Obama Administration Says the World's Servers Are Ours

An anonymous reader points out this story about the U.S. Justice Department's claim that companies served with valid warrants for data must produce that data even if the data is not stored in the U.S. Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland. In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border. A magistrate judge has already sided with the government's position, ruling in April that "the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information." Microsoft appealed to a federal judge, and the case is set to be heard on July 31.

Easy solution

[Anonymous Coward]

Just claim the data was lost due to a "hard drive crash." I mean, it worked for the IRS, right?

Goodbye foreign markets

[Anonymous Coward]

If this holds, US companies will have trouble competing abroad. Information belonging to a US firm's foreign customer company could be seized without possible recourse, unless the customer hires a US counsel.

Will this affect overseas profits tax evasion?

[swb]

Will this influence the tax gimmick where the HQ is overseas so the profits don't have to have taxes paid on them?

Why is it the money can evade the government but the data can't?

Re:Maybe, maybe not.

[Anonymous Psychopath]

Microsoft is based in the United States, so there may be some valid argument here that as an American company, Microsoft data regardless of where "in the cloud" it is stored is subject to American legal rulings.

The *real* question is what about companies that do business here but are based in other countries?

There must be precedents or applicable laws for physical analogies. If a company operating in the US happens to store physical records somewhere outside the US, and those records are pertinent to the case, would those not be covered by a US subpoena? If the company has access to them and the ability to procure them, what does the physical location of the records or their headquarters matter?

Re: Maybe, maybe not.

[mSparks43]

You cannot serve warrents to search property in other countries.

Simple as that.

Servers and data fundamentally don't obey those rules.

The internet doesn't live in the real world. Its rediculous to try and impose real world rules on it.

But fun to watch them try.

Curious

[aevan]

Does this mean that the US Gov is fine with those same companies turning over all their data to China if a Chinese official decides he wants it? Wonder what other companies this fun can extend to.

Re:Maybe, maybe not.

[Grishnakh]

This is the case for any normal country, as well it should be. I can't believe I'm defending Obama on something, but they're right on this one: if a country's legal system has a valid case for something, and issues a court order ordering you to turn something over, you can't just avoid a court order by saying "it's in my summer home in another country!". If you refuse, they can hold you in contempt of court until you decide to produce it. Maybe the other country can't be compelled to give it up, but you're in this country, and they can keep you in jail as long as they want.

It's corporations we're talking about

[jgotts]

Effectively, though perhaps not in the strict legal definition, the purpose of a corporation is to make a profit.

As we can plainly see from Microsoft's conduct over the years, they will break whatever laws they can get away with to make that profit. This lawsuit isn't about Hotmail users' e-mail messages, this is about illegal or otherwise objectionable behavior that they are trying to shield in other countries.

If you're worried about your e-mail and data stored on Microsoft's servers, then let's not mix that up with a corporation's ability to hide illegal, unethical, or immoral behavior within a more compliant state's physical borders.

Re:I think USA is right...

[Rich0]

And the reaction will be that all high tech companies will just leave the USA.

The ruling pertains to anybody who does business in the US. So, they can leave the USA, as long as they don't sell anything in the USA.

Re: Maybe, maybe not.

[Anonymous Coward]

Exactly. Hiding data offshore is no different than hiding funds offshore. That said, the governments rights to the data need to be examined in the first place, but if a company is legally bound to produce it, the location it's held in legally shouldn't make any difference.

Re:Maybe, maybe not.

[roman_mir]

This has nothing to do with USA citizens, this is about sovereignty of people and countries that are not USA in the first place. Swiss bank doesn't have to disclose ANYTHING to the USA regime about its account holders in Switzerland. Of-course current oppressive USA regime disagrees, apparently you are on the wrong side of the individual rights on this one as well.

By the way, any sufficiently [matzav.com] truthful statement [slashdot.org] is indistinguishable from 'flamebait'. In other words, TRUTH HURTS, doesn't it?

Re:Maybe, maybe not.

[Anonymous Coward]

I expect that the reverse is also true, that if I conduct business overseas that I am also subject to the laws of countries whose policies I do not agree with.

the problem is the US government does not believe that is true at all. For instance other countries have laws that make it illegal for privacy data to be sent out of the country without the users express consent, these US laws are therefore a breach of laws in other countries.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: Maybe, maybe not.

[fustakrakich]

The internet doesn't live in the real world.

You mean there are no servers and cables? Everything is just... there?

Re:Maybe, maybe not.

[Grishnakh]

Swiss bank doesn't have to disclose ANYTHING to the USA regime about its account holders in Switzerland.

No, but when the US courts find that you, a US citizen living in the US, have monies in a foreign bank account (thanks to documents they seized by court order) which they've proven are stolen or need to be taxed or whatever, "it's not in the country" is not an excuse. You either come up with the money, or you sit in jail forever in contempt of court. You can't just hide property in a foreign country and avoid legal consequences.

Re:Will this affect overseas profits tax evasion?

[Dynedain]

Tax avoidance is by definition, figuring out what is legal, what is not, and adjusting accordingly.

