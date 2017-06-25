Does US Have Right To Data On Overseas Servers? We're About To Find Out (arstechnica.com) 41
Long-time Slashdot reader quotes Ars Technica: The Justice Department on Friday petitioned the US Supreme Court to step into an international legal thicket, one that asks whether US search warrants extend to data stored on foreign servers. The US government says it has the legal right, with a valid court warrant, to reach into the world's servers with the assistance of the tech sector, no matter where the data is stored.
The request for Supreme Court intervention concerns a 4-year-old legal battle between Microsoft and the US government over data stored on Dublin, Ireland servers. The US government has a valid warrant for the e-mail as part of a drug investigation. Microsoft balked at the warrant, and convinced a federal appeals court that US law does not apply to foreign data.
According to the article, the U.S. government told the court that national security was at risk.
The request for Supreme Court intervention concerns a 4-year-old legal battle between Microsoft and the US government over data stored on Dublin, Ireland servers. The US government has a valid warrant for the e-mail as part of a drug investigation. Microsoft balked at the warrant, and convinced a federal appeals court that US law does not apply to foreign data.
According to the article, the U.S. government told the court that national security was at risk.
National Security! (Score:2)
When isn't it national security?
I don't recall the details of the case and can't be bothered to read up on it, but according to the summary it's a drug investigation. It's a pretty far leap from there to national security.
Also, four years. If nothing's happened yet based on the information in those emails it's VERY unlikely anything is going to happen ever. That alone should rule out a national security issue.
Re: (Score:2)
It's also a pretty big leap from "national security" to "we must trample the Constitution". Or at least, it used to be.
Re: (Score:2)
I'm all for privacy and all that... (Score:2)
...but it seems rather reasonable that if a court of law orders you to submit something, the fact that you had stored in another country shouldn't be much of an excuse for not doing so.
Re:I'm all for privacy and all that... (Score:5, Insightful)
Except for the little detail that the other country has data protection laws that make it illegal to do so. An American court should not be able to override the law where it seems to have had no intent to hide the data from the American authorities.
Re: (Score:2)
Correct, but you can also get into interesting areas of the subsidiary being setup with binding corporate rules which can (in some cases) prevent the foreign entity from complying.
Re:I'm all for privacy and all that... (Score:4, Interesting)
Any employee of this local subsidiary can simply refuse to comply with the order (I expect every single country has a law that allows employee to refuse employer order to break the law). If we are talking about European countries then it would also be impossible to fire him for this, as such firing would be deemed as reprisal by (local) court. Given that the company (local subsidiary) is not even really interested in firing him, it would even likely lead to employee keeping the job (reinstatement).
You're missing the definition of a 'subsidiary'. (Score:2)
A subsidiary is a local company established under local laws and subject to all local laws. It will have its own board of directors - who may well all be employees of the owning company, but still have a separate duty to obey the law. If such a subsidiary breaks the local law, it is a criminal offence and the directors become liable. If they are outside the country, the assets of the company may be seized.
If MS sets up the Irish subsidiary to own and operate the servers, it will be impossible for that subsi
Re: (Score:2)
So why not go the way it has always been and should be in the future: Ask the court in the ot
Re: (Score:2)
No one forces a multinational company into the shenanigans they play with moving things between jurisdictions. They could have considered beforehand whether they were painting themselves into a corner by doing something other than straightforward offering of services in different places.
The laws of Ireland are not the concern of the courts of the USA, nor vice versa. The US court has issued an order on the US corporate entity which that corporate entity had stipulated that it could meet. Either the US corpo
Re: (Score:2)
It's not even clear how a ruling that the US should have access could be implemented... They can order US citizens to tell their colleagues in say the EU to hand over the data, but it might be illegal for those people in the EU to do so.
Re: (Score:1)
...but it seems rather reasonable that if a court of law orders you to submit something, the fact that you had stored in another country shouldn't be much of an excuse for not doing so.
The whole crux of the matter is a thing US law enforcement uses called "The Fishing Expedition". If the US had a legitimate legal need for this information all they would need to do is petition a foreign court and get a foreign court order (not that hard to do if an actual investigation is being conducted). Unfortunately for US law enforcement, INTERPOL and foreign courts usually require probable cause and actual evidence of wrongdoing before they will issue such an order, thus the attempt to back-door arou
Re: (Score:2)
No, the order is to the US corporate entity. The US corporate entity previously stipulated they could comply with such an order.
Re: (Score:2, Insightful)
even if the laws in that other country prevent you from doing so? European data privacy laws tend tp be much stronger than in the US, and US courts have no authority outside the US to overrule other countries laws. If Microsoft complied with the US court order it would be breaking the law in Ireland. They're between a rock and a hard place...
Re: Should be illegal for US companies to do this (Score:1)
If we were to extend your analogy/theory to something like McDonald's, Google, Apple etc. it falls flat on its arse (yes, I'm English).
If a company can't operate or sell anything outside of the country it was originally incorporated in, it won't be able to grow much, will it?
The point here is that Microsoft US is legally different to Microsoft Europe and while they share the same name and corporate structure, US laws don't apply in Ireland, just like Russian laws don't apply in the US.
If Russia was investig
Re: Should be illegal for US companies to do this (Score:1)
The reason MS and every other hosting provider have datacenters in the EU is because they have to because their customers need to store data of EU citizens. The concern is not the court ordered warrants, but the requests made without oversight that are possible since the patriot act and its succesor. Given that Trump has made clear that US privacy laws only apply to US citizens, this is a valid concern. What would you do if some EU agency had warrantless access to US the data of US citizens or companies s
Actually we are not about to find out. (Score:2, Insightful)
What we *will* find out is the opinion of an American court, which has no international power. The proper place for this request is the international court of justice in the Netherlands. Unfortunately the US is the only non-dictatorial country that doesn't recognize this court.
Re: Actually we are not about to find out. (Score:4, Informative)
Actually, it's more like the US wants international law where it's favourable to the US, and wants to ignore it otherwise.
Of course, the US is not alone in this regard.
Ask yourself this (Score:2)
Tired of portrayal of US court issuing order in IE (Score:2)
The US court is issuing an order to the Microsoft US corporate entity, which is constrained by US laws, to produce data that the Microsoft US corporate entity previously told the court it could produce. However, the Microsoft US corporate entity at some point handed the data off to the Microsoft IE corporate entity, which is constrained by IE laws. It turns out that the Microsoft IE corporate entity is constrained by IE laws for sending that data back to the Microsoft US corporate entity to comply with the
US brands and their global profits (Score:2)
All data will be encrypted and 100% kept in the nation of origin?
That removes the profit from the scale of really cheap hosting in the USA.
Why would any person, lawyer, company or nation risk any US brand that will just give any/all data to any open US court setting?
For the US security services?
US Special crimes?
Drug crimes?
Any US crimes?
US SJW want to report or ban something?
Civil claims in the US?
Consider hosting in your own nation, with
Re: (Score:3)
"Consider hosting in your own nation, with your own local brands and their much stronger data protection."
That's almost exactly what I've recently told a customer who asked advice about web hosts. Sure, the el cheapo operations look attractive, until you find out where the servers are actually located.
Qatar or UAE? I don't think so. Sydney or Melbourne are just fine, thanks. I'd prefer to deal with my own country's rules.