Supreme Court Wrestles With Microsoft Data Privacy Fight (reuters.com) 163
Supreme Court justices on Tuesday wrestled with Microsoft's dispute with the U.S. Justice Department over whether prosecutors can force technology companies to hand over data stored overseas, with some signaling support for the government and others urging Congress to pass a law to resolve the issue. From a report: Chief Justice John Roberts and Justice Samuel Alito, both conservatives, hinted during an hour-long argument in the case at support for the Justice Department's stance that because Microsoft is based in the United States it was obligated to turn over data sought by prosecutors in a U.S. warrant. As the nine justices grappled with the technological complexities of email data storage, liberals Ruth Bader Ginsburg and Sonia Sotomayor questioned whether the court needed to act in the data privacy case in light of Congress now considering bipartisan legislation that would resolve the legal issue. A ruling is due by the end of June.
Assume "yes" (Score:2)
Will kill US companies operating globally ... (Score:5, Insightful)
If the US basically tries to assert that their laws trump the national laws in which these US companies operate, then those US companies will pretty much lose business.
The only logical conclusion would be that MS is now effectively an agent of the US government, and the use of their cloud stuff would be illegal in other countries or for certain kinds of data.
AND, this would be reciprocal, as MS would have no choice but to hand over data on US citizens to those local governments.
Don't give me the bullshit answer that it's OK for the US but not for anybody else, because we don't give a fuck.
So good luck when Iran wants to subpoena US records from MS. This is basically setting up a scenario in which the US wants their laws to be extraterritorial, in which case everyone else gets to do it.
Sorry, America, but you can't have it both ways.
Re:Will kill US companies operating globally ... (Score:5, Insightful)
Sorry, America, but you can't have it both ways.
Unfortunately for the entire world, America has always been able to do so in the past, so they see no reason not to continue doing so.
American law applies worldwide, all other laws stop at the US border. The only real question is, how far will the rest of the world let that go before they start to push back? so far most of the rest of the world tends to just roll over and let the US have their way. I don't anticipate that to continue forever though.
Re:Will kill US companies operating globally ... (Score:5, Funny)
What would be interesting is if the court orders MS-US to comply and the Irish government sends in police and seizes control of MS-IRL's severs, data-storage, and facilities.
Or, less dramatically, the Irish government simply says they will arrest and prosecute anyone at MS-IRL who attempts to comply with the illegal US order and seek to extradite MS-US persons who issue such an illegal order and the judge(s) that created the illegal order to likewise prosecute them as well.
This could get quite popcorn-worthy.
Strat
Re: (Score:2)
Except we all know that won't happen.
The most likely outcome is that MS-US simply takes the data, which is likely accessible to them remotely anyway, and nobody from either country gets in any trouble. Some people in Ireland make a big stink about it, but no policies ever get changed, and it's forgotten about before the next sitting of the EU parliament.
Conversely of course, if the roles were reversed, the data would never leave the US, and anyone in Ireland who tried would be extradited to the USA to face
Re: (Score:2)
which is likely accessible to them remotely anyway
Only if the employees in Ireland are horrifically negligent.
They've had years to assure that data can't be accessed from the US, and every reason to do so.
Re: (Score:2)
Cloud storage isn't so useful when it's not accessible remotely....
If they didn't want anyone to access the data, they'd have been better off simply deleting it. (And before we talk about obstruction of justice for doing so, remember that the argument is that they aren't subject to US law anyway, so there's no difference here between refusing to deliver it, and deleting it entirely)
Re: (Score:2)
You're quite the idealist.
This is nothing new, it has happened many times before, and it's always forgotten about quickly. This will be no different.
I'd like to think something will change, but there's just no rational reason to believe it will. There's nothing different about this time to all the previous times this has happened.
Re: (Score:2)
Sure, you go ahead and believe that.
This exact law didn't exist before, and this exact challenge didn't happen before, but the exact same mental gymnastics as to who has authority over what and why have.
The only way that this could possibly go down without one side or the other caving is an all out war. And that's not going to happen over this issue. I highly doubt the US is going to cave, so that leaves the EU which has caved to US pressure too many times to count.
Re: (Score:2)
Funny. You think laws actually apply to governments and large corporations.
