More specifically, the Supreme Court is deciding whether the US can compel companies with a US presence to hand over data stored in other countries.
"Anyone's data on Earth" is a significant exaggeration. It's not like the US is going to demand Putin's emails (at least not through the courts, who knows what they're trying to do clandestinely).
I'm not certain it is a significant exaggeration, nor am I certain the US wouldn't demand Putin's email :-)
In practice you're probably right, but the idea of leaving things up to the discretion of politicians, particularly the ones we tend to elect, terrifies me.
This will have immense ramifications on the ability of US companies to do business overseas. Even if there are no legal barriers erected (which I doubt), there will unquestionably be marketing barriers. If there were a company I did business with that had a home-country ruling like this, I would definitely think twice about how much I trust their government.
There already are legal barriers? Even if the Supreme Court decides this is legal, EU and Irish law make it illegal, and Microsoft will be in extremely deep shit if they actually share the data.
That adds a fascinating wrinkle to it, what happens if the EU makes it illegal to share the data, and the US requires it? A company could find themselves in between a rock and a hard place, forced to violate the dictates of at least one powerful governmental force.
In theory that's what should happen, but the political realities guarantee it will not. Microsoft, Google, <every other major tech company>, <most other multinational companies>, are too politically powerful.
A workaround will be found, or one of the two sets of laws will be changed, or one of the two sets of laws will not be enforced.
Correct, but at the same time what happens to EU companies selling software services in the US? If the EU companies don't fork over data will they get restricted too? I'm not sure if isolating every jurisdiction into its own tech ecosystem is an achievable (let alone sustainable) direction. To a certain extent, Microsoft (and presumably others) are attempting to do this for their data[1] by hiring data trustees in other countries. Essentially, Microsoft still develops the technical services but hires another company, which does not have US presence, to hold that data and is subject to the (presumably stronger) privacy laws of the country it is located in.
I'm not sure how resilient this is to coercion by the US government. Maybe the US government could forbid Microsoft from doing business with the data trustee unless the the trustee gives up user data.
EU companies (typically) don't have a nexus or operating presence in the US, therefore they can't be coerced to release requested data (unless the US Government is going to request three letter agencies to null route their traffic at internet exchanges [or take other adverse actions against their traffic]).
Your shell game you suggest will not withstand the scrutiny of an intelligent judge and an aggressive prosecutor.
Source: A lifetime ago, I was asked as a consultant to spec and site infrastructure out of the reach of the US government with the help of an international law attorney.
What's to keep the US government from fining companies or suspending their ability to do business until they give up user data? For example, London suspending Uber's ability to operate in the city.
While I'd agree that small-ish foreign companies can probably fly under the radar, I don't think any company that receives payments from US customers is immune to coercion from the US. If the US government can impede a company's ability to access US customers then that's an ability to compel a company to give up data.
a simpler solution could be to outsource the data to locally registered companies (Either, a subsidiary or a shell data owner). That way Microsoft can deny the data as they do not own it.
handling over the data ownership to a companny in EU is the way to go. This already happens between Deutsche Telekom and Microsoft with their Azure Cloud offer in Germany. Deutsche Telekom is the owner/supervisor of the Data and Microsoft has no acces to it.
It is an interesting situation, since it's basically putting companies in a situation where it's impossible not to break the law. The hosting country demands that data be kept private while the country's home country demands that data be given up.
What imagine will happen eventually (be it in the next couple years or next couple decades) is that agreements along the same lines as free trade agreements and extradition agreements will be made between countries. In exchange for the ability to get data from other countries under certain conditions, the US grants the ability for other countries to do the same. Probably these agreements would be made with other liberal democracies; I don't expect China or Russia to hand over data to the US nor vice versa.
It's time to enforce the fact that subsidiaries are independent companies that are only subject to their place of incorporation. Director of local companies have responsibility. A shareholder should only influence a company through the general assembly and is his lasting influence should be exercised by his choice of board member.
Even if the court decides that companies can be compelled to provide information stored in servers in other countries, I don't see this going anywhere without mutual reciprocative agreements with other countries. Very few countries would want data about/owned by their citizens to be given away directly or indirectly. Even then, it may be a long drawn process, just like with any other cross border criminal investigations.
This is the second time I've seen this story with a completely misleading headline, it makes a person wonder what the agenda is when creating the headlines.
20 comments
[ 4.3 ms ] story [ 47.9 ms ] thread"Anyone's data on Earth" is a significant exaggeration. It's not like the US is going to demand Putin's emails (at least not through the courts, who knows what they're trying to do clandestinely).
In practice you're probably right, but the idea of leaving things up to the discretion of politicians, particularly the ones we tend to elect, terrifies me.
Nobody forces Microsoft to exist in the EU, or to sell their software to EU citizens. They would simply be forced out of that market.
A workaround will be found, or one of the two sets of laws will be changed, or one of the two sets of laws will not be enforced.
I'm not sure how resilient this is to coercion by the US government. Maybe the US government could forbid Microsoft from doing business with the data trustee unless the the trustee gives up user data.
1. https://news.microsoft.com/europe/2015/11/11/45283/
Your shell game you suggest will not withstand the scrutiny of an intelligent judge and an aggressive prosecutor.
Source: A lifetime ago, I was asked as a consultant to spec and site infrastructure out of the reach of the US government with the help of an international law attorney.
While I'd agree that small-ish foreign companies can probably fly under the radar, I don't think any company that receives payments from US customers is immune to coercion from the US. If the US government can impede a company's ability to access US customers then that's an ability to compel a company to give up data.
What imagine will happen eventually (be it in the next couple years or next couple decades) is that agreements along the same lines as free trade agreements and extradition agreements will be made between countries. In exchange for the ability to get data from other countries under certain conditions, the US grants the ability for other countries to do the same. Probably these agreements would be made with other liberal democracies; I don't expect China or Russia to hand over data to the US nor vice versa.