Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Cloud Privacy United States Your Rights Online

Proposed Law Would Limit US Search Warrants For Data Stored Abroad 131

An anonymous reader writes On Thursday, a bipartisan law was introduced in the Senate that would limit US law enforcement's ability to obtain user data from US companies with servers physically located abroad. Law enforcement would still be able to gain access to those servers with a US warrant, but the warrant would be limited to data belonging to US citizens. This bill, called the LEADS Act (PDF), addresses concerns by the likes of Microsoft and other tech giants that worry about the impact law enforcement over-reach will have on their global businesses. Critics remain skeptical: "we are concerned about how the provision authorizing long-arm warrants for the accounts of US persons would be administered, and whether we could reasonably expect reciprocity from other nations on such an approach."
This discussion has been archived. No new comments can be posted.

Proposed Law Would Limit US Search Warrants For Data Stored Abroad

Comments Filter:
    • by pupsocket ( 2853647 ) on Saturday September 20, 2014 @10:41AM (#47953931)

      This bill is supposed to persuade foreigners that the United States does not gather data on them, because they aren't included in the warrants.

      Well, the NSA and the CIA and other like agencies don't need warrants to gather information abroad, so this law is just a fuzzy stuffed toy to provide false comfort.

      What are the Germans going to think? "Oh, what a relief, I am secure knowing that the United States of America spies only on its own citizens."

      This bill clarifies that an American corporation colluding in surveillance of foreigners does so with the latitude and secrecy of an intelligence agent.

      Meanwhile, it affirms the US Government's power to ensure that the people are not secure from unreasonable searches.

    • by flyingfsck ( 986395 ) on Saturday September 20, 2014 @11:02AM (#47954037)
      Encrypt everything you can, always, everywhere. Even bad encryption will slow the spies down and increase their costs.
  • Say a friend sets up a Google Drive account in Albania, and I add content there.Would that data be subject to seizure? Would a customer, then, be more likely to buy a service from a Non-US service provider, as the privacy laws in the US are so porous? Sounds like a slippery slope to me.
    • by Anonymous Coward

      We are sitting in the Valley now--the current situation is at the bottom of the slippery slope.
      Please try to keep up.

      Currently, USA LEOs can extract all data a corporation has. (period). So if M$ has the emails from a British national and the emails are sitting on a server in the UK, the USA LEOs can subpoena and claim the email to use however the LEOs want. This legislation is a step back up the slope. If this bill become law, only the data of USA Citizens is available to USA LEOs with a subpeona. Your

      • I think it's fair to say the corporations are at least as worried about losing share in foreign markets, as with the preservation of our personal freedoms.

        That said, we are mired in a controversy where corporations and citizens find their collective best interest on the same side.

        For all their reputed malevolence, corporations are made of 'snips and snails' just like Soylent Green.... they merely operate with reduced personal liability.

        • by jbolden ( 176878 )

          I think it's fair to say the corporations are at least as worried about losing share in foreign markets, as with the preservation of our personal freedoms.
          That said, we are mired in a controversy where corporations and citizens find their collective best interest on the same side.

          Once it becomes USA government vs. EU Microsoft et al. doesn't have the same crazy situation that could exist if a USA warrant makes it a felony for Microsoft to not hand over data while EU privacy protections make it a crime to

      • USA LEOs can subpoena all they like. However, if the data belongs to a foreign national (say, British) and is held on a foreign server (say, in Ireland) then Microsoft would be breaking EU law in handing it over as *that* is the law that applies, not US. Thus, as coercion to commit a criminal act is itself illegal in both US and EU, Microsoft refused to comply. This has nothing to do with the constitution.

        If it was the other way around, for example data belonging to a US citizen stored anywhere else on the

        • by jbolden ( 176878 )

          Azure isn't foreign. The system, including the one in Ireland is run by a Washington state corporation. It is a fallacy that MOIL has total control.