Claiming your charitable donations on your tax return (which you're supposed to do) is tax avoidance. If the laws allow for undesirable tax avoidance behaviors, then they should be changed.

Re: Maybe, maybe not.

[HornWumpus]

It's all sorts of things. But only people outside the jurisdiction of the courts are obstructing American justice. Where it's called 'being in compliance with local data privacy laws'.

Did the subpoena prevent you from informing your foreign employer of what was happening? More practically did it prevent corporate legal from informing their foreign bosses. What if the data is protected by their data privacy laws? What if you don't 'know that for sure'. What if your local lawyer 'was certainly unaware of that' (once made aware, he will be dirty and have to move on.)

Re:Maybe, maybe not.

[physicsphairy]

If the company has access to them and the ability to procure them, what does the physical location of the records or their headquarters matter?

Because they are storing someone else's data. That someone else (and their locally stored property) should receive the full protection of their local laws when dealing with a local subsidiary of an international company. This is not an embassy, it is not considered a territorial extension of the United States. The server is owned and taxed as Irish property. It should require an Irish court order to forcibly extract data off of it, same as it would taking letters out of an Irish safety deposit box (even if the bank had an American presence).

Would we be comfortable with courts in China being able to subpoena any US held data from companies with a Chinese presence? "Sorry Yahoo but as part of your incorporation in China we need you to produce any emails from the personal accounts of Boeing employees held on your US owned servers."

You have this backwards.

[IBitOBear]

Microsoft is trying the "you can't hold me responsible for yesterday's shooting because the gun is in my other pants" defense.

The law has _always_ held that if you are before the court, everything relevant to the case is before the court.

If this were not the case then the Tobacco and Asbestos companies could have just said "all those meeting minutes and research records are stored in our warehouse in mexico so ha ha, you all lose." Any company or person, on any issue, could just mail the evidence out of state or out of country and get off scott free.

That just never happened.

Just because the evidence is "on a computer" instead of "printed on paper" doesn't make the "other pants" defense viable.

The court is not reaching across a border. Microsoft is _here_. Microsoft does business _here_. The complaint is _here_, and the court is _here_. The proper legal response to "the other pants" gambit is to tell the guy in his shorts to send someone to go get whatever it is from those pants and bring it back.

Criminals don't just "move" their assets to other countries, they "hide" them because if it can be found it's on the table.

Every court. Every country. Every topic. From the beginning of time.

This is no different.

Re:Maybe, maybe not.

[DamnOregonian]

Google is an incorporated entity in the United States of America.
The IRS most certainly *can* bring suit against them in a US court, and demand that they turn over records for their tax-haven bank accounts.
The jurisdiction applies between the plaintiff and the defendant, borders matter not.

Where jurisdiction comes in, is we can't fly a team of cops over to the Bahamas and raid the offices of the bank to produce the data, the worst we can do is levy sanctions against the defendant.

This is *completely normal*, all over the goddamn world.

Re:You have this backwards.

[forand]

I agree with everything you have stated. However, the situation is not one of Microsoft being required to produce their own documents, they are being required to produce other's documents. So the analogy would be that Microsoft has a rental storage facility in Ireland and the US wants them to riffle through a unit and send some documents they find. That is far less reasonable and clear cut as your summary.

Re: Maybe, maybe not.

[countach]

"if they have the authority to change the policy regarding who has credential to get the data they must do so"

How do you define "has the authority" though? If exercising that authority contravened the laws of a foreign power, does it constitute having authority? What if it contravenes a foreign religious system? What if it contravened the laws of a foreign power that the US doesn't recognise, or in a territory which is under dispute? (Palestine? Crimea? Taiwan? Sealand?).

The end game of this is that tech companies will set up the head of the pyramid of the company in some obscure jurisdiction who will do what they are told, and they'll set up their servers in countries with strong privacy laws, and the US will be left out of the loop.

Re: Maybe, maybe not.

[Applehu Akbar]

This situation already arose in Swiss banking: the IRS tried to assert jurisdiction over American accounts held in Switzerland. Switzerland 's response was, Screw you. All American accounts there were closed down and the US has been totally spliced out of dealings with this major world financial center. They found they could get along perfectly well without us.

My impression (I have in-laws there) is that same thing is about to happen in Swiss IT. Swiss companies will buy their equipment directly from China and close any operations in the US. As the Obama Dark Age rolls on, we become a tech as well as a financial backwater.

Re: Maybe, maybe not.

[Anonymous Coward]

Servers do not make there own rules.

They do have rules to protect and segregate data if they're set up properly, but we already know Microsoft's servers are compromised, and any data on them already available to the US government via the NSA.

This isn't about the US government getting access to the data, it's about establishing and testing legal frameworks for being able to use the data in prosecutions and court cases. That's why the US Justice Department is using a compliant corporation like Microsoft as their test case. MS will put up a token resistance, concede where the DoJ wants them to, and hand over a nicely packaged precedent for the US government to work with from then on.

We're all in dire trouble until we can unwrap these corps from the government...