Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Government The Courts

Does US Have Right To Data On Overseas Servers? We're About To Find Out (arstechnica.com) 265

Long-time Slashdot reader quotes Ars Technica: The Justice Department on Friday petitioned the US Supreme Court to step into an international legal thicket, one that asks whether US search warrants extend to data stored on foreign servers. The US government says it has the legal right, with a valid court warrant, to reach into the world's servers with the assistance of the tech sector, no matter where the data is stored.

The request for Supreme Court intervention concerns a 4-year-old legal battle between Microsoft and the US government over data stored on Dublin, Ireland servers. The US government has a valid warrant for the e-mail as part of a drug investigation. Microsoft balked at the warrant, and convinced a federal appeals court that US law does not apply to foreign data.

According to the article, the U.S. government told the court that national security was at risk.
This discussion has been archived. No new comments can be posted.

Does US Have Right To Data On Overseas Servers? We're About To Find Out

Comments Filter:
  • National Security! (Score:5, Insightful)

    by Calydor ( 739835 ) on Sunday June 25, 2017 @02:25AM (#54685355)

    When isn't it national security?

    I don't recall the details of the case and can't be bothered to read up on it, but according to the summary it's a drug investigation. It's a pretty far leap from there to national security.

    Also, four years. If nothing's happened yet based on the information in those emails it's VERY unlikely anything is going to happen ever. That alone should rule out a national security issue.

    • by Dog-Cow ( 21281 ) on Sunday June 25, 2017 @02:26AM (#54685357)

      It's also a pretty big leap from "national security" to "we must trample the Constitution". Or at least, it used to be.

      • Even worse...the Constitutions of foreign countries. The US has ZERO jurisdiction outside of its borders. Hard to believe with all the bombing and killing the US conducts overseas.
      • It's also a pretty big leap from "national security" to "we must trample the Constitution". Or at least, it used to be.

        When was that?

      • by haruchai ( 17472 )

        It's also a pretty big leap from "national security" to "we must trample the Constitution". Or at least, it used to be.

        "Risk to national security" is just another "think of the children" justification

    • by renesch ( 1016465 ) on Sunday June 25, 2017 @02:45AM (#54685385)
      I'm waiting for the day that North Korea will issue a warrant to search the NSAs computers. After all, Kim might find stuff related to his national security....
    • by Solandri ( 704621 ) on Sunday June 25, 2017 @04:32AM (#54685599)
      There is a national security issue here, but not the one you're probably thinking of.

      If the SCotUS decides this in favor of the U.S. government, this isn't going to end the way they think it will. The U.S. companies aren't going to roll over and hand over the information the U.S. government wants. They're going to expatriate and reincorporate in another country which doesn't have such overreaching search and seizure laws.

      The stupid IRS policy of taxing all income earned abroad simply because you're a U.S. citizen already causes wealthy Americans to move abroad (with their money) and give up their U.S. citizenship. A bad decision here will start the same exodus among U.S.-based multinational corporations. That's the national security issue here - the nation's economic security is being put at risk due to the U.S. government trying to make its laws and authority apply outside of the U.S.
    • Of course it's national security. Someone somewhere smoked some weed and that could influence American children. How is this not national security, and why do you hate children so much you bad person!

    • National Security, for a drug investigation, regarding microsofts data? Mwahahahah! Just because the CIA, FBI, or whatever 3 letter acronym don't understand computer geeks, it doesn't mean they're doing illegal drugs!

      Besides, no way drugs are a "National Security" issue, unless the 3 letter agencies aren't getting their prescription meds again.
    • If there are investigations in a drug case, and the state attorney is not able to approach the state attorneys of the countries in question, I would consider firing him and sending him back to law school.

  • ...but it seems rather reasonable that if a court of law orders you to submit something, the fact that you had stored in another country shouldn't be much of an excuse for not doing so.

    • by Great Big Bird ( 1751616 ) on Sunday June 25, 2017 @02:47AM (#54685395)

      Except for the little detail that the other country has data protection laws that make it illegal to do so. An American court should not be able to override the law where it seems to have had no intent to hide the data from the American authorities.

      • by radarskiy ( 2874255 ) on Sunday June 25, 2017 @03:13AM (#54685441)

        No one forces a multinational company into the shenanigans they play with moving things between jurisdictions. They could have considered beforehand whether they were painting themselves into a corner by doing something other than straightforward offering of services in different places.

        The laws of Ireland are not the concern of the courts of the USA, nor vice versa. The US court has issued an order on the US corporate entity which that corporate entity had stipulated that it could meet. Either the US corporate entity was lying before when the said they could satisfy the order or they are lying now when they say they cannot. One way or another the US corporate entity lied to the US court.

