to do.
If it was not data the rule would be more obvious. If a storage company had
a large box of cigars perhaps from some random country close to Florida could that
company be compelled to ship that box of cigars to the judge to determine
if the owner of the box of cigars was engaging in the trade of and trade with
a foreign country that the US has issues with. Only by inspection of the
contents of the box would the judge know.
Now it is possible that Cuban cigars are no longer the smoking gun of illegal
trade with Cuba but the point is that this judge is forcing a company to reach out
across international borders and do the judges bidding.
What if the company name was Blackwater Security Consulting (since renamed Academi)
and that company was directed by a judge to import or export anything or anyone
at the behest of the judge (with or without payment for services BTW).
If it was a physical container the decision in my mind is obvious
that the judge is reaching, reaching, reaching well beyond charter and
jurisdiction.
It gets more interesting if the transport of the physical container crosses
other international borders. Most nations have laws that prohibit trafficking
in stolen goods. So a packet map showing how each and every fragment
of this container traveled could also be a topic of a United Nations inquiry.
Blood diamonds, ebony, ivory... trafficking in crime tainted desirables and
this judge covets this stuff.
Re: (Score:3)
European servers owned and managed by a US company. While there may be local employees in the EU, they are ultimately answerable to more senior US based employees within their own company and therefore to US law.
Data stored in Europe. Which may only be surrendered if someone gets a warrant that is valid in the European country. It doesn't matter who owns the company. If Ireland issued a warrant for the data, then Microsoft couldn't say "we are a US company", they would have to obey an Irish warrant for data in Ireland. If the USA issues a warrant for data in Ireland, then Microsoft has no right to surrender the data. Again, doesn't matter whether Microsoft is a US country or not.
Re: (Score:2)
Microsoft's actions might seem "customer-centric," but really they're fighting for their lives.
If MS can be forced to give up European data, stored on European servers, that's game over for them.
Lawsuits and investigations will flourish in Europe, because their data protection laws are much stronger/stricter than ours.
This could kill MS's European business.
Which would kill Microsoft because that would provide enough of a critical mass to overcome the barriers to entry that Microsoft has erected in the Office market - wipe Microsoft out of Europe, and Europe would move to a truly open document format. And to communicate with Europe, the US markets would have to be able to read/write such formats - and actually do it WELL.
And once that happens, the money Microsoft makes on Office is gone....
Maybe we should be cheering this judge on?
This case is about a search warrant for a suspect's email that happens to be hosted on a server that Microsoft owns in Ireland. Even if Microsoft has to comply with the law, it won't have the impact you are implying.
Customer-centric? (Score:3)
I don't see them as customer-centric as much as self-serving. There is definitely a trend of non-US companies moving or thinking of moving their data off US servers. Moving them off US company/subsidiary servers in other countries is a huge threat to Nadella's cloud-focused Microsoft.
It is a rational self-interested decision that may be good for consumers.
More accuratly "self preservation" (Score:2)
It is a rational self-interested decision that may be good for consumers.
Of course it's "self interest", and more accuratly "self preservation". Micrsoft is a business that ultimatly has to answer to their stockholders. If it comes to pass that US "law enforcement" can reach out and get personal data from non-US servers, it will completely destroy Microsoft's European business, due the the much stricter data privacy laws in Europe. It would be "game over" for Microsoft in Europe.
Re:More accuratly "self preservation" (Score:4, Insightful)
By a not too unreasonable extension of the theory that allows the judge to compel microsoft to deliver things they control on a computer in another country - I see no reason exactly the same would not apply to compelling them to deliver a personalised update to one particular computer and deliver access to that computer - wherever in the world it was, and whoever owned it.
Re: (Score:3, Insightful)
Re: (Score:2)
Well its not just MS, ANY company. Google, Apple, etc would be effected by this as well.
Of course. Which is why all the multi-nationals that you mention will weigh in with "Friend of the Court" briefs.
Re: (Score:2, Troll)
Re: (Score:2)
Well its not just MS, ANY company. Google, Apple, etc would be effected by this as well.
The technical solution would be to design their storage in such a way that it is _impossible_ for the company to read a customer's data.
Re: (Score:2)
It is a rational self-interested decision that may be good for consumers.
Of course it's "self interest", and more accuratly "self preservation". Micrsoft is a business that ultimatly has to answer to their stockholders. If it comes to pass that US "law enforcement" can reach out and get personal data from non-US servers, it will completely destroy Microsoft's European business, due the the much stricter data privacy laws in Europe. It would be "game over" for Microsoft in Europe.
