> Microsoft also argued that the United States would not be in a position to complain when foreign governments do the same and insist on access to e-mail content stored in the country.
How though? What laws are Microsoft breaking which the Government of Ireland can use to persecute Amazon, as opposed to the customers who own the data.
That was filed in support of Microsoft in the case, by a former minister who is also a senior counsel.
There is no indication whatsoever that the current Irish government would do anything to Microsoft over this matter; I bet Irish politicians would rather pay with their own money to find a convenient solution for everybody, rather than risk jeopardizing the relationship. Microsoft and the Irish establishment have been really close for decades now, they desperately need each other and this won't change because of some silly rule about helping US police or judiciary.
Holy shit! I work in a medical setting and our institute was considering using Azure to offload some HPC. Azure promises to be the only cloud that has georedundancy but all within EU (AMS and DUB) protected by EU data laws. If this goes through we won't be touching it.
EU laws apply to data on EU residents. You can't dump your US-originated data into an EU jurisdiction and use EU law as a legal shield. Most developed countries have reciprocity arrangements with each other about access to data for legal proceedings in cross-border litigation, eg courts in one country will recognize properly-issued warrants/subpoenas from another.
EDIT: I should have mentioned that the major international treaty about this is the Hague Convention (which also covers a bunch of other things). You can find all about the rules, which countries are signed up to it as regards evidence-sharing, and so on here: http://www.hcch.net/index_en.php?act=text.display&tid=23
It's my understanding that Microsoft's complaint is that the US Government isn't bothering going through the proper international channels setup through treaty arrangements in order to retrieve this data, and is instead relying entirely on domestic procedures.
I believe you're right, I'm just saying to the grandparent poster that storing your data in another jurisdiction didn't automatically put it off-limits to US litigants even before this ruling.
In this case if the user was using Azure and was putting EU data into their EU based cloud (owned by Microsoft) the US is arguing that it should still be able to get access to that data since it is owned by Microsoft, a US based entity.
So while I agree with your statement that it was already technically possible, it required various hoops... with the current court case it is much scarier since there is no going through international agreements to fetch the data.
The US is basically stating that if you are a US based company, even if you have subsidiaries that are technically registered as foreign companies you are still required to produce data those foreign companies hold.
I suppose I don't find this all that radical because it seems in line with corporate personhood. Suppose I'm a US citizen but I become embroiled in some dispute with the government; I might also hold an Irish passport but that isn't going to let me blow the matter off. It seems to me that if you enjoy the benefits of US corporate citizenship -access to wealthy and highly liquid markets, access to the US courts, and so on - then you shouldn't be able to disclaim your US citizenship by paying the very small needed to set up a foreign subsidiary and pretending it's wholly independent from you (even though it it has the same name, brand, etc. and you own all the shares of this notional subsidiary.
Let's face it, it's 'technically' a separate legal entity but nobody disputes that it's ultimately the same company, a local clone of the original if you will. MS certainly has the right to make their legal argument about the differences for as long as the courts will entertain it, but it seems like a bit of a bullshit argument to me.
I say 'seems' because I'm guessing a bit - unhelpfully, the news article doesn't cite the case in question, so I haven't looked up any of the filings to see what the matter is or study the particular arguments. I probably should, but I'm feeling a bit lazy about it :/
Except that in the case of Microsoft Ireland, even-though it may be a subsidiary, they are still a corporate entity outside of the United States. They have to abide by and follow Irish/EU laws.
Microsoft Ireland when it comes to US law should be considered a foreign entity, and thus the standard channels for requesting information from a foreign company should be used.
The US forcing Microsoft US to march into Microsoft Ireland and retrieve data unlawfully should be fought...
This is fantastic news because I've recently been looking for a VPS with 0 ties to the United States and it can be tricky to determine who owns who.
With this ruling, I expect more companies to be advertising the fact that they operate entirely outside of the US and thus are not subject to these data-grabs. This will make choosing a VPS provider much easier for me.
Will it? As much as I disagree w/ this ruling, grabbing data isn't isolated to the US government. Don't you also have to be concerned that those countries may subpoena the VPS provider?