          • If it is a fallacy then it is a very successful and convincing one, because an awful lot of EU business is based on it - business with customers who have to ensure their data storage and hosting complies with EU data protection laws. That the data remained in the EU and subject to EU law was a _big_ selling point. MS doesn't realoly have a lot of choice but to stand behind this "fallacy", because if it falls it threatens their entire EU hosting (cloud) business which is what they built the Irish data cent

            • by jbolden ( 176878 )

              Is is odd. Microsoft's literature couldn't be more clear about how Azure is organized and their privacy statements couldn't be more clear that all of Azure is subject to US court order. I can't explain how the EU keeps certifying a system which even Microsoft when forced to speak publicly says is structurally incapable of enforcing EU privacy mandates in and of itself.

              Now I'm starting to think that EU /.ers may not understand EU law as it is currently practiced / enforced. For example they might just hav

        • by sl149q ( 1537343 )

          This boils down to can a US court force an american entity to break a foreign law.

          If for example Microsoft has enough access rights then the US Court can force them to access the data. If they did this there may be a cause of action in Ireland and it would be interesting to see if the US would allow extradition of a US citizen for charges based on this scenario.

          If there is no access but Microsoft controls the foreign entity that does have access, can the court force Microsoft to direct the foreign entity to

          • by jbolden ( 176878 )

            This boils down to can a US court force an american entity to break a foreign law.

            That's not a complex question. The unambiguous law in the USA is yes.

            it would be interesting to see if the US would allow extradition of a US citizen for charges based on this scenario.

            Almost all extradition treaties, and in particular all signed by the USA, prevent extradition when the actions would not be a crime in the country doing the extraditing. Since obeying a warrant is legal, no the extradition request could

      • Please try to keep up.

        Many smug. Much vulnerable. So sophomore. Beware.

        Currently, USA LEOs can extract all data a corporation has. (period).

        The corporations under USA jurisdiction are a subset of all corporations in the world.

        Thus the original question:

        Would a customer, then, be more likely to buy a service from a Non-US service provider, as the privacy laws in the US are so porous?

    • by jbolden ( 176878 )

      Under the current law your friends account in Albania is subject to US warrant regardless of what you do because Google operates in the USA. The new law means there has to be some US citizen or corp using the data for Google to be subject to the warrant. It is a slight tightening.

      Would a customer, then, be more likely to buy a service from a Non-US service provider, as the privacy laws in the US are so porous?

      Yes. If you want to violate USA law you should be using non-US providers to do it.

  • Oh baby (Score:4, Insightful)

    by fustakrakich ( 1673220 ) on Saturday September 20, 2014 @08:50AM (#47953361) Journal

    Don't you just love the smell of electioneering in the morning?

    Just another toothless regulation to be watered down in the run up to November.

  • ...make a new law to make breaking the original laws illegal.
  • Black letter law (Score:5, Informative)

    by jbolden ( 176878 ) on Saturday September 20, 2014 @08:59AM (#47953399) Homepage

    Well certainly anything that moves this from precedent and complexities of corporations winging it to black letter law would be a net gain. The role of search warrants and how to handle international issues should be between the USA government and the EU. Tech companies should just be following the law. I think everyone agrees the stored communication act (1986) needs updating

    Now a few points:

    Europeans keep citing European laws Microsoft's council has not been able to show that there was any Irish law in conflict with the previous warrants: Second, while many media reports have claimed that the decision was contrary to foreign privacy laws protecting the requested emails, it was clear from the transcript that Microsoft never raised such a conflict of law. (“Microsoft . . . has not been able to point to any specific provision of Irish law that in any way forbids it from handing the data over.”) Some commentators claimed that the data must be subject to foreign privacy protections because Ireland is part of the European Union, and thus the data must be subject to the European Data Protection Directive. However, what they failed to appreciate is that the European Data Protection Directive, by itself, is not legally binding. It needs to be ratified as national law by each member state. As a result, there are variations across the member states as to what is allowed and what is prohibited. Accordingly, the impact of an actual conflict of law on future warrants remains undecided.