No, it won't. Europeans will still have the same protections they do under their laws. However, US citizens committing a crime in the US won't be able to store their data on foreign servers of American companies and have it safe from authorities. In otherwords, if a US crime is committed, it doesn't matter where the US company hosts its server farm, it is still under the control of that company and subject to the authorities.
If Microsoft wins this challenge, then there will be no server farms in the US beca
Re: (Score:2)
No, it won't. Europeans will still have the same protections they do under their laws. However, US citizens committing a crime in the US won't be able to store their data on foreign servers of American companies and have it safe from authorities. In otherwords, if a US crime is committed, it doesn't matter where the US company hosts its server farm, it is still under the control of that company and subject to the authorities.
You are incorrect. the case would impact Europian Microsoft customers as well. Indeed, the account in question is almost certainly held by a non-American.
Re: (Score:2)
Self serving and customer-centric are one and the same in this case. I see nothing wrong with that, and I have nothing but respect for Microsoft doing this. They will likely be facing down some pretty serious daily fines while they wait for this to play out, at least judging from how cases like this have gone in the past. Good on them, whatever their motives.
Microsoft is fighting a warrant about turning over a customer's emails in a criminal case. Are you really arguing because the electrons are sitting on an SSD in Ireland, the criminal should go free, even though Microsoft has full control over those electrons? The individual didn't instruct Microsoft to store the data there, Microsoft did it of its own volition.
I can't believe I'm saying this, but... (Score:2)
Not that I personally have anything to worry about, as I always assume people are reading my emails. And being bored to tears by them.
And on a side note... (Score:5, Insightful)
re I don't care (Score:5, Informative)
Frankly, I don't care if MS is standing up out of self-interest or for some other cause, the tyrants in D.C. need to be stopped. Period.
You can't apply U.S. laws to the world at large, regardless of your 'legal' standing.
Many U.S. organizations have presence and pay taxes in many different jurisdictions, making them subject to that particular territory's law. Will the U.S. allow some other country to violate U.S. laws because the subsidiary is present, in say, Aman and thus, by extension, the entire organization is subject to Aman's Law?
The answer is no, because jurisdiction is territorial. You can't apply Ireland's law to MS in the U.S. simply because they have a corporate office there, thus the reverse is true too: you can' t apply U.S. law to a subsidiary in Ireland.
Who owns it is irrelevant; corporations are legal entities of their own, regardless of ownership. Ships owned by, say Americans (most cruise ships for example), are registered in Panama, thus bypassing U.S. Labor laws because who owns them is irrelevant.
Trust me, you don't want to go there: it will open lawsuits against U.S. firms, under U.S. laws, against the owners of such ships and other corporations that use underage labor, exceed working hours / conditions, etc. in other countries.
It would basically make International Law obsolete as we know it.
It appears that the U.S. Government is bent in destroying the American economy while 'preserving' American security.
Re: (Score:2)
You can't apply U.S. laws to the world at large, regardless of your 'legal' standing.
You can apply it to US citizens, no matter where they are in the world. There is plenty of legal precedent for this (you have to pay taxes on money made outside the US, for one example).
You can also apply it to corporations.
Re: (Score:2)
The motives of MS are fairly clear, they want it to be ordered with no options before they give up. But in the same vein of "it does not matter who said it, as long as it rings true", I see this as a good and true test of the long arm of federal data interrogation.
Does it really matter why? Their are not that many companies that can do this in a meaningful way. The fact that its Microsoft should not change the result that its being done. I have no particular love for them, but I do applaud them for making t
Re: (Score:2)
The answer is no, because jurisdiction is territorial. You can't apply Ireland's law to MS in the U.S. simply because they have a corporate office there, thus the reverse is true too: you can' t apply U.S. law to a subsidiary in Ireland.
And yet Microsoft has no problem trying to apply US patent and copyright laws against foreign companies. The reality here is that if I was the criminal in question and stored the data on my personal computer in Ireland, the US would ask the Irish to sieze the physical computer and turn it over and they would. However, Microsoft isn't the criminal, they are just the email provider who happens to be storing emails related to the criminal activity and happens to store it in Ireland. So, the authroities have i
Re: (Score:2)
Quick caveat that needs to be made here: the US courts are free to request any data at all from Microsoft, and the onus is (as it should be) on Microsoft to deny the request if it would mean breaching a law. After all, what's the alternative? Have the government first make a request of Microsoft for the locations of where the data is being stored, then tell Microsoft, "hey, we checked, and the laws over there are totally cool with this request, so hand it over"? The system is working how it should: a reques
Re: (Score:2)
You can't apply U.S. laws to the world at large, regardless of your 'legal' standing.