Right, and that's assuming the hypothetical host country has the formality of subpoenas. Some countries would just send armed forces and demand access. I've heard firsthand stories of how Russia's tax collectors essentially hold businesses at gunpoint, by surprise.
The tax ministry of the Netherlands is pretty famous for doing the same (and for being total assholes about it too, locking people up without explanation until months later. Destroying businesses by "safeguarding evidence", ... And yes, it's not without cause, but they do get things wrong every now and then). Generally speaking, every western country gives that right to it's tax service, although I hope not all of them actually do things this way.
Do you have to be concerned that those countries may subpoena the VPS provider?
You're right that data grabbing isn't isolated to the US but I argue no, not if the point of concern is specific to one government entity instead of all of them.
I'm pretty sure virtually every country in the world has court ordered subpoenas / warrants.
Nor do they accept "I'm sorry I can't provide the e friend's murder weapon as it is at my Irish country house" as an excuse to not turn over the weapon.
Your example doesn't make any sense as that's not the case they were debating about, it is not an excuse not to turn over the weapon from a different country, it is about who can ask you to turn over the weapon. In Ireland, it is the Ireland's legal authorities who should be asking you to turn over the weapon and then hand it over to the US as long as they agree with the request from US. Using your example, the closest (not really the most accurate one) analog would be:
1. Microsoft is the landlord of two places, one in US and one in Ireland
2. US court ordered Microsoft with a US search warrant to enter the property of a customer in Ireland and grab his murder weapon. This is basically what's happening. No country in the world including the US are entitled to anything in a different country. Last I checked, the US does not own Ireland.
3. The right way, US filed a request with the Ireland's legal authorities and they issued a search warrant for Microsoft to grab the murder weapon. In this case, this is legal because of the international agreements between both countries. Ireland should be in charge of issuing the warrant and enforcing it, not Microsoft with a US search warrant. In fact, the said US warrant should not even be valid in Ireland.
The US government admitted that they can go to Ireland's authorities to issue a local search warrant based on the international treaties, however they whined that it would take too long. So, they instead issued a warrant against Microsoft and asked it to get the data from Ireland.
Russia thinks you broke some laws or said something bad about their president and wants to access your blog data that's stored on the US servers. The company that is hosting your data is Microsoft.
Russia filed a local search warrant for Microsoft to hand in your data but your data is stored and hosted in the US. Do you think Microsoft should be allowed to do this or do you think Russia should file a request with the US government and the US would issue a search warrant to MS to grab the data. US would then hand over the data to Russia.
> The government’s position is that the warrant is more of a hybrid — part search warrant and part subpoena.
That covers it, you can get any data you want as long as it is an "hybrid". Maybe Russia should do the same "hybrid" over the Microsoft representatives there and get the email of all US politicians.
The judicial branch is not a political one, as the Supreme Court wisely declared the other day it is not up to them to question the will of the people.
If the people elect a congress that passes dumb laws (including those in the constitutions) it is not for the judges to overrule them.
If you can't get the people to elect a congress to make suitable laws, how is electing judges going to help?
I don't disagree that this ruling will hurt US businesses, it's just that that is a political question, and not a judicial one.
The more positions are elected, the more power the majority have to impose upon minorities.
It is well known that pure democracy does not invariably promote liberal society, which is why the Founders of the US Constitution specifically rejected majoritarianism.
The 'tyranny of the majority' issue is not really one that concerned the founders of the U.S. as much as people think, particularly not while they were drafting the Constitution.
They were more worried that if you give everyone the right to vote, they would rationally vote in their own best interests in the short term, choosing to seize all property held by the landowners.
I also don't know that it's all that "well known that pure democracy does not invariably promote liberal society." There weren't then and aren't now many examples of pure democracy. Hell, at the time there weren't all that many examples of Republics.
And yet we call systems that are ruled by very small minorities "dictatorships" so it's not something you can optimize in one direction, as it's one thing to protect minorities and something else for minorities to order everyone else around.