There would be an exception 100% guaranteed.
"too big to fail" comes to mind.
Re: (Score:2)
Re: (Score:2)
Ok, get back to me when this is all done and played out.
Your world view is far more optimistic than anything that has EVER happened in the history of mankind.
Re: (Score:2)
And yet in those "70 years of peace" over 12 million people have been killed in war by American soldiers in 19 different wars. That's just the ones killed by Americans.
I'm sure many of the people on the receiving end of this "peace" feel that form of "leadership" isn't helping them much.
Re: (Score:2)
America already has it both ways. Virtually alone in the world, the USA demands its citizens submit tax returns even when they are resident and employed overseas. It further demands (using what can only be described as blackmail) records on bank accounts held by American individuals overseas, including people resident there (FATCA).
So if an American moves to - say - an African country, and works there, earning a small amount of money which is not taxed, Uncle Sam still wants to know about it.
Virtually no ot
Re: (Score:2)
The normal way of taxation is by place of residence, afaik.
Re:Will kill US companies operating globally ... (Score:5, Insightful)
A Microsoft employee, a U.S. citizen, sitting at a computer located in the U.S., can easily access the server containing the data in question. Therefore, the actual physical location of the server is irrelevant.
No, that does not follow. A Microsoft employee, a U.S. citizen, sitting at a computer located in the U.S., can easily access a server in Germany and upload holocaust denial material. The physical location of the server is very relevant.
Re: (Score:2)
Let's continue your logic. A german then should be completely immune to german law if he's remoted into a computer in the US? So he can email holocast denials all over Germany, because he's remoted into a computer in the US?
You must be American, because of your display of binary thinking. It's not either/or, it's both. German law applies in Germany, and US laws in the US. The German in Germany is subject to German law for everything he does. He can also (I know, difficult concept) be subject to US law if he breaks US law on a US server.
Re: Will kill US companies operating globally ... (Score:2)
You must be American, because of your display of binary thinking
Just curious... what kind of "thinking" do you call that?
Re: (Score:2)
Re: (Score:2)
If you affect a computer in the EU in a way that is illegal in the EU, then you commit a crime in the EU. End of story.
Re: (Score:3)
Re: (Score:3)
Don't forget the data is not owned by Microsoft, according to EU law it is very much stored in the EU, owned by the people that have the accounts and it will be treated as such.
The USofA has it's second amendment where everyone can be a 1-man militia, in Europe we have privacy and consumer laws protecting our population against unruly companies.
Re: (Score:2)
Who wants to invite any big US brand into their nation if the US brand is just going to use US law to bypass any and all local privacy laws?
Using a US brand in another nation is not like becoming a part of the US legal system.
Re: (Score:2)
You are assuming that is the case. It may well be, and would be technically easy to implement a system by which data held in the EU was encrypted using keys that are not available to Microsoft employees located in the USA. In fact with upcoming GDPR legislation that this is likely exactly what Microsoft have done otherwise it would be difficult for Microsoft to comply with the GDPR and that would make Azure/Office 365 illegal to use in the E.U. which is an extremely large market to just walk away from; whic
Absurd (Score:2)
Consider the physical space, if a bank has headquarters in the USA would that mean the US government is entitled to access a safety deposit box in a foreign country?
If they are granted access then this is effectively the end of the use of US based tech companies for cloud services by a wide variety of industries (e.g. government, medical, legal). One also wonders whether the access would even be illegal in the foreign jurisdiction.
Re: (Score:2)
Re: (Score:2)
That still won't resolve the risk of jail in Ireland for disregarding Irish law.
Re: (Score:2)
The same thing that happens when any subordinate company employee refuses to comply with a court order -- the court tells the company to effect the order.
In this case, the court would order MS US to give effect to the order, and MS US would either have to order/discipline/fire people at MS Ireland until they complied, or else be in noncompliance with the court's order.
The courts certainly aren't going to dick around figuring out which subordinate where needs to do what. Compliance is the company's problem.
Re: (Score:2)
In this case, the court would order MS US to give effect to the order, and MS US would either have to order/discipline/fire people at MS Ireland until they complied
But since MS US does not have any legal authority over MS Ireland; it's a moot point; Microsoft US has no capability to "order", "discipline", or "fire people" in the other business unit.
