Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Microsoft United States Government The Courts

Microsoft Fights Search Warrants for Overseas Emails in the Supreme Court (microsoft.com) 68

Microsoft's Chief Legal Officer writes about "the landmark Microsoft case that will decide whether the U.S. government can use a search warrant to force a company to seize a customer's private emails stored in Ireland and import them to the United States." On Thursday, 289 different groups and individuals from 37 countries signed 23 different legal briefs supporting Microsoft's position that Congress never gave law enforcement the power to ignore treaties and breach Ireland's sovereignty in this way. How could it? The government relies on a law that was enacted in 1986, before anyone conceived of cloud computing... When the U.S. government requires a tech company to execute a warrant for emails stored overseas, the provider must search a foreign datacenter and make a copy abroad, and then import that copy to the United States. This creates a complex issue with huge international consequences. It shouldn't be resolved by taking the law to a place it was never intended to go...

The U.S. Department of Justice's attempt to seize foreign customers' emails from other countries ignores borders, treaties and international law, as well as the laws those countries have in place to protect the privacy of their own citizens... It's also a path that will lead to the doorsteps of American homes by putting the privacy of U.S. citizens' emails at risk. If the U.S. government obtains the power to search and seize foreign citizens' private communications physically stored in other countries, it will invite other governments to do the same thing. If we ignore other countries' laws, how can we demand that they respect our laws?

Amicus briefs supporting Microsoft have been filed in the U.S. Supreme Court by Ireland, France, and the European Commission and European privacy regulators. Microsoft even notes that on this issue, "Fox News agreed with the American Civil Liberties Union."
This discussion has been archived. No new comments can be posted.

Microsoft Fights Search Warrants for Overseas Emails in the Supreme Court

Comments Filter:
  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Sunday January 21, 2018 @05:47PM (#55973905) Homepage

    The servers are located in Ireland in a data centre staffed by Irish people (or who, at least, live there). Will these people obey an order from a court in the USA and risk the wrath of the court in Dublin ? I would not if I were one of them. I do not know what control Microsoft (USA) has over servers in its Irish data centre, but generally the guy who can touch the machine is the one who makes the final decision; and him, being fearful of the Dublin court, could easily restrict access to anyone outside of their data centre.

    No matter what the court in the USA decides, what will happen in reality will be interesting to see.

    • by CaptainDork ( 3678879 ) on Sunday January 21, 2018 @06:02PM (#55974007)

      This is not a matter of an American-issued search warrant delivered to person or persons of name, as in individuals.

      Microsoft obviously has a pathway to the data in Ireland and there are no gatekeepers blocking that path, at this time.

      At issue is custodianship vs ownership vs jurisdiction, and it ain't easy.

      This is problem has already been addressed in the case offshore banking.

      I think that's where SCOTUS will take this.

    • One never knows what happens to things when they get to Ireland!
      God invented alcohol to prevent the Irish from ruling the world, as it so nicely says in a bar in temple bar...
    • I think it's a bit disingenuous to say "the guy that can touch the machine" is the one who makes final decisions. That's certainly not the case in all the companies I've worked for: the guy accepts what management tells him. If he doesn't, he will be replaced by someone that does. No organization (no matter how enlightened) gives the IT dudes the final authority over who gets access to what systems.

      "Hey Bob, did you get a SCM account?"
      "No, I cut off the sysadmin for that system in the parking lot and my bos

  • by dwywit ( 1109409 ) on Sunday January 21, 2018 @06:16PM (#55974077)

    Lodge a warrant with the local MS subsidiary for some data stored on MS USA server/s, and see what happens. Put the shoe on the other foor and see how the USA DoJ reacts.

    • I think we all know exactly what would happen.

      According to the US, national sovereignty is a one way street.

  • Curious that "ignoring borders" is exactly the issue at present, when the US Government has exhausted its spending authority. The Republicans think that borders mean something and that illegal aliens should go home, while the Democrats apparently feel that there are no borders to the United States that anybody is obliged to respect. Europe has been having similar problems over the last year or so.

    • by dave420 ( 699308 )

      It's not about borders but the jurisdictions operating within them. The EU has very strong data protection laws, the US does not.

  • I can understand that DoJ is required to make the request/filing, but I do not believe even many of their own lawyers actually think winning would be a good thing. When the ACLU and Fox News both agree the DoJ winning would be bad, you can pretty much take that to the bank. The only interesting question is how narrow the ruling will be.

  • ...that, by the Constitution, international treaties DO supersede Federal law, though not the Constitution itself. Witness WTO lawsuits against Federal and/or State laws. A very bizarre situation, indeed, but you'd think that government lawyers would know this.
    • by Anonymous Coward

      This is factually incorrect. International treaties are on aa par with acts of Congress, and neither supersede nor are superseded by Federal United States law - see, e.g., Reid v Covert [wikipedia.org] 354 US 1 (1958).