    Moreover the issue was always that USA people had control of the data: because Microsoft could access and retrieve the requested documents from a terminal within the United States, even though the actual search and retrieval would occur abroad, the data was still under Microsoft’s control in the United States, and thus properly subject to the SCA warrant.

    • What's the upside? Doesn't this just make it easier for multinational corporations and criminal organizations to evade enforcement of US laws?

      • Re:Black letter law (Score:4, Interesting)

        by Charliemopps ( 1157495 ) on Saturday September 20, 2014 @09:52AM (#47953667)

        What's the upside? Doesn't this just make it easier for multinational corporations and criminal organizations to evade enforcement of US laws?

        Law enforcement is enforcing US laws in foreign countries. That's the problem.

        Lets put the show on the other foot for an example: While visiting Russia, the Russian officials accuse you of viewing homosexual porn, which is illegal there. They then issue a search warrant and force microsoft and google to turn over the contents of your cloud drive/phone backups, etc... Does that sound reasonable to you?

        • by jbolden ( 176878 )

          That's not a comparable situation. The comparable situation would be something like the Russian government regulating Radius. And that is appropriate.

        • "Law enforcement is enforcing US laws in foreign countries. "
          If it is then someone should cite an example or two since the Microsoft case at hand involves no such thing.

      • by jbolden ( 176878 )

        Best case scenario would be a treaty with something like an Interpol web-service so a Maryland DA could go to a Maryland court show reasonable cause and have an order enforced in Spain. That takes the executive and the legislative branch working with foreign countries.

        Worst case scenario would be a patchwork of laws with each countries having their own system and data moving freely between them, a race to the bottom. Which is pretty close to what most of the European /.ers and Microsoft wants.

        A non-stable

    • Ireland *has* ratified it, as part of being in EU and implementing directives. The absolute minimum that can be implemented is that it is illegal for data belonging to EU nationals to leave EU without the *owner's* permission. Everything else is window dressing.

      Written into the Act (2003) is the get-out clause (section 8), where data can leave without permission (say for US subpoena purposes). However, this is not a carte blanche instant compliance thing and requires the owner be informed as to the transfer

      • by jbolden ( 176878 )

        They have not as of yet implemented anything. I'm going to assume Microsoft's council is knowledgeable on this and they don't see the problem the European /.ers keep pointing to.

        • by frisket ( 149522 )

          Whether or not they have implemented anything yet, "addresses concerns by the likes of Microsoft and other tech giants" should read "addresses concerns of non-US populations"...about the ability of the US Government to pry into the private affairs of non-US citizens.

          Not that the US Government gives a flying fuck about the views of non-US citizens. If the US Government finally starts to behave decently and respect the views of non-US citizens (even for the most bogus of corporate-funded reasons), it's a star

          • by jbolden ( 176878 )

            should read "addresses concerns of non-US populations"...about the ability of the US Government to pry into the private affairs of non-US citizens.

            Well certainly they have some concerns about that. But mostly if you aren't a US citizen and don't have heavy involvement with the USA what difference does it make if your data gets transferred to a criminal court? They are just going to toss it.

            Not that the US Government gives a flying fuck about the views of non-US citizens. If the US Government finally s

    • Moreover the issue was always that USA people had control of the data: because Microsoft could access and retrieve the requested documents from a terminal within the United States, even though the actual search and retrieval would occur abroad, the data was still under Microsoftâ(TM)s control in the United States, and thus properly subject to the SCA warrant.

      Microsoft USA has access to the data.
      Microsoft Ireland has control of the data.

      If there's no distinction between access and control, then why bother with multinational subsidiaries?

      • by jbolden ( 176878 )

        Actually more accurate is:

        Microsoft USA has control and access over the data.
        Microsoft Ireland performs local contract services and acts as regional channel including contract wrapping for Microsoft USA.

    • by sl149q ( 1537343 )

      Yes, but the US citizen accessing the data from the Irish servers might at that point be breaking Irish law.

      The real issue is that if somebody in the US wants data from a foreign server then they should server warrants in that jurisdiction.