Re: (Score:2)
If, as you claim, they are independent companies and no one at MS US exercises supervisory or contractual authority over MS Ireland, then MS US can truthfully go to the court and say they have no means to comply with the order.
If, on the other hand, MS US, either through direct control or via contractual obligations, directs the actions of MS Ireland, then MS US would be required to comply with the order as they have the means to do so.
Re: (Score:2)
If MS US had no legal authority over MS Ireland, then this entire court case would have been over and dusted a decade ago - a company with no ownership rights, authority or interest in another company cannot be forced to make that other company do anything.
In this case, MS US owns MS Ireland. Legal authority exists as part of those ownership rights.
Re: (Score:2)
In this case, MS US owns MS Ireland. Legal authority exists as part of those ownership rights.
Perhaps MS US owns MS Ireland, BUT Legal authority does not extend into breaking the law.
If it would be a violation of the laws in Ireland for MS Ireland to transfer the data outside of Ireland, then
not even the owner of MS Ireland has the legal authority to do so, even if they might have means of physically coercing MS Ireland to break the law; doing so would by definition be an unlawful attempt to exerc
Re: (Score:2)
Re: (Score:2)
Re: Absurd (Score:2)
And if that breaks Irish law?
Re: (Score:2)
Then someone in Ireland has to file suit and they can come up with damages. Given the deed will already have been done, the only thing that can be done is restorative at that point.
Re: (Score:2)
Re: (Score:2)
In the example you gave, usually extra-territorial is off-limits, except for crimes on the high seas, which can be prosecuted by the owning state, the state of arrival or the states of the individuals concerned.
The LIBOR scandal was partly uncovered by somewhat forceful access to Swiss bank accounts by the British, albeit with begrudging Swiss approval. Eventually. The Panama Papers and Paradise Papers revealed further abuses that really should have been uncovered a lot sooner and which can't be effectively
Re: (Score:2)
the reverse ruling makes all corporations de-facto embassies
No, it does not. Embassies are not companies and companies are not embassies. A US ruling (or its reverse) does not change this.
Even if MS Ireland are subject to US law (which is debatable, even if the US Supreme Court rules in favour of the government) they very definitely remain subject to Irish law. That may leave them forced to break a law, but sure as fuck doesn't give them immunity if they break the law in Ireland.
Re: (Score:2)
The US already requires foreign banks with bank accounts owned by US citizens to pass data to the IRS on that bank accounts usage. This has been the case for many years.
So its not absurd, and plenty of precedent already exists.
Re: (Score:2)
Re: (Score:2)
They do that by saying if you as a bank wish to interact with the US banking system you must pass data to the IRS on US citizen's. So if as a bank I have no wish to interact with the US banking system then I can tell the US government to go pound sand and there is nothing the US government can do about it.
Of course this is quite limiting for a large bank so they generally comply. However I would imagine that some of the smaller building societies in the UK for example don't do international banking with the
Re: (Score:2)
Yes it can. Simply make a bilateral treaty with the other country, and the requirement to pass US person financial information to the IRS can be passed into law in the other country.
The other country a
Re: (Score:2)
The USofA can start legal proceedings in Ireland to get what they want.
But contrary what you state the demand of the USofA would very likely have no standing.
Re: (Score:2)
What you are talking about requires **PHYSICAL ACCESS**. In this case, no physical access is required.
Wrong.
This is not about physical access, this is about ownership and privacy law.
Wrong sides? (Score:4, Interesting)
Re: (Score:2)
The judiciary is not supposed to be in favor of anything, they're supposed to interpret the law as they are written. In that context, "conservative" judges typically seek to abide by the letter of the law and "liberal" judges seek to reinterpret and make up new laws.
Unintended Consequences (Score:2)
If the Supreme Court rules that data follows the laws of the nation that it is in, then the EU's data protection laws and right to forget automatically apply to all data in the EU even if held by a US company. I doubt the court will consider that, but that is simply a matter of fact.