If a US Citizen goes elsewhere in the world to commit a crime, they can and do get prosecuted here for that crime. So your statement, as-is, is wrong. US Laws apply to the US, and all of its people (and businesses), regardless of where they are at the moment.
Many U.S. organizations have presence and pay taxes in many different jurisdictions, making them subject to that particular territory's law.
Other laws may apply as well, but that does not negate US law. But since you brought up taxes, that is another thing that gets paid here, regardless of where you happen to be or where you earned it. Some nations have treaties with the US that allow
Globalization (Score:4, Insightful)
I'm suspecting the zeal MS is showing in challenging the US gov't has more to do with laying the groundword of "nation-states" being neutered. This is about power in the future. If they win against the US gov't this is just one more nail in the coffin of the battle to make governments useless. This goes hand in hand with the Trans Pacific and other trade agreements. These things are designed to strip power from government.
This is just one more step in the march of capitalism that will likely destroy civilization in the long run.
Re: (Score:2, Interesting)
I would imagine it is laying groundwork for tax inversion.
Re:Globalization (Score:5, Interesting)
I would imagine it is laying groundwork for tax inversion.
I already replied in this argument, but this is probably the most insightful comment I've seen on this story. Setting up a very good reason why they should relocate their HQ for tax purposes (i.e., privacy of their files) seems a good PR move to offset any public outcry.
This is huge ... (Score:5, Interesting)
People and businesses and governments everywhere will be watching this one.
If America can force Microsoft to reach out to Ireland for data, then Germany (etc.) can force Microsoft to tunnel into America, right?
And, as mentioned, people, businesses and governments are already skeptical of the cloud, anyway.
People, businesses and governments may force "data nationalism" to become the norm.
Re: (Score:2)
If America can force Microsoft to reach out to Ireland for data, then Germany (etc.) can force Microsoft to tunnel into America, right?
Germany can try. Or they can seize all Microsoft assets in Germany, and kick Microsoft out. Argentina recently did exactly that to a company from Spain.
Re: (Score:2)
Probably not. Microsoft is a USA company. OTOH they could do it for SAP Hana customers.
Re: (Score:2)
People and businesses and governments everywhere will be watching this one.
If America can force Microsoft to reach out to Ireland for data, then Germany (etc.) can force Microsoft to tunnel into America, right?
And, as mentioned, people, businesses and governments are already skeptical of the cloud, anyway.
People, businesses and governments may force "data nationalism" to become the norm.
They already can and have been doing so for years. If Microsoft wins, there will quickly be treatise signed with most countries allowing law enforcement to access data of their citizens suspected of criminal activity, just like happened with banking.
Stop the US-centric crap already (Score:5, Insightful)
The US needs to wake up to the fact that they are not "world law." Their law ends at the boundaries of the US.
It doesn't matter if the email account in question is owned by an American. It doesn't matter if the servers are indirectly owned by an American company.
They are in a foreign jurisdiction and the US government needs to go through the judicial and legal processes of that jurisdiction if they want access to the data.
Quite frankly, fuck the "war on terror", the "war on drugs", and every other tired old excuse the US government and it's subservient courts use to try to justify shoving the US legal system down the world's throat.
Re: (Score:3)
The US could take a page from the Russians on the whole issue of legal jurisdiction. The Russians have mandated that all corporate and personal data hosted by "the cloud" must be on servers on Russian soil so there is no question of legal jurisdiction when they're trying to investigate and prosecute a case involving a Russian entity.
The US and every other nation should be doing the same thing: mandating that the data owned by their citizens and corporations be hosted in country so that it can't be "hidd
Re: (Score:2)
This is already being done. I mentioned it in a previous post on this topic. I work for a company that does legal technology in both America and Europe. We had to stand up separate infrastructure in Europe to host data for our Europeans clients. They do not want their data coming anywhere near American servers.
Re: (Score:2)
No it doesn't. Microsoft is a US entity. They aren't European. If you want European law then keep your data on European servers. Europe has a rich collection of local cloud providers. But you use Azure you are exporting your data to the USA.