I have not seen any clear indication that the Founders collectively had anything against majorities per se, though, or even that they were trying to promote a liberal society (at least for any modern meaning of that word), as they simply required super-majority rules for more fundamental changes (e.g. changes to the Constitution) and seem to me more concerned that a minority of people in power could not do everything on their own, though I think there was some debate on that between the Federalists and those opposed to them.
Actually, you can vote to recall some judges. It almost never happens, though. Every election in Arizona, we have a giant name dump and are asked if we want to remove that person as a judge.
EDIT: To clarify, please note that this does not apply to Article III judges who serve "during good behavior" and have some constitutional safeguards, like not having their pay reduced - http://www.fjc.gov/federal/courts.nsf/page/183
In some courts in the US this does occur, and is generally considered by other countries to be a bad idea. As judges tend to get chosen by by their stance on certain issues, which means that different jurisdictions have different political and social leanings. You can decide cases just be getting it in-front of the right judge in the right jurisdiction. It undermines the effectiveness and impartialness of the law.
If you printed out your emails and left them at a Microsoft data center in a box, the government would be able to use a subpoena duces tecum to get the emails, and you wouldn't be able to assert a 4th amendment claim over them.
We are using the laws applicable to physical items. The problem is that in general, those laws say that unless there is a special situation (landlord-tenant, etc), you can't invoke an expectation of privacy over property that you leave in the hands of a third party.
Except that in this case the box was left in the hands of Microsoft Ireland, and Microsoft USA might have access to the property they don't have the right to touch Microsoft Irelands holdings...
I asked these questions on a previous thread but didn't get any answers. I'm seriously interested in actual responses (i.e. these aren't rhetorical).
-----
If you use AWS, is all the data (S3, EC2 filesystems, RDS data+backups, etc.) now a business record of Amazon?
What about renting dedicated servers at your local datacenter? You're basically renting bare hardware at that point, but the hard drives are still technically owned by the datacenter. Is the data on those hard drives business records of the datacenter?
-----
Not being able separate the owner of the hardware and the owner of the data on the hardware seems like it would have a ton of modern consequences.
The legal status of something like AWS is up in the air.
On one hand, you have what the law has been to date: http://www.abajournal.com/magazine/article/the_data_question... ("In essence, the doctrine holds that information lawfully held by many third parties is treated differently from information held by the suspect himself. It can be obtained by subpoenaing the third party, by securing the third party’s consent or by any other means of legal discovery; the suspect has no role in the matter, and no search warrant is required.")
On the other hand, you have the recent decision in California v. Riley: "The United States concedes that the search incident to arrest exception may not be stretched to cover a search of files accessed remotely—that is, a search of files stored in the cloud. See Brief for United States in No. 13–212, at 43–44. Such a search would be like finding a key in a suspect’s pocket and arguing that it allowed law enforce- ment to unlock and search a house." Slip. Op. at 21.
It's difficult to reconcile the Third Party doctrine with Riley. Under the third party doctrine, storing a document in the cloud is like leaving a box of papers in your friend's garage--not protected under the 4th amendment. But under Riley, storing a document in the cloud is like storing it locally on your phone--protected under the 4th amendment.
How the two will be reconciled is something that has yet to shake out. Note that Microsoft has already decided to appeal this: “We will appeal promptly and continue to advocate that people’s e-mail deserves strong privacy protection in the U.S. and around the world.” What the Second Circuit ultimately says on this case will go towards figuring out how this will shake out.
> It's difficult to reconcile the Third Party doctrine with Riley. Under the third party doctrine, storing a document in the cloud is like leaving a box of papers in your friend's garage--not protected under the 4th amendment. But under Riley, storing a document in the cloud is like storing it locally on your phone--protected under the 4th amendment.
What about storing documents in a safety deposit box of a bank? Where does that fall legally? I would imagine that storing documents on a box rented from a cloud provider should fall under the same law.
You do have a 4th amendment interest in the contents of safety deposit boxes, storage units, and rented apartments.