  • As stated by several amicus briefs. We have treaties with most other countries where this would be an issue, all we have to do is deal with them. If they don't want to give it up, well...do you do war or what? Further, if MS gives up the stuff - they're breaking the law in the other country. Does it seem reasonable to demand someone else break the law? It might be legal, since we have any number of illogical, unconstitutional, just-us laws, but gheesh. Solve it the way it was already solved, you lazy
    • by AHuxley ( 892839 )
      PRISM https://en.wikipedia.org/wiki/... [wikipedia.org]
      Nobody smart noticed all that data moving around from a big brand back to the gov/mil?
      The big brands even helped decrypt so the gov could get plain text.
      • Of course we did. A: the parts of gov have turf issues with talking to one another. B: while it's effectively illegal, even if they do it anyway, if they have a hard on to bust someone with clout - it has to look legal, parallel construction might not fly.
  • Prosecutor: The defendant has not turned over emails between their executives discussion the probability of an (oil leak) (fiscal collapse) (other bad thing).

    Judge: Why not?
    Defendant: Those emails are not stored in this country.

    Judge: Which country are they stored in?
    Defendant: Please refer to the statement from EvilCO IT explaining that our emails are stored in a database that is then sharded across all our subsidiaries around the world.

    Judge: And you need the pieces, the shards, from all the countries to

    • Judge (daydreaming): Bailiff, please tase this lawyer in the balls repeatedly until he stop this bullshit.

      I think you mean:

      Judge (daydreaming): Bailiff, whack his pee-pee! [youtube.com]

    • by jaa101 ( 627731 )

      The key difference here is that they're not after Microsoft's data; they're after data belonging to a Microsoft customer who is not a US citizen who has probably never physically been on US territory.

      • That is a difference. I don't see how it's a key difference who holds the record.

        In the bank/oil-co/bad-guy example, does using a 3rd party IT department instead of in-house change things? Or any number of intermediaries can be added: Oil company contracts ITCorpUS, ITCorpUS has a subsidiary in Ireland, Ireland has a subsidiary in Cook Islands ....

        • by jaa101 ( 627731 )

          The difference is that the bad company has a legal presence in the US, so US courts can demand company documents in some circumstances. Wherever the company has stored the documents, if the company is able to retrieved the documents itself then it can be compelled to retrieve them for a court. In this case the documents don't belong to a US company, they belong to an entity with no presence in the US.

          What if the this case was about a US bank which operated safety deposit boxes in Ireland? Can a US court

          • No matter what the contractual or physical arrangements, I can't, from here. open a safety deposit box in Ireland. I'd have to go there or have someone do it for me. If I'm there, I'm subject to Irish law, and if I employ someone to do it they're subject also. A US court could order me to provide the contents of the box, but I might not be able to comply.

            However, I may be able to access data in Ireland without anyone in Ireland doing anything to help me. From where I'm sitting, I'm not actually subje

            • by jaa101 ( 627731 )

              I meant, imagine you are an Irish citizen who has never left Ireland but you have documents in your bank's safety deposit boxes in Ireland. Do you think a US court should be able to force that bank to produce copies of those documents without even telling you about it? It doesn't even need to be a US bank, just a bank with a legal presence in the US so the courts have access to company officers in the US. See how this is different from the court requiring access to bank documents stored in Ireland?

              And th

              • Right, but this isn't the same thing. I was trying to point out that nobody in the US has direct access to an Irish safe deposit box, but that Microsoft apparently has direct access to data in Irish servers. It is possible for people in the US to access data overseas, but not physical objects.

                A US court can't order people in Ireland around. It can issue orders to people in the US. It can tell people in the US to say things to people in Ireland, but those people are going to be subject to Irish courts

    • by Anonymous Coward

      Should read: "Defendant: I'm not aware of a sysadmin in a subsidiary refusing to create an account for their local shards to an employee authorized by corporate; but they know what's going on and I would expect a refusal this time."

  • They sellout every US citizen with Cortana, and they won't give up some foreigner? Jail all the executives for treason and be done with it.
  • by ledow ( 319597 )

    Fail to comply: Get sued in the US.

    Comply: Get sued by all the other countries.

    There's a reason that we have jurisdictions.

    Pretty much, even allowing the CAPABILITY for non-EU personnel to access EU data is an offence, which is why the EU side of Microsoft (an entirely different legal entity) cannot allow it to happen without an EU court order, cannot provide credentials that could make it happen, and cannot be seen to assist in any way, shape or form.

    And technically, because the Microsoft US entity doesn'

If you suspect a man, don't employ him.