      • by jbolden ( 176878 )

        The real issue is that if somebody in the US wants data from a foreign server then they should server warrants in that jurisdiction.

        Why? Why should the location of the physical server be of any importance rather than the user? That seems nuts to me in a world of interconnected data. Obviously if they intend to physically grab the server then they need warrants in that jurisdiction, but to copy the data over? Let's say someone used a data lake which moved specific pieces of data constantly between loca

  • what's the point? (Score:5, Insightful)

    by silfen ( 3720385 ) on Saturday September 20, 2014 @09:06AM (#47953435)

    Instead of weird exceptions like this, which are likely to cause only further problems, the US should reduce the intrusiveness of law enforcement in general. Stop the war on drugs, simplify the tax code, consistently require court warrants for searches, etc., and we could reduce online searches by 90%

    • by Charliemopps ( 1157495 ) on Saturday September 20, 2014 @09:59AM (#47953687)

      Instead of weird exceptions like this, which are likely to cause only further problems, the US should reduce the intrusiveness of law enforcement in general. Stop the war on drugs, simplify the tax code, consistently require court warrants for searches, etc., and we could reduce online searches by 90%

      The complexity serves a purpose. The tax code is the easiest example. Do you have any idea how much you pay in taxes? Any clue at all? Income tax, property tax, sales tax, Gas tax, vice tax, drivers license fees, etc... etc...

      After all that you likely have no idea what you pay in taxes. Which is exactly the point.

      The same goes for laws and regulation. It's often joked that everything's illegal in the United states, but that's not just a joke. If law enforcement wants to get you, they get you. You are always breaking the law in one way or another. Everyone thought it was clever when they nailed Al Capone for the tax evasion nonsense. But now that the same tactics are used on pretty much everyone, the true injustice of it all has become rather apparent.

      We have a problem with law enforcement in this country. It's turned into us against them. And "Them" now have Tanks and machine guns.

      • Including only real taxes, I calculate that as part of the question to itemize or not. And the final state tax form includes all of that wrapped up in a nice bow.

        Now, do you think that people got together one day and decided that, over 200 years, they should intentionally add more laws and more taxes until it confused Charlie mopps? And if so, when did that happen, and who were the likely people?

        Or is it more likely that a body charged with writing laws will spend little time unwriting them?

        The "breaking th

      • by silfen ( 3720385 )

        The complexity serves a purpose. The tax code is the easiest example. Do you have any idea how much you pay in taxes? Any clue at all? Income tax, property tax, sales tax, Gas tax, vice tax, drivers license fees, etc... etc... After all that you likely have no idea what you pay in taxes. Which is exactly the point.

        I have a fairly good idea how much I pay in taxes. And you can easily find out what the tax burden is in various cities, states, and countries. Except for the federal tax burdens, much of the rest

    • by jbolden ( 176878 )

      Stop the war on drugs,

      We are experimenting in a limited way with marijuana legalization. We'll see how it goes.

      simplify the tax code

      Harder said then done. The USA doesn't like lots of government direct investment in the economy so all sorts of adjustments have to occur via. taxes. When designing a tax code pick any 2: simple, meet societal objectives (fair), avoids widespread crony capitalism (honest).

      • by silfen ( 3720385 )

        Harder said then done. The USA doesn't like lots of government direct investment in the economy so all sorts of adjustments have to occur via. taxes.

        That's the most insane argument for high taxes I have heard yet: "we have high taxes because the government doesn't meddle enough in the economy".

        You are a certifiable idiot.

        • by jbolden ( 176878 )

          At some point when you realize that libertarians don't know everything an begin to look at how societies regulate their production holistically it will make more sense.

    • Instead of weird exceptions like this, which are likely to cause only further problems, the US should reduce the intrusiveness of law enforcement in general.