If the Supreme Court rules that data follows the laws of the nation of the holding company, then European-based companies in the US automatically follow those aforementioned EU laws. The fact that they're in the US would be inci
Re:Unintended Consequences (Score:5, Interesting)
It's one of those situations where you only see the advantages if you consider only yourself (your country). But the disadvantages become obvious when you consider the world as a whole. e.g. "What if you could have sex with anyone who wanted?" Most people think that would be fantastic. "What if anyone could have sex with you?" Suddenly it doesn't seem like such a great idea.
The only decision which makes sense if you want to preserve the integrity of national borders is that U.S. law stops at the U.S. border, German law stops at the German border, French law stops at France's border. If the U.S. wants to get its hands on information Microsoft is storing in Ireland, they should file a request with Irish authorities (similar to an extradition request). Then Ireland can decide whether or not it should honor that request, and legally force Microsoft to turn the info over.
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
Other nations will sit up and take note of what US brands and the US gov will do.
That allowing any US brand in opens their legal system up to many different US laws.
The US can go back to its past and enforce a trade deal and laws onto the EU?
United States expedition to Korea https://en.wikipedia.org/wiki/... [wikipedia.org]
Go full Perry Expedition into Ireland https://en.wikipedia.org/wiki/... [wikipedia.org] ?
Re: (Score:2)
What you are saying is that it would be a bad idea for U.S. laws to apply to
Re: (Score:2)
First, it's Data.
Then, it's monies/commodities.
All in all, the owners' rights should also supersede the rights of those holding the items for another, in spite of where those items are being held.
After all, burying monies to avoid taxation is tax evasion, and inherently illegal. Hiding incriminating data, or simply holding data that is of illegal content or for illegal use should follow in its legal state, regardless of location.
I don't see this ultimately going anywhere, as this would open the floodgates o
Another way to look at this (Score:2)
The conversation keeps revolving around where the company is located and where the server is located. No decision based on those criteria will ever be consistent. Perhaps it makes more sense to assign jurisdiction not based on where the data is held, or where the company headquarters resides, but based on where the individual resides. In that interpretation, the US government could get a warrant to obtain files on American citizens, but not on Irish citizens. This resolves some of the scenarios where so
But other than that (Score:2)
That's fine but it has to spark and evolve there, not adapt from richer climes.
Also 1/100th the atmosphere may be livable but is another monkey wrench the cold desert doesn't come close to duplicating.
Also this claim has been made for extremophiles before, notably antarctic lichen.
Re:American Companies Abide by American Laws (Score:4, Interesting)
Could it not be argued that it is Microsoft Europe, Microsoft Europe is a European company, and it must adhere to European laws?
Assuming there is indeed a European entity.
Re: (Score:2)
Except, any Microsoft entity would likely be a wholly owned subsidiary. Unless they set up an independent company and license everything, but even then I'd be the courts wouldn't let them get away with that either since it's obviously just set up to get around the law.
Perhaps if they had a truly independent company they purchased services from and then had to way to actually get the data. Otherwise, if they have access to it and they are a steward of the data, they'll likely have to provide it. IANAL.
Apple'
Re: (Score:3)
If the system would require action from someone in target country to access the data, they could truthfully say they can't get the data. That person would have full authority to refuse obeying any command that is against the local law and in case of firing would win big in court.
Re: (Score:2)
I'd bet the courts would see though that and start assessing large fines.
Re: (Score:2)
American courts have a fat Zero jurisdiction abroad and EU courts have no issue to act on.
Companies like MS have in anticipation of this problem already build EU based servers to store EU data and put them under EU (often Irish) jurisdiction.
Re: (Score:2)
A US court can still require a US entity to do something - regardless of the fact that it requires a subsidiary in another country to act.
Re: (Score:2)
Because this is not a new issue MS will have put means in place to prevent any illegal access to their customers content in the EU.
Re: (Score:2)
The laws in the third party country don't matter to the courts in the first party country - people here seem to be under the misconception that its otherwise...
The *only* thing MS can do to break the chain of authority between MS US and MS Ireland is to spin off MS Ireland into its own entirely separate company, with MS US holding no more than a minority share, having no say in how it runs its business etc. Anything less than waving goodbye to MS Ireland isnt good enough.
MS US haven't done that. They stil
Re: (Score:2)
That's not true.
