Court Denies US Government Appeal in Microsoft's Overseas Email Case (pcworld.com) 71
An equally divided federal appeals court refused to reconsider its landmark decision forbidding the U.S. government from forcing Microsoft and other companies to turn over customer emails stored on servers outside the United States. From a report: The U.S. Court of Appeals for the Second Circuit, in a 4-4 decision Tuesday, declined to rehear its July decision that denied the DOJ access to the email of a drug trafficking suspect stored on a Microsoft server in Ireland. Microsoft has been fighting DOJ requests for the email since 2013. The DOJ has argued that tech companies can avoid valid warrants by storing customer data outside the U.S. Judges "readily acknowledge the gravity of this concern," but the 31-year-old U.S. Stored Communications Act (SCA) doesn't allow worldwide search under a U.S. warrant, wrote Judge Susan Carney. "We recognize at the same time that in many ways the SCA has been left behind by technology," Carney wrote in Tuesday's decision. "It is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose."
Read as: (Score:2, Insightful)
DOJ butt hurt about ruling continues to.seek unfettered access to all data regardless of where it is or who owns it.
Re:Read as: (Score:5, Insightful)
If there is anything fishy, they won't go that route, and if there isn't, an extra set of judicial eyes on the facts of the case can't hurt.
Re: (Score:1)
The US can't just decide that their warrants are valid EVERYWHERE,
Well yes they can, in this case they decided otherwise. But even if they did, nobody else really HAS to listen. Despite what most Europeans may think about their "Right to be Forgotten" laws.
What happens when China wants data stored by Boeing in the US, because Boeing has offices in China, and there is a law-suit?
What happens is that Boeing can either give up the data, or they can shut down their China-based operations. And why bother with hypotheticals, when you could easily have come up with all sorts of actual real-world examples?
Re: (Score:3)
"why bother with hypotheticals, when you could easily have come up with all sorts of actual real-world examples?"
FATCA. Banks everywhere. 'nuff said...
The US can and does try to push its law into other countries, where is clearly has no jurisdiction. Sometimes it succeeds. The rest of the world is getting fed up with this. If the US does try to push this, European privacy laws could well be the hill that US influence dies on.
Re: Read as: (Score:2)
Wrong tool for the job. (Score:3)
The DOJ is butt-hurt. But too bad. The US can't just decide that their warrants are valid EVERYWHERE ... If there is anything fishy, they won't go that route
The problem -- which the DOJ and other parties absolutely know -- is that they are using a warrant.
You say they won't go that route if there is anything fishy, but the fact that they are attempting to use a warrant is extremely fishy.
There is an enormous difference between a warrant which they are using, and a subpoena that they would be trying to do if the one person in the case was all they wanted.
With a subpoena the company must produce information. They must produce the information no matter where
Re: (Score:2)
Even if there is a subpoena, that again is irrelevant to obtaining data held in a different jurisdiction as, just like warrants, they have no legal force whatsoever outside the country of issue. If one is issued in Eire, then fine. Until then, tough shit.
Re: (Score:2)
Speaking of the DOJ... (Score:1)
Speaking of the DOJ and government...
AN IMPORTANT MESSAGE FROM MIKE PENCE
WASHINGTON (WHPB)—Vice-President Mike Pence has issued the following message to the American people:
Dear American People,
What with all the hoopla and hullabaloo of Inauguration Week, we didn’t really get a chance to get to know each other. And so, if you don’t mind, I thought that I’d take a minute or two to tell you a thing or two about Mike Pence.
I’m what most people would call a “fun guy.” I
Comment removed (Score:3)
Work at the White House (Score:5, Insightful)
USA is all that matters, the rest of the world can go fuck themselves.
You should apply to work at the White House - I hear they're hiring.
Re: (Score:2, Insightful)
He's probably not rich enough to be accepted.
Re: (Score:2)
You have that backwards. And, coincidentally, with the last presidential elections the US has started to do it to itself with a wire-brush...
Re: (Score:2)
Another solution (Score:5, Insightful)
So, is US congress now going to change the law so a US judge can permit the US DOJ to access foreign servers? May we assume reciprocity, so that other countries can then serve warrants to providers in the USA and legally demand access to data stored on US soil?
I think not..
Another solution is to pass a law saying that all US citizen data has to be kept in servers in the US.
The benefit is that foreign countries don't get to access our citizens' data as easily (Russia, China, Canada).