        If a multinational company wants to reap the benefits of having distinct corporate entities in different jurisdictions they also have the pay the costs, which consist of keeping track of when the obligations between the distinct corporate entities are constrained by the the different jurisdictions they were created to run in.

      • by AmiMoJo ( 196126 )

        It's not even clear how a ruling that the US should have access could be implemented... They can order US citizens to tell their colleagues in say the EU to hand over the data, but it might be illegal for those people in the EU to do so.

      • by Dracos ( 107777 ) on Sunday June 25, 2017 @05:10AM (#54685651)

        Precisely. This is the US government asserting jurisdiction where it clearly has none, using the tenuous arguments of "cyberspace has no borders" and "corporate citizenship traces back to its origin". If the SCOTUS agrees, then the US has taken a step toward delegitimizing every other nation's sovereignty, over yet another skirmish in the "war on drugs" inflated into a bogus national security concern.

      • Except for the little detail that the other country has data protection laws that make it illegal to do so. An American court should not be able to override the law where it seems to have had no intent to hide the data from the American authorities.

        I agree. But MS is an American company and subject to American laws. I'd love for the outcome of this to be a finding of fact that states that MS is an American company despite pretending to be an Irish company, and American companies must abide by American law and court orders, regardless of physical location.

        MS, Apple, and all the other little shits have their tax loopholes closed.
        The US stays out of actual foreign companies's shit.
        The rest of the world stops trusting Google, MS, Apple, etc. and we get

    • by Anonymous Coward on Sunday June 25, 2017 @02:47AM (#54685397)

      ...but it seems rather reasonable that if a court of law orders you to submit something, the fact that you had stored in another country shouldn't be much of an excuse for not doing so.

      The whole crux of the matter is a thing US law enforcement uses called "The Fishing Expedition". If the US had a legitimate legal need for this information all they would need to do is petition a foreign court and get a foreign court order (not that hard to do if an actual investigation is being conducted). Unfortunately for US law enforcement, INTERPOL and foreign courts usually require probable cause and actual evidence of wrongdoing before they will issue such an order, thus the attempt to back-door around that requirement.

    • by Anonymous Coward on Sunday June 25, 2017 @02:53AM (#54685413)

      even if the laws in that other country prevent you from doing so? European data privacy laws tend tp be much stronger than in the US, and US courts have no authority outside the US to overrule other countries laws. If Microsoft complied with the US court order it would be breaking the law in Ireland. They're between a rock and a hard place...

    • ...but it seems rather reasonable that if a court of law orders you to submit something, the fact that you had stored in another country shouldn't be much of an excuse for not doing so.

      Oh, well that's a grand idea. So I guess it's ok if a foreign court of law rules that it is ok to hack your elections, huh? The problem is that a while back folks in the entire world looked up to and respected the US legal system. And the governments of US were reciprocal in respecting the laws of other countries.

      That legal system in the US is no more, gone to meet its maker, toast, pining for the fjord, stunned and resting. The governments and their puppet courts in the US no longer respect the laws o

      • The problem is that a while back folks in the entire world looked up to and respected the US legal system.
        70 or even 50 years ago, perhaps.
        In relation to "normal" democratic nations the US law system is a joke. 300 years old bullshit that never got upgraded to modern times.
        We laugh about you, and pity you same time. A simple civilian needs money to win a case, or not lose it, if he is accused. And you call that "law"? Retarded, isn't it?

        Look at the Bill Clinton case. No one in Europe grasps what it was abo

      • The problem is that a while back folks in the entire world looked up to and respected the US legal system. And the governments of US were reciprocal in respecting the laws of other countries.

        That legal system in the US is no more, gone to meet its maker, toast, pining for the fjord, stunned and resting. The governments and their puppet courts in the US no longer respect the laws of its Constitution protecting its own citizens, and certainly don't give a rat's ass about the "rights" of any other human beings on the planet.

        If you want to drill-down to the primary cause, it's because the US has abandoned standing for principles in favor of acting on interests which change with the breeze and the 24-hr news cycle.

        It's the abandonment of eternal principles in favor of fleeting interests which has done the most to damage the US both domestically and internationally, IMHO.

        Strat

    • I'm pretty sure if you get a warrant to search someone's laptop or computer in one jurisdiction, and it turns out the laptop is currently in another jurisdiction, they can't make you go get the laptop and bring it back - they need to get a warrant for the jurisdiction it's in.