      Well, no shit!? But the thing is that they're not going to because of the mindset that so enjoys the freedoms of being separated from a working class of people that are miserable anyway. If you have the power to make mindless people do what you want them to do by enacting laws that serve only you and your rich buddies, why would you suddenly stop that? Rather than saying: "The government should...", we should all start saying: "The People should..." All of the power that the government has, they only hav

      • by silfen ( 3720385 )

        But the thing is that they're not going to because of the mindset that so enjoys the freedoms of being separated from a working class of people that are miserable anyway.

        Funny that that "working class of people" keeps voting for the people who impose that kind of government on them.

        A lack of obeying these laws, in a peaceful manner, is what needs to start happening.

        No, what needs to start happening is to take away power from the federal government and bring it back to the state and local level.

    • Weird exceptions such as explicitly leaving foreigners living abroad free of US warrants? The idea that a US court could order Microsoft US to have Microsoft Ireland pass on data hosted in Spain about a German guy who's never been to the US seems the weird thing to me.

      The US does consistently require warrants for searches, except in specific limited situations. It's arguable that US courts issue too many warrants, and the NSA's definition of a "search" differs from mine, but warrantless searches aren't

      • by silfen ( 3720385 )

        Weird exceptions such as explicitly leaving foreigners living abroad free of US warrants? The idea that a US court could order Microsoft US to have Microsoft Ireland pass on data hosted in Spain about a German guy who's never been to the US seems the weird thing to me.

        If the German guy chooses to do business with a company subject to US jurisdiction, then he risks falling under US jurisdiction. That works both ways.

        How would simplifying the tax code reduce online searches? No matter what the tax code, it wi

        • My first point was that the US idea of jurisprudence extends farther than that of most other countries.

          My second is that cutting down on what we define as crimes doesn't mean we stop having crimes, and so there will always be the same justification for surveillance. Legalizing things you and I seem to agree should be legal doesn't affect that justification. The question of how much surveillance we should have is independent of what is actually illegal for most citizens to do.

          • by silfen ( 3720385 )

            My first point was that the US idea of jurisprudence extends farther than that of most other countries.

            The idea extends no further than other countries; European and Asian nations have the same aspirations in extending their legislative reach as the US. What extends further is US power. That's not something nefarious, but a simple consequence of the fact that the US is economically successful and people want to do business here. That is, if the US says "we can't do anything to you now, but if you don't comp

            • I think we're mostly in agreement. My second point was not that decriminalizing something doesn't stop people from doing that, but that we will always have criminal behavior, and hence grounds for surveillance. For example, NSA-level surveillance might be very useful in countering embezzlement. Some things like stop-and-frisk, and other intimidation of minorities, might well cut down on street crime. As I see it, the question is not what is illegal, or whether more or fewer things are illegal, but how

  • Instead of trying to block certain aspects of searches we should just bite the bullet and get a Privacy amendment to the Constitution. Certainly where laws may have been broken there's an interest in seeing justice done but US laws should only apply to the US and citizens who reside there. For example, the IRS would no longer be allowed to shake down the Swiss or US citizens lawfully living in other nations. This would also mean that information we trust to third parties would be considered private and

    • by jbolden ( 176878 )

      We already have those protections in the Constitution: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

      This is about situations where a warrant was issued based on probable cause.

      • Well we have that but if I give something to my attorney it's only through attorney client privilege that he can keep that confidential. The same doesn't hold true for other third parties. If I have my data stored on a cloud provider, that should be considered confidential and not subject to espionage by my own government. In the case of prosecuting a case I could argue that the data could be produced but then I shouldn't be compelled to provide the decryption keys for example that is if I'm the accused.

        • by jbolden ( 176878 )

          Remember this case isn't about intelligence nor anything having to do with FISA. This is normal USA data collection during a criminal investigation under normal process.

          When it comes to intelligence matters the goal isn't to prosecute crime but fight an enemy. Thus the courts have less ability to regulate because nothing ever hits the courts. So for example you don't have attorney-client privilege with respect to national security at all. What you do have though is an assurance that any information you

          • Naw, I wouldn't put my chances up to an arbitrary decision by a judge. The constitution needs to be extended to take into consideration the modern world. Metadata is one thing but actual contents need to be protected information for private parties wherever they are stored and who is the trustee.