The *real* solution is that E-mail and other data should be encrypted end-to-end, where the provider and location don't matter. Proton mail and Lavabit come to mind.
I remember when DropBox first came out, it required a driver to install (in WinXP) to synchronize the data to the cloud, and asked whether they had any plans to add encryption. Their response was "Oh, we'll never add encryption! That's the end-user's responsibility, and besides... it's haaaaaard!"
We need turn-key solutions. If good security is a checkbox "make my messages private", more people would use it.
Re: (Score:2)
It's not even a question of jurisdiction or ethics or legal rights, the reality is that sometimes (anywhere between some and all) private effects can't be accessed, not mere "should/n't".
You might as well discuss the legal reach allowed to federal time travelers.
Re: (Score:2)
Another solution is to pass a law saying that all US citizen data has to be kept in servers in the US. The benefit is that foreign countries don't get to access our citizens' data as easily (Russia, China, Canada).
Which would be a massive legitimization of Russia and China's nationalistic social media policies to make people only use services under Putin and the CCP's control. If US data is not safe in the EU, why is EU data safe in the US? And you're flipping the situation on its head, only the US is crazy enough to demand data from an Irish subsidiary. You think Ireland would demand data from a US subsidiary through Irish courts? The US would go ballistic. The US is asking for other countries to accept what it woul
Re: (Score:3)
Another solution is to pass a law saying that all US citizen data has to be kept in servers in the US.
What about e-mail or other service providers that don't have servers in the U.S.? Would it be illegal, under your framework, for U.S. citizens to sign up for e-mail or other data accounts with foreign providers with no U.S. presence? How exactly would enforcement work?
Re: (Score:2)
So, is US congress now going to change the law so a US judge can permit the US DOJ to access foreign servers?
Not really. The way I understand it, the idea is for the US congress to change the law so a US judge can permit the US DOJ to force a US company to surrender data that it stores on foreign servers.
Re: (Score:2)
To be fair, to properly police a multinational corporation you really do need a multinational police force.
I agree that we shouldn't be looking to change the law so that the US DOJ can simply access foreign servers. But we SHOULD be strengthening the ability of inter-national police forces to prosecute cases; to streamline international discovery. While the US can't and shouldn't try to enforce laws extra-nationally -- at the same time a multinational shouldn't be immune to prosecution by virtue of being si
Re: (Score:1)
There are processes in place for that already. And to most of us who daily work with people in other countries, regularly travel abroad etc. that would all seem relatively simple and obvious.
However US law enforcement is stuck in a past where talking with someone from a foreign country, or worse even travel there to get things done is considered an unthinkable burden. So if such a need arises, they try to club it through on the US side, wasting everyone's time, and when it then predictably fails they tend t
Re: (Score:2)
There are processes in place for that already.
They are not especially efficient or streamlined though. Which is why international crimes have to reach a much much higher bar before anyone even tries prosecuting them.
I don't disagree with the rest of your post.
Re: (Score:2)
It has nothing to do with foreign servers though, it is about the DoJ telling US companies to turn over documents that are held by subsidiaries that they control. All of that happens in the US.
Re: (Score:1)
It has everything to do with foreign servers because that is where the data is held. This data is also protected by the laws of the country it is held in from extradition just because a foreign party (in this case the US Govt is the foreign party) wants it.
Re: (Score:2)
No, SCOTUS will overturn this because very-well-established precedent says that US companies, including their controlled subsidiaries, have to obey all US court orders. Americans traveling overseas does not stop them from having to obey US law. Maybe US laws are only applicable inside the US for specific reasons, but in general US law applies to Americans and American companies at all times.
An example, it is illegal for Americans to communicate with foreign governments for the purpose of affecting their res
Re: (Score:2)
An example, it is illegal for Americans to communicate with foreign governments for the purpose of affecting their response to US foreign policy; it is illegal for Americans to bribe foreign governments; it is illegal for Americans to have sex with minors in foreign countries. These laws are not legally controversial or gray areas, they are well-established.
Extra-territorial laws where Americans are required to simultaneously uphold both US and local law are well-established. Extra-territorial laws that compel Americans to break local law would be extremely controversial. If US law says you drive on the right and you go to Britain where people drive on the left then obviously you follow local law. If you can't do that, then you can't drive. If you can't do business in the EU without breaking local law, you can't do business there. The US supreme court can say
Re: (Score:2)
More simply, extradition laws could be extended to include data, catch, no secret extraditions must be public because the affected citizen has the right to defend it, not a warrant but a data extradition request. The local government would than serve the warrant for that data in order to provide the data requested under the legally fulfilled data extradition request.