The USA doesn't shove their laws down other countries throats. You don't want USA law don't buy USA products.
Re: (Score:3)
No it doesn't. Microsoft is a US entity. They aren't European.
MS is a multi-national. They could move their HQ to Ireland next week, for tax purposes, and not much would change.
The USA doesn't shove their laws down other countries throats. You don't want USA law don't buy USA products.
As slashdot readers should know, the USA frequently shoves its copyright laws for a start. The problem is not so much in buying USA products, as
"If you want to be able to sell anything in the US market, here are a bunch of laws we need you to adopt before getting our 'free' trade agreement. "
Re: (Score:3)
They would lose all the USA government contracts.
You think they do not get gov't contracts in other countries now? And there would still be a US subsidiary for that purpose if needed.
That doesn't apply to much to Europe as Europe has reasonably copyright laws.
You'd think "life plus 50 years" would be reasonable enough, but the US has been strong-arming countries to extent copyright 20 years. (until the next extension)
Re: (Score:3)
Nonsense. Microsoft is a multi-national conglomerate with seperate corporations/business entities scattered around the world. Those seperate entites are not US businesses, though they are owned by a US business, they are subject to the laws of the jurisdictions they operate in, not US law.
They are not defying an order (Score:5, Informative)
Notwithstanding some really rare cases (e.g. interlocutory), which this does not appear to be, an order is unenforceable while under appeal.
Doing what an order asks is grounds for dismissal of an appeal, notwithstanding cases where acts are made explicitly with the agreement of the parties and sometimes affirmation of the court to be without prejudice to the right of appeal. However in cases of disclosure of information, the disclosure is generally a form of prejudice (since it cannot be undone) that undermines appellate entitlement.
So it is wrong to say they are are defying an order. They are doing what everyone does on appeal.
If they were to defy an order they could be held in contempt of court. That would be an interesting story.
Re:They are not defying an order (Score:5, Informative)
Notwithstanding some really rare cases (e.g. interlocutory), which this does not appear to be, an order is unenforceable while under appeal.
Doing what an order asks is grounds for dismissal of an appeal, notwithstanding cases where acts are made explicitly with the agreement of the parties and sometimes affirmation of the court to be without prejudice to the right of appeal. However in cases of disclosure of information, the disclosure is generally a form of prejudice (since it cannot be undone) that undermines appellate entitlement.
So it is wrong to say they are are defying an order. They are doing what everyone does on appeal.
If they were to defy an order they could be held in contempt of court. That would be an interesting story.
Actually, the judge lifted the freeze on the court order, so Microsoft is in fact defying it. Microsoft states they plan to appeal, but until they do appeal, they are still defying it.
Thoughts (Score:3)
Profit centric, not customer centric (Score:3)
> Let there be no doubt that Microsoft's actions in this controversial case are customer-centric.
Nonsense. It is protecting their millions, even billions of dollars of international business, especially for their hosted email services, to make a public display of fighting this court order. It also helps protect their US business: publicly refusing a US order helps provide a history of customer privacy awareness when they try to resist a Chinese or Russian or EU court order for US held data.
And this is not an NSA "Patriot Act" order, which don't require judges and can be far, far broader than a typical search warrant or subpoena.
Maybe... (Score:2)
Maybe the US should suspend all Microsoft contracts it has while Microsoft refuses to comply with the court order.
Yahoo and MS quickly turn over to Chinese gov. (Score:2)
Maybe MS Should Ask... (Score:3)
...Who is John Galt?
Along with many other US companies and businesses as the US becomes an ever-more hostile and expensive place to base your business in.
Maybe MS will join the "inversion"-stampede of businesses fleeing the US for friendlier locales.
Once again the US government loads up the trusty foot-gun with its' hubris.
Strat
Re: (Score:2)
I agree. While the US gov't has a lot to account for, the truth multinationals take advantage of this scenario in any number of arenas. Tax invesrion and as you sugest, they might run emails that directly violate US laws onto foreign servers to exempt them from courts.
The truth is..we are laying the ground work for globalization. If governments cannot hold a multinational corporation accountable for any number of situations, who can?
Re: (Score:2)
No you aren't. The government is absolutely right. The threat to the functioning of the rule of law posed by the European position far outweigh the advantages of Microsoft getting a few extra sales for Azure.