            • by jbolden ( 176878 )

              If you don't want warrants then you are arguing for a vast increase in privacy beyond what ever existed for paper documents. That's not "taking into consideration the modern world" that's fundamentally eliminating the ability of the police to enforce the collection of evidence from private persons. The signers of the constitution would have understood your position, they just would have disagreed.

  • Cameras stopped rolling? Yes?
    Laws are for citizens, we politicians are exempt.

  • What happens If foreign countries outlaw, or even makes it a criminal offense to hand over data held in servers physically located in the country without a valid order from their own courts?
    • by jbolden ( 176878 )

      Illegal for whom? If the server is connect to other servers abroad and the people abroad are the ones handing it over then no law in that country has been broken by the global cloud provider. The law might have been said to be broken when it was uploaded to the global cloud provider since that was when it was "handed over". So essentially that law would mandate regional or national clouds for whatever data you wanted to protect. Which isn't a bad thing. Except that everyone wants global information ser

  • So any firm could hire one foreigner and put all materials in their files so that the entire workings of every company could be hidden. Be afraid! Be very afraid! The notion that any congressman could vote for such a trash bill makes me sick. They might as well stand before congress and call for a vote to be deliberately corrupt. We really need to lynch people these days and most of them are in important positions. This nonsense is treason and could bring down America.
  • to just say "F*k You!" to the U.S. Government?

  • The reciprocity comment is an interesting one. Since most countries respect sovereignty of other nations they have no need to pass a law to tell people that the law is only applicable in their own country. That just is.

    So why make the comment? Is it a case of being able to say later: "We had good intentions but no other nation was willing to reciprocate so we dropped the law."?

    As a side note, I wonder about the legalities of passing a law that affects an ongoing case. How does this work in the USA? Is the G

    • by jbolden ( 176878 )

      As a side note, I wonder about the legalities of passing a law that affects an ongoing case. How does this work in the USA?

      Article 1 section 9 prevents ex post facto laws. But remember Microsoft isn't on trial here they are a witness not the accused. Generally though if the congress limited the scope of a court ex post facto the courts would voluntarily agree and dismiss a previous order.

      If so why not do away with the judicial branch altogether? Why not just go straight to the politicians to have your p

      • My comment wasn't meant sarcastically but rather meant with the view of an ongoing trial. Say I do something which isn't a crime, yet an overzealous person drags me to court for it. Same overzealous person lobbies the government to change the law while I'm in court in their favour.

        That's what I was genuinely curious about. And the comment on court judges being voted in was just a dig a the system, given they should be completely without bias.

        But all of that is irrelevant since you pointed out ex post facto

        • by jbolden ( 176878 )

          Say I do something which isn't a crime, yet an overzealous person drags me to court for it.

          Let me clarify an assumption.
          A crime is a violation of criminal law punishable by fine paid to the state or imprisonment.
          A tort is an act for which a court may require you to pay compensation to another party. These are governed by civil law.

          An overzealous person can't drag you to court for a crime at all. Only a prosecutor, which is an elected office can force you to face trial for a criminal act. If there was

  • What I don't understand is how this situation is new. If a US Company has physical records, paper, CDs, whatever, and they are storing them across the border in Canada can they still be the subject of US warrant? If not, how is this different, if so, what's new?
  • Oh ... right. Precedent.

    In a sane system, data abroad would just be outside their jurisdiction. The court couldn't simply get a warrant for it, just like it couldn't order someone fetch a physical item from another country.

  • and whether we could reasonably expect reciprocity from other nations on such an approach.

    You cna expect reciprocity from nations that don't have nuclear weapons. That would be Russia (hmmm, being very reciprocal at the moment, with their traditional single-finger wave), China (same wave, I see ; odd that), UK, France (waving a greasy dildo and a stale crusty baguette respectively, both begging you to come back again soon, but for different reasons). Oh, and don't forget Israel, India, Pakstan, DPRK, and im

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...