      The issue is the limit of the judicial district. If you want to search something in a particular place, you get a warrant from a judge in that place. The warrants in question are claiming that since you can access the information anywh

      • EU data privacy law doesn't allow remote access to the data, so they would need to ask someone in the EU to send it. Unless they didn't follow the law. Microsoft handing over that data could get people arrested and the company fined, and that is why they are bothering to fight this.
  • by Anonymous Coward on Sunday June 25, 2017 @02:36AM (#54685377)

    What we *will* find out is the opinion of an American court, which has no international power. The proper place for this request is the international court of justice in the Netherlands. Unfortunately the US is the only non-dictatorial country that doesn't recognize this court.

    • What we *will* find out is the opinion of an American court, which has no international power. The proper place for this request is the international court of justice in the Netherlands. Unfortunately the US is the only non-dictatorial country that doesn't recognize this court.

      I don't think this is about US courts thinking their search warrants are valid in the Ireland. The question is more like: can the US government, compel a US corporation to make available to US investigators an item of interest that is stored on foreign soil perhaps by remote access? Hell, if the US based corporation can be 'persuaded' to allow such access by means of threatening it with massive fines or worse there is no reason to involve the Irish government at all since Microsoft could simply make the dec

      • That might expose them to a civil lawsuit in Ireland but that would probably be easier to deal with than the 800 pound gorilla that is the US federal govt.

        It's more likely to be a criminal lawsuit and expose them to the 850 pound gorilla that is the EU commission. The EU has a slightly larger economy than the US (by some measures) and an established record of swingeing fines on large US companies which ignore EU laws. Microsft itself has already been fined 1.3 billion euros.

  • Ask yourself this (Score:5, Insightful)

    by Mistakill ( 965922 ) on Sunday June 25, 2017 @02:53AM (#54685409)
    Does China, Russia, Germany have a right to your data if you are in the USA but using a such a country's service? Because this is the gate being left open
    • by AHuxley ( 892839 )
      Wait for the blasphemy rulings over cartoons.
      Extra crimes are listed if the blasphemous material is animated and has any music or songs.
      Every faith and cult will pour funds into their legal teams to get specific accounts or identifiers.
      Comment on a communist party, its history or leaders?
      Have to show up for mentioning the Tiananmen Square protests of 1989?
      Have to respond to some SJW in the USA over liking an author, movie or book on social media?
      Some US celebrity has an issue with a negative movie or
      • Extra crimes are listed if the blasphemous material is animated and has any music or songs.

        I'm sure the punishment for that will pale in comparison with the punishment on the copyright infringements of the music used in the cartoon.

  • The US court is issuing an order to the Microsoft US corporate entity, which is constrained by US laws, to produce data that the Microsoft US corporate entity previously told the court it could produce. However, the Microsoft US corporate entity at some point handed the data off to the Microsoft IE corporate entity, which is constrained by IE laws. It turns out that the Microsoft IE corporate entity is constrained by IE laws for sending that data back to the Microsoft US corporate entity to comply with the

    • by Altrag ( 195300 )

      The proper way to handle it then is to forbid them from exporting data that might be necessary for US retrieval (well, forbid them from deleting it from US servers -- I realize that caching and such would require copying across initially,) rather than waiting until after the fact and then trying to walk all over a sovereign country's laws.

      Of course, unless there's some apriori definition of "necessary for US retrieval," this amounts to having to retain local copies of all data on US servers. Though I can't

      • Though I can't really fathom much reason to store US data (exclusively) on non-US servers except to try and skip around US data (anti-)protection laws.

        And that, right there, is the one question that everybody seems to be ignoring. If the data refers strictly to US customers, why is it being stored only in Ireland? Unless Microsoft can come up with an answer for that that doesn't include trying to dodge around US laws, they should be subject to whatever sanctions are appropriate for their actions. (IAN
    • by swb ( 14022 )

      Ordinarily I think these national boundary constraints would limit the reach of US courts and warrants, but with the "national security" flag raised I think it stops being solely a question of legalism and jurisdiction and then escalates into diplomacy, where there are other tools available to gain compliance.

      Microsoft may say to the US government, "No, your warrant doesn't work because MS IE has to follow IE law."

      All this will mean is that ultimately the State Department gets involved and begins negotiatin

  • That's a double edged sword.. it also means that that US would have to give information to foreign governments stored on US servers.

    I mean.. we wouldn't want to be hypocrites now would we?

  • What astonishes me the most about this case is that the feds even bothered to *get* a warrant for overseas data in the first place.

    With all the rhetoric about warrantless laptop searches at the border one would think the feds think our constitutional rights only apply on US soil.

    As for my armchair lawyer analysis:

    Data stored on servers located on foreign soul isn't even subject to US jurisdiction to begin with, so presumably the warrant in question would need to issue from a court of the nation in question,

  • Governments do not typically have laws that give Sovereign Rights to other governments. Other jurisdictions are largely ignored and not talked about. If a company wants to do business in America it follows American laws, in some cases even if the law breaking happened entirely out of the country(victims, data, server) it can still either comply or flee the country entirely.