So the question becomes: is the cloud more like your friend's garage, or a safety deposit box in a bank? I think the relevant distinction is that when it comes to a safety deposit box, or a storage unit, or an apartment, the landlord no longer has unrestricted access to the unit, and indeed it can be illegal for him to access the unit without your permission. Thus the expectation of privacy is higher than with your friend's garage, which he can continue to access whenever he wants without restriction.
So it might well be that there is a stronger privacy interest in something like AWS, where Amazon doesn't look into your instances, than in other cloud services that look at the data you store in them. That said, as I said, Riley makes me think that the Supreme Court is just going to give blanket 4th amendment protection to cloud services, regardless of the fact that some are, in actual fact, much more private than others.
No, you're right, that's the bigger aspect. Brad Smith mentioned Riley in an earlier press release about the case, so I imagine it figures into their argument to some extent too.
The fight's not over yet. Microsoft is appealing and it remains to be seen whether this decision will be upheld. In the meantime the order to turn over the data has been suspended.
I have no problems with getting emails by a search warrant from an overseas server. Drug trafficking is global, so should the law enforcement be. I know, I am addressing this particular case, I am not saying "go" on a general basis. But I cases like this, with a search warrant, that turns up during an ongoing investigation, I really have no problem.
By the way, in Norway, blood samples are taken from murderers. 23% of all murderers had thc in their veins.
Since Microsoft US and Microsoft Ireland are to two different entities. The former is a 100% shareholder of the second but technically there is an Irish CEO that is report to Irish board representing the owner of the Irish Microsoft company. The Irish company doesn't operate in the US. Should the US judge send a letter rogatory to an Irish court to get the evidence?
As an Irish person, I find this violation of my country's sovereignty disgraceful. It's bad enough that GCHQ has violated our communications systems for decades (and the NSA no doubt also) but now the US is trying to do this through legal methods?
Our forefathers didn't fight for the right to hold our own courts so that we could be bullied by another large country (this time US not Britain). Only when the Irish people have voted in referendums to release sovereignty (like during EU Treaties involving European Courts) should this ever be allowed.
If any of our politicians had a backbone they should come out and say that US Laws have the same power in Irish Courts as those of a Golf Club - absolutely nothing...If the US wants the data it should go the normal route and through various inter-government treaties...Unfortunately the words spine and Irish politician don't go in the same sentence.
Lets just see what happens when a Chinese or Russian company does the same to data stored in the USA.
60 comments
[ 2.6 ms ] story [ 64.6 ms ] threadI wonder if Ireland can prosecute Microsoft if they do hand over the data without a local warrant.
http://www.irishtimes.com/business/sectors/technology/micros...
There is no indication whatsoever that the current Irish government would do anything to Microsoft over this matter; I bet Irish politicians would rather pay with their own money to find a convenient solution for everybody, rather than risk jeopardizing the relationship. Microsoft and the Irish establishment have been really close for decades now, they desperately need each other and this won't change because of some silly rule about helping US police or judiciary.
What is wrong with the US judges these days?
EDIT: I should have mentioned that the major international treaty about this is the Hague Convention (which also covers a bunch of other things). You can find all about the rules, which countries are signed up to it as regards evidence-sharing, and so on here: http://www.hcch.net/index_en.php?act=text.display&tid=23
Is that not the case here?
https://cdt.org/insight/microsoft-ireland-case-can-a-us-warr...
So while I agree with your statement that it was already technically possible, it required various hoops... with the current court case it is much scarier since there is no going through international agreements to fetch the data.
The US is basically stating that if you are a US based company, even if you have subsidiaries that are technically registered as foreign companies you are still required to produce data those foreign companies hold.
Let's face it, it's 'technically' a separate legal entity but nobody disputes that it's ultimately the same company, a local clone of the original if you will. MS certainly has the right to make their legal argument about the differences for as long as the courts will entertain it, but it seems like a bit of a bullshit argument to me.