Microsoft Ireland can tell Microsoft US that they will not grant illegal access to data.
What are MS US going to do about that? Sack everyone in Ireland? They'd lose every single tribunal case.
The fact that a US court order directed toward a US entity violates a foreign countries laws does not absolve the US entity from being obligated to fulfil that court order, or suffer consequences.
Court orders MS to hand over data. MS says, "We don't have access to data, people in Ireland do. We've told them to hand it over" What consequences would you like?
Of course, we haven't even discussed whether the MS official demanding that MS Ireland break the law should be arrested on their next visit t
Re:American Companies Abide by American Laws (Score:4, Insightful)
Imagine company A being created in North Korea. Imagine company B being a company owned and controlled by A incorporated in the US.
If company A is ordered to do something that is legal in NK should then company B comply even though it is illegal in the US?
Of course not, that is ridiculous.
Re: (Score:2)
Of course it is ridiculous as is international law. Why would NK care if it's legal in the US?
Re: (Score:3)
It depends on which country they fear the most. The company or rather it's owners have decided to enter into business in two different countries with different laws. It is up to the company to figure out which direction to go when their is a conflict between those laws, but that doesn't mean they are absolved of the consequences which either or both countries might then implement.
Re:American Companies Abide by American Laws (Score:5, Informative)
Rest assured MS has consulted these specialists years ago.
Re: (Score:2)
It is very common knowledge when such a company would go bankrupt the parent company never has to pay up.
When this segregation is legally possible, and it is, then it would be the same for access to these mails.
And that's aside from the European point of view the mails are owned by their respective account holders, not the company that stores them.
Re: (Score:2)
Isn't that exactly how most companies run things for tax reasons ?
Re: (Score:2)
there is, and that is indeed the argument. The counterargument is that MS USA completely controls MS EU and therefore should be able and required to force MS EU to pony up despite European laws.
Re:American Companies Abide by American Laws (Score:4, Insightful)
Until MS moves its headquarters to some tax haven that has strong laws about international interference in data. There are probably plenty of tax havens that would craft such a law in order to induce MS to move their HQ to that jurisdiction.
Whatever the outcome, the Justice Department are going to make doing business more difficult in the USA. This was and always will be an own goal by the Justice Department.
Re: (Score:2)
Very true. I personally do not agree with the counterargument; I was just trying to explain it.
Re: (Score:3)
there is, and that is indeed the argument. The counterargument is that MS USA completely controls MS EU and therefore should be able and required to force MS EU to pony up despite European laws.
So you're saying the USA can compel someone to break laws in another country? How about if that access required the action of someone in the EU - so they'd need to compel a non-US (EU) citizen to break their own local laws?
I see many twisted outcomes from this - mainly companies are going to just get more creative restricting access to data and compartmentalizing it. Also, this stupidity is going to force more and more companies to 'officially' be based somewhere besides the US. Not like they pay their t
Re: (Score:2)
As I said elsewhere, I don't agree with the counterargument, I was just trying to explain it.
Re: (Score:2)
I wouldn't be surprised if a US court could order a US person in the US to commit something that would be a crime in another country. There are some pretty strange laws all over the globe. Therefore, Microsoft USA has no option but to try to collect the data. Similarly, Microsoft Ireland has no legal option but to not cooperate. If it were a matter of someone in Microsoft USA trying to get someone in Microsoft Ireland to break the law, it would be simple: Microsoft Ireland obeys the local laws.
Howev
Re: (Score:2)
should be able and required to force MS EU
How?
I've worked for multinational companies, and I've never been afraid to tell my US based manager that I can't comply with his request because it would break UK law.
Just how would MS force someone to break the law?
Re: (Score:2)
As I said, I don't agree with the counterargument, I was just trying to explain it.
Re: (Score:3)
It puts Microsoft in a difficult position, because if the US passes a law forcing it to send the data back to the US, it might still be in breach of Irish law, or EU law, and open to prosecution there.
This looks like the US government trying to force it's law on the rest of the world, especially as there is a perfectly good mechanism for asking the Irish for the data, as detailed here. [theregister.co.uk]
Re: (Score:2)
Microsoft Europe is owned by Microsoft US.