Damn straight, skippy. (Score:2)
The DOJ has argued that tech companies can avoid valid warrants by storing customer data outside the U.S.
It's not a valid warrant, because the court that issued it doesn't have jurisdiction.
and this court was right to decline to make law (Score:2)
This court was right, I think, to write that although there are problems either way, it's not the job of the court to rewrite the law - that's up to Congress to fix it.
One possibility is that Congress won't allow warrants on foreign *servers*, but will allow some form on subpoenas on US *companies* who possess evidence about people in the US.
One reasonable argument (maybe right, maybe wrong) is that if a US company has some evidence about a US person, related to a US case, they can, after a court hearing, b
The ironic Catch-22... (Score:5, Funny)
(Billionaire US business owner) "Hell yes! Go after those dirty drug dealers! Those bastards shouldn't be able to hide their evils in another country!"
(Billionaire's accountant) "Sir, might I remind you that your tax haven data is stored in Ireland..."
(Billionaire US business owner) "Nevermind! Those meddling DOJ bastards don't need access to anything."
Re: (Score:3)
Which is why the DOJ will be given access, but the IRS will not.
Politics is a game where the top 1% write the rules, you know who's favour they will be in.
This is great (Score:2)
This is how I want tech companies to protect my privacy. With a four-year lawsuit designed to delay handing over my data (and it ultimately won!). Compare and contrast to Lavabit, which decided to shut down in 2013 after printing out its private keys in 2-pt. font.
Re: (Score:1)
Compare and contrast indeed.
Microsoft, a huge multinational corporation, with billions in cash reserves and a legal department that could be a law firm by itself, had to go up against the Department of Justice (DOJ) in the regular American court system. The DOJ sought data that Microsoft (US) did not actually have. It was attempting to compel Microsoft (US) to force Microsoft (Ireland) to send that data to the United States, in contradiction to EU privacy laws governing Microsoft (Ireland).
In other words, t
Re: (Score:2)
Yes, I think they failed to effectively protect their customer's privacy.. LavaBit had the time to hire a lawyer (although I have no idea how much money he had) He was crushed in court cause he was an idiot who didn't take the0 proceedings seriously. And the judge found him in contempt because instead of fighting the subpoena, appealing it, etc, he acted like an ass.
All you're providing is reasons why LavaBit failed - not the actual ch
Microsoft has a backup plan (Score:2)
If worse comes to worse, Microsoft will give its foreign branches enough independence (enough to make it a separate company) to deny any request it wants from the US branch.
Catch-22 (Score:2)
Realistically, doing so would create a catch-22 lose-lose situation for American corporations.
Don't give information to US authorities from foreign servers: they're violation of US law and you get penalised
DO give away information to US authorities from foreign servers: (often) they're in violation of the privacy/access/etc laws in said foreign country, and they get penalised
I'm not American, and certainly not a fan of some of the international shenanigans perpetrated by US corporations, but allowing a law
Re: (Score:2)
...such a law would make it illegal for US companies to operate servers in the EU in a lot of cases, because there are protections for EU data. There are some 'safe harbour' exceptions for certain types of data in certain circumstances, but that won't cover everything, and (I suspect) doesntt cover email.
Moreover, many EU based companies would think very long and hard if they wanted to use a US cloud provider for anything at all, especially if the law allows for the US to grab 'chunks' of data (eg. a server
nail in the coffin (Score:1)
Just another case of multinationals are outside any countries control.
It's a fecking free for all
Re: (Score:2)
Ireland is not a country? News to me...
International Community (Score:2)
With the very recent event of the US pulling out of the TPP, I feel it's unlikely that others in the International Community, will take kindly to foreign powers accessing servers in their territories. Should US lawmakers update the law and change it to allow for US laws to operate in this manner, I imagine that companies like Microsoft, will outsource the administration of those non-US servers, so they have a non-US division operating them, thus leaving them outside of the reach of US laws.
Re: (Score:2)
No legal team likes to see a case that starts with redacted pages in a public court setting.
So the USA will often use charity groups, public private police partnerships to look at big company databases for words, terms, photographs that might surround drug culture. That then gets reported to a company as is then the clean origin of a case.
A legal team can then talk in public about how the case started and the role of a GCHQ, DEA, NSA, CIA can stay historically P
When I hear the word "Balance" I cringe (Score:2)