I say 'seems' because I'm guessing a bit - unhelpfully, the news article doesn't cite the case in question, so I haven't looked up any of the filings to see what the matter is or study the particular arguments. I probably should, but I'm feeling a bit lazy about it :/
Microsoft Ireland when it comes to US law should be considered a foreign entity, and thus the standard channels for requesting information from a foreign company should be used.
The US forcing Microsoft US to march into Microsoft Ireland and retrieve data unlawfully should be fought...
Doesn't seem very straight to me. If a country chooses to comply that's different than forcing MS USA to hand over data from MS Ireland.
With this ruling, I expect more companies to be advertising the fact that they operate entirely outside of the US and thus are not subject to these data-grabs. This will make choosing a VPS provider much easier for me.
You're right that data grabbing isn't isolated to the US but I argue no, not if the point of concern is specific to one government entity instead of all of them.
Nor do they accept "I'm sorry I can't provide the e friend's murder weapon as it is at my Irish country house" as an excuse to not turn over the weapon.
1. Microsoft is the landlord of two places, one in US and one in Ireland 2. US court ordered Microsoft with a US search warrant to enter the property of a customer in Ireland and grab his murder weapon. This is basically what's happening. No country in the world including the US are entitled to anything in a different country. Last I checked, the US does not own Ireland. 3. The right way, US filed a request with the Ireland's legal authorities and they issued a search warrant for Microsoft to grab the murder weapon. In this case, this is legal because of the international agreements between both countries. Ireland should be in charge of issuing the warrant and enforcing it, not Microsoft with a US search warrant. In fact, the said US warrant should not even be valid in Ireland.
The US government admitted that they can go to Ireland's authorities to issue a local search warrant based on the international treaties, however they whined that it would take too long. So, they instead issued a warrant against Microsoft and asked it to get the data from Ireland.
Russia thinks you broke some laws or said something bad about their president and wants to access your blog data that's stored on the US servers. The company that is hosting your data is Microsoft.
Russia filed a local search warrant for Microsoft to hand in your data but your data is stored and hosted in the US. Do you think Microsoft should be allowed to do this or do you think Russia should file a request with the US government and the US would issue a search warrant to MS to grab the data. US would then hand over the data to Russia.
That covers it, you can get any data you want as long as it is an "hybrid". Maybe Russia should do the same "hybrid" over the Microsoft representatives there and get the email of all US politicians.
The judicial branch is not a political one, as the Supreme Court wisely declared the other day it is not up to them to question the will of the people.
If the people elect a congress that passes dumb laws (including those in the constitutions) it is not for the judges to overrule them.
If you can't get the people to elect a congress to make suitable laws, how is electing judges going to help?
I don't disagree that this ruling will hurt US businesses, it's just that that is a political question, and not a judicial one.
The more positions are electable, the more accurately the will of the public can be reflected.
It is well known that pure democracy does not invariably promote liberal society, which is why the Founders of the US Constitution specifically rejected majoritarianism.
As you can see, electing representatives is not the same as pure democracy.
The 'tyranny of the majority' issue is not really one that concerned the founders of the U.S. as much as people think, particularly not while they were drafting the Constitution.
They were more worried that if you give everyone the right to vote, they would rationally vote in their own best interests in the short term, choosing to seize all property held by the landowners.
I also don't know that it's all that "well known that pure democracy does not invariably promote liberal society." There weren't then and aren't now many examples of pure democracy. Hell, at the time there weren't all that many examples of Republics.
I have not seen any clear indication that the Founders collectively had anything against majorities per se, though, or even that they were trying to promote a liberal society (at least for any modern meaning of that word), as they simply required super-majority rules for more fundamental changes (e.g. changes to the Constitution) and seem to me more concerned that a minority of people in power could not do everything on their own, though I think there was some debate on that between the Federalists and those opposed to them.
Judges are not supposed to reflect the public will. They are supposed to reflect the law.
http://en.wikipedia.org/wiki/Retention_election
http://judgepedia.org/Partisan_election_of_judges
EDIT: To clarify, please note that this does not apply to Article III judges who serve "during good behavior" and have some constitutional safeguards, like not having their pay reduced - http://www.fjc.gov/federal/courts.nsf/page/183
EDIT 2: This particular judge has had several interesting cases - http://en.wikipedia.org/wiki/Loretta_A._Preska
Because the government wants to use this as an excuse for a power grab.