People seem to be under the misconception that a company, entity or person can only ever be subject to a single judicial jurisdiction at any single point in time. Thats wrong - they can be subject to multiple judicial jurisdictions, and those jurisdictions dont have to be compatible.
US Companies in Europe Also Abide by EU laws (Score:5, Insightful)
Microsoft owns that data, thus it is Microsoft property, and since Microsoft is an american citizen, it must adhere to American laws.
Yes, but any American citizen in Europe must obey European laws. If you happen to be a holocaust denier and get arrested in Germany explaining about the US constitution's protections on free speech will get you nowhere.US companies have the choice not to go to Europe but, if they do, they must follow the law there. European law says that Microsoft cannot hand the data over to foreign (US) authorities. There is no law that the US Congress can pass that can relieve them of this responsibility and, if the US forces MS to hand over the data, it will make it close to impossible for US companies to do business in Europe since they will be unable to follow the law and so be liable for financial and possibly criminal penalties.
Re:US Companies in Europe Also Abide by EU laws (Score:4, Interesting)
The law does not say that, actually, nor is the argument MS is making; MS is not saying that handing over the data would be illegal for them to do on the EU side, but that as the search warrant being used is a domestic one, said warrant does not apply to data outside the US. The law in Europe says that Microsoft or any other corporation cannot process data concerning EU citizens outside the Union without following European law. This means 2 things:
1) If the data in question is not of European citizens but American citizens, in so far as I understand, there's nothing that prevents Microsoft from handing over the data. Although even if this is the case this doesn't mean they have to do so. But my current understanding is that nothing in the Data Protection Directive (which is about to be replaced by General Data Protection Regulation coming into effect in May this year) prevents handing over the data of non-EU citizens.
2) The data is not inaccessible to US authorities if you follow the correct procedure. Contact the authorities in the country that the data is located in and present the evidence for your case and if it is solid said authorities can force MS to hand over the data and then hand it over to the US.
The laws are meant to protect people's privacy, which is a good thing. However, this does not mean evidence for a case will always be inaccessible, or that any transfer of data from EU to the US is in all cases forbidden. it just means you need to co-operate with the local authorities to get it.
Even if the US supreme courts eventually rules against MS, that doesn't negate either of the 2 points above. Meaning, even if the supreme court decides that domestic US search warrants apply to data abroad, the US authorities still cannot compel corporations to hand over data of EU citizens without co-operation from local authorities.
Re: (Score:2)
Good summary. The links to the full arguments are up along with links to the other details. Scotsblog post generally [scotusblog.com], and today's transcript specifically. [supremecourt.gov]
The list of amici curiae is impressive. The European Commission, the government of the United Kingdom, the government of Ireland, the Council of Bars and Law Societies of Europe, the German Chamber of Industry and Commerce, the French Department of Business, and even the United Nations legal arm for data privacy. All of them said that if the US enforc
Re: (Score:2)
Except that, as I understand it, Microsoft USA has full access to the data. Therefore, the court is ordering employees of Microsoft USA to do something on US soil. that would be illegal if Microsoft Ireland tried it in Ireland. The court is requiring absolutely nothing from anyone outside US borders, and it does have jurisdiction in the US.
There's a good argument to be made that the actual geographic location of the servers is irrelevant to the US court, and it seems clear to me that a court could orde
Re: (Score:2, Interesting)
My position is the law has crashed. It is utterly unlawful to create a situation where it is no longer possible for somebody to comply with all the laws that are over them. On issuing that warrant, the situation was made manifest.
Re: (Score:2)
Why is it unlawful? Doesn't that claim mean a sovereign country is restricted from passing its own laws, on the basis that those laws are incompatible with another sovereign countries, even when no treaty between the two exists? I don't think *any* country is going to agree with you on that one...
Re: (Score:3)
But, USA law also says you can charged for any USA law that you break while outside of the USA as soon as you return to the USA (either under your own will or through extradition).
Fair enough, since corporations are apparently people now - and that's what the DoJ should do. They should charge Microsoft Ireland as soon as it returns to the USA. More than that, they should wait at the airport, and, as soon as Microsoft Ireland steps on American soil, agents should jump in, wrestle him to the ground and read his Miranda rights. I think I'd like to see that.