  • by kaur ( 1948056 ) on Sunday June 25, 2017 @06:30AM (#54685811)

    Re-read the headline, replacing US with your favourite enemy.
    Does it still hold?
    If not, then the answer is "no".

    US is not special in international law in any way.

  • Realize that if this flies and the US can force any US corporation to surrender their data, no matter where that data is stored on the planet, nobody in their sane mind would use a US company to store their data. Or process it.

    MS has every good reason to fight this tooth and nail. And Amazon would have every reason to put money behind them. If the verdict goes in favor of the US government, pretty much any US cloud provider is dead in the water. Because then even US companies would rather store their data i

    • by gweihir ( 88907 )

      This is already happening. For example, the MS cloud in Europe is outsourced to Deutsche Telekom, exactly to make sure MS does not have any customer access. This also means a major part of the revenue goes to Deutsche Telekom and not to MS. The reason for that many prospective European customers would not use this service otherwise due to very shaky legal ground.

  • I doubt that a ruling that the American government can seize data from overseas servers would have any power outside the borders of the USA, but it will cause a lot of headaches for companies operating inside the USA, and a LOT of headaches for American companies operating in foreign countries. The minefields are numerous, and a ruling favoring the American federal government is going to be bad for privacy in general, everywhere.

  • by Zemran ( 3101 ) on Sunday June 25, 2017 @07:49AM (#54686035) Homepage Journal
    A US warrant only has jurisdiction in the US. It cannot cover any other country. How can the US complain that Russia has hacked US computers and then want to hack other people's computers?
  • I karma to burn

    In a nutshell, the US government claims it should not matter where the data is stored. What matters is whether the company can access that data in the US.

    I have to agree with this, if the data is accessible to the US and it is a US based Company then I think the warrant should be valid. BTW, they have a warrant so I think they are following laws anyway.

    Of course over the past few years the US is doing everything it can to give companies incentives to leave, so what is 1 more :)

    • by gweihir ( 88907 )

      Complete BS. As you can basically access all data from anywhere (via this thing called "Internet"), this is not a distinction that matters in any form.

  • ...what would the US' reaction be if a Russian court wanted data stored on American-based servers?

    Yeah.....

  • What we are about to find out is whether it _thinks_ it does have that right, which is a bit different. As we already see companies not storing data from European customers in their own systems but outsourcing that to European companies bound by European data protection laws, I guess id does not matter that much. US arrogance and greed already cost the US economy significantly.

  • This would undoubtedly drive business away from US companies that provide information services to users overseas, we is precisely what we need for economy. Make America Great Again(tm)!

    Joking aside, how is a drug investigation a matter of national security? If you're going to claim you need some power for national security reasons, then only use it for national security reasons. Don't then turn around and use it to prosecute drug offenses.

  • Why is Microsoft protecting drug traffickers?

    The only answer that makes sense to me is that Microsoft is also engaging in the drug trade.

    • by JustNiz ( 692889 )

      No you don;t get it.

      There is PLENTY of evidence that Microsoft have always worked hand-in-glove with the FBI/CIA/NSA/whoever, by doing things such as including back doors in their encryption, in Windows, and providing tools to the government to extract data.

      Microsoft just pretend to revolt every now and again in order to keep fooling the sheeplike morons that continue to buy their products into thinking that they are safe putting their personal data in Microsofts hands.

  • You approach the "overseas", provide enough evidence, ask for a warrant.
    Then the authorities, usually a judge, judges the evidence and issues a warrant.
    Then you get what you want.

    A company like FB/MS or any other can not simply provide data from a german server to an US authority. Regardless what the US man with the gun thinks.

    Privacy and data is the holy grail in Europe, like your free speech. If a company would simply send data to the US without a court ruling/warrant here in Europe it would break so many laws it likely would run bankrupt.

    How an US lawyer/congress/governor can come to the dumb idea he has a chance to make it law that his warrants are valid world wide is beyond me.

  • I'm sure we all have many concerns about this case and the privacy of our data. Here are my thoughts and questions:

    1.) If it's really National Security, why didn't it go through the FISA courts? Or, why hasn't the NSA/CIA simply covertly recovered the data for them?

    2.) If MS won't give you the data because you're in the US, why don't they contact the Ireland courts with their warrant and request some international assistance? Perhaps they'll issue a warrant for the data in Ireland and release it to the U

Almost anything derogatory you could say about today's software design would be accurate. -- K.E. Iverson

Working...