We are using the laws applicable to physical items. The problem is that in general, those laws say that unless there is a special situation (landlord-tenant, etc), you can't invoke an expectation of privacy over property that you leave in the hands of a third party.
-----
If you use AWS, is all the data (S3, EC2 filesystems, RDS data+backups, etc.) now a business record of Amazon?
What about renting dedicated servers at your local datacenter? You're basically renting bare hardware at that point, but the hard drives are still technically owned by the datacenter. Is the data on those hard drives business records of the datacenter?
-----
Not being able separate the owner of the hardware and the owner of the data on the hardware seems like it would have a ton of modern consequences.
On one hand, you have what the law has been to date: http://www.abajournal.com/magazine/article/the_data_question... ("In essence, the doctrine holds that information lawfully held by many third parties is treated differently from information held by the suspect himself. It can be obtained by subpoenaing the third party, by securing the third party’s consent or by any other means of legal discovery; the suspect has no role in the matter, and no search warrant is required.")
On the other hand, you have the recent decision in California v. Riley: "The United States concedes that the search incident to arrest exception may not be stretched to cover a search of files accessed remotely—that is, a search of files stored in the cloud. See Brief for United States in No. 13–212, at 43–44. Such a search would be like finding a key in a suspect’s pocket and arguing that it allowed law enforce- ment to unlock and search a house." Slip. Op. at 21.
It's difficult to reconcile the Third Party doctrine with Riley. Under the third party doctrine, storing a document in the cloud is like leaving a box of papers in your friend's garage--not protected under the 4th amendment. But under Riley, storing a document in the cloud is like storing it locally on your phone--protected under the 4th amendment.
How the two will be reconciled is something that has yet to shake out. Note that Microsoft has already decided to appeal this: “We will appeal promptly and continue to advocate that people’s e-mail deserves strong privacy protection in the U.S. and around the world.” What the Second Circuit ultimately says on this case will go towards figuring out how this will shake out.
What about storing documents in a safety deposit box of a bank? Where does that fall legally? I would imagine that storing documents on a box rented from a cloud provider should fall under the same law.
So the question becomes: is the cloud more like your friend's garage, or a safety deposit box in a bank? I think the relevant distinction is that when it comes to a safety deposit box, or a storage unit, or an apartment, the landlord no longer has unrestricted access to the unit, and indeed it can be illegal for him to access the unit without your permission. Thus the expectation of privacy is higher than with your friend's garage, which he can continue to access whenever he wants without restriction.
So it might well be that there is a stronger privacy interest in something like AWS, where Amazon doesn't look into your instances, than in other cloud services that look at the data you store in them. That said, as I said, Riley makes me think that the Supreme Court is just going to give blanket 4th amendment protection to cloud services, regardless of the fact that some are, in actual fact, much more private than others.
Riley dealt with the search incident to arrest exception to the warrant requirement under the Fourth Amendment.
In this Microsoft case, law enforcement had a warrant.
Anyway I think your points are well taken in comparing the cases' concepts of the data, property rights, privacy, etc.
I just wanted to clarify that the problem in this case does not appear to be one of constitutional law, as in Riley, but rather international law.
But please correct me if I'm wrong.
By the way, in Norway, blood samples are taken from murderers. 23% of all murderers had thc in their veins.
Our forefathers didn't fight for the right to hold our own courts so that we could be bullied by another large country (this time US not Britain). Only when the Irish people have voted in referendums to release sovereignty (like during EU Treaties involving European Courts) should this ever be allowed.
If any of our politicians had a backbone they should come out and say that US Laws have the same power in Irish Courts as those of a Golf Club - absolutely nothing...If the US wants the data it should go the normal route and through various inter-government treaties...Unfortunately the words spine and Irish politician don't go in the same sentence.
Lets just see what happens when a Chinese or Russian company does the same to data stored in the USA.