Re:American Companies Abide by American Laws (Score:5, Insightful)
Microsoft owns that data, thus it is Microsoft property, and since Microsoft is an american citizen, it must adhere to American laws.
It's not complicated.
No it is not complicated. American law does not apply outside American territory, period.
If an American company owned elephants in India, and Indian law said that exports of elephants was illegal, should an American judge be able to decide that they must ship their elephants to the US? Does not Indian law apply on Indian soil because it's an American company?
Re:American Companies Abide by American Laws (Score:5, Informative)
No it is not complicated. American law does not apply outside American territory, period.
That's simply not true. There is a presumption of non-extraterritoriality in U.S. law which means that if a law doesn't state otherwise, it is presumed to apply only on U.S. soil (or U.S. military bases, etc.), but laws can explicitly state that they apply outside the U.S. and U.S. courts have found them enforceable (usually when a citizen returns to the U.S. after a foreign trip.) Notable examples are the Foreign Corrupt Practices Act which make it a crime to bribe a foreign government. Another example is the Child Protect Act which makes it illegal for American citizens to hire child prostitutes even in countries where the practice is legal (eg. in the Netherlands, 16 years olds can legally work as prostitutes, but if a U.S. citizen hires one while visiting Amsterdam, they can be charged when they return to the U.S.). Another example are violations of certain travel restrictions, such as travel to Cuba, etc. Now, whether or not the search warrant in question is presumed to be non-extraterritorial or not is up to the Supreme Court to decide, but your blanket statement is clearly untrue.
Re: (Score:3)
in your case, a US judge can certainly order a US entity to do something which would violate another countries laws, and its up to the entity themselves to resolve that conflict.
Which is exactly what they're doing here.
Go read the legal briefs submitted by various nations and international organizations [scotusblog.com]. The European Commission, the government of the United Kingdom, the government of Ireland, the Council of Bars and Law Societies of Europe, the German Chamber of Industry and Commerce, the French Department of Business, and even the United Nations legal arm for data privacy. All of them said that if the US enforced the order they'd be violating all kinds of international, law, inc
Re: (Score:2)
If you impose that rule, then EU companies in America are embassies protected by the Vienna Convention because they have to be in Europe to be under EU laws and you're saying that they are.
Can you begin to imagine the unintended consequences of that?
For a start, forget immigration controls. They're embassies, they can house whoever they damn well like, under EU laws. The US has no jurisdiction because this is EU turf not US turf by your own rules.
You can't have it both ways.
Re: (Score:2)
Re: (Score:3, Informative)
Microsoft owns that data, thus it is Microsoft property
NO, Under EU law Microsoft DOES NOT own the data, a user retains all rights to his data even when housed on a companies server and said company must abide by those laws in handling of the data. The Data is governed within the borders of the EU under EU laws.
It's not complicated.
It is extremely complicated as you proved by getting almost everything wrong in your 2 line comment and the fact that even after several years the US supreme court can't work out the right decision.
Re: (Score:2)
If that were the case and something illegal was found in this data MS would be liable.
Re: (Score:2)
Enforce blasphemy laws in the USA? No saying bad things about a cult, faith?
Enforce another nations liable laws that are totally different from US free speech protections?
Move in some powerful German laws on the way history is presented and can be talked about in the USA?
Re: (Score:2)
You seem to be suggesting that American law trumps Irish law because Microsoft is an American company. That may very well be the way that this particular scenario plays out in practice (though I doubt it), but it's not an accurate picture of the legal situation.
Microsoft has a legal obligation as an American company to abide by American law and has a legal obligation as a company operating in Ireland to abide by Irish/EU law. Having legal obligations in different countries usually isn't an issue for compani
Re: (Score:2)
Wait for the EU to start enforcing EU laws in the USA for their EU brands.
Re: (Score:2)
Microsoft and Google could've prevented this by doing what Apple and a very small few other cloud providers does: We don't store data unencrypted and we don't have access to our customer's keys. They would've missed out on the advertising dollars but hey, you pick your battles.
Re: (Score:2)
Err ... really? Apple doesn't have a backdoor to encrypted data on the users device, but most things stored in their cloud service are readable to them.