Redmond resists order to hand over overseas email Microsoft is holding out against a US court order asking it to provide investigators with customers' personal information held offshore. In late July, Redmond was ordered to hand over emails relating to a US narcotics investigation. Microsoft had argued that since the messages were stored in Ireland, they were beyond the …
I am no big fan of MS, but don't dislike them either, though this is not an altruistic measure by MS, it is about their customers trust in their product, however the result is the same. A fight against just giving it all away. I have a feeling in public MS will win this one, behind the scenes will be interesting, but not something I or most people will ever know about, at least in the short term.
I too am pretty much ambivalent about MS. They're BIG CORP, after all with all BIG CORP'S tendencies, foibles and alleged ruthlessness. However, this situation needs resisting and who better do do it? As they seem so inclined, good luck on this one, even if it is a PR exercise.
the whole future of the Cloud, or at least an international cloud with any presence in the USA is in the balance here.
If the US Government prevails in this case, it will be the death knell for the US Cloud industry, although it will possibly spur on national cloud services.
This could be devastating for Google, Amazon, SalesForce, Apple etc. although Microsoft could benefit, as they have a good range of server products, so they could switch from growing Azure to going back to selling licences to cloud providers to make their own clouds.
the whole future of the Cloud, or at least an international cloud with any presence in the USA is in the balance here.
If the US Government prevails in this case, it will be the death knell for the US Cloud industry, although it will possibly spur on national cloud services.
Yup, you heard it here first...
MS' "success" in fighting a previous order was different, that was about an NSL which was withdrawn - it didn't actually win, the case disappeared because the FBI apparently found another way to get what it wanted.
That is also the way in which I can see MS win this: it can argue that the US government has alternative ways to access that information by using the standard international agreements on collaboration (translated: it could play nice instead of just grabbing what it wants).
"If the US government prevails in reaching into other countries' data centers, other governments are sure to follow," Microsoft general counsel Brad Smith wrote in an editorial in the Wall Street Journal on Tuesday. (MS lawyer)
Err, no. Only the UK has recently seen the need to hand itself some more means to force UK companies to break the law abroad (because that's what is really happening by demanding data from another jurisdiction) - other nations still have this quaint idea that they can use their international agreements to politely ask for collaboration in case of a criminal investigation. Personally, I wonder why the UK followed the US approach on international access because it amounts to creating a privacy "don't go there" island for multinationals with UK headquarters, right in the middle of the EU..
It won't be for Google. They'd already made it clear that they comply with US court orders - mainly because they can't guarantee the location of any given data or that it will stay outside of US data centres.
If the US gov prevails (and all they need to do is invoke PATRIOT in any case) then the effect will be that offshore datacentres belonging to US subsidiaries will be cleaved off from the mothership entirely.
If the court upholds the order, then that sets a very bad precedent. Most companies have offices in many countries; including Amazon. What would happen if Amazon was ordered to turn over information stored on the Gov cloud? The US better think twice before proceeding. Pick your battles wisely and accept the consequences.
And the stupid thing is, there have been processes in place for getting this information legally for decades, but now that takes too long for the US Government, so they are trying to argue that an Irish server, on Irish soil, owned by an Irish company falls under US jurisdiction, because it is connected to the Internet and the parent company has a presence in the USA.
The really stupid thing is, if they had gone through channels and asked the Irish to issue a warrant, they would have the information by now - assuming they could prove that the case had merit
"there have been processes in place for getting this information legally for decades"
This is exactly what is particularly troubling about this case. It's almost as though the issue is US government control over technology providers and/or global data rather than a narcotics investigation. Makes you wish Groklaw was still active. I'm pretty sure PJ would have been able to find out whether MS had, in fact, pointed out in court that access to this info through the US wasn't part of the legal process that should have been followed.
On the rare occasions I use a web browser without AdBlock plus, I often see adverts for a hosting company proudly saying they aren't in the US. I can only see this growing: "We have nothing in America. No servers and no offices."
Of course, all it will mean is that the American government will have to just rely on the NSA for more of it's dirty work :-(
On the rare occasions I use a web browser without AdBlock plus, I often see adverts for a hosting company proudly saying they aren't in the US. I can only see this growing: "We have nothing in America. No servers and no offices."
OTOH, for company use you also want to avoid businesses that you have no legal grip on, like in, say, Panama. Having said that, as BOFH I would not jump to conclusions and insist on a thorough 3 week on-site review :)
...but what choice do they have? It's never wise to upset Uncle Sam, he's got some powerful means of getting his way. But in this instance I think that Uncle Sam might end up regretting forcing the issue.
Where's the Profit?
They're backing MS into a corner. Comply with the order, lose $Billions of business (as will every other US-based or US-connected hi tech company with an international cloud offering). Don't comply with the order and I guess somewhere down the line there would be a fine or worse, but that is as yet unspecified. From a purely commercial point of view there's no point (yet) in even beginning to think about going along with the court order.
To change that balance of intersts inside MS the court will have to impose and actually threaten to enfore a truely monumental fine, or worse.
Brain Drain, Global Companies
If that happens then the US will have become a seriously uncool place for a hi-tech online services company to do business. For that sort of money a company could probably persuade their most important staff to live in a different country and for the entire corporation to remove itself from US soil. If Uncle Sam makes the choice one of corporate extinction vs. relocation abroad the latter is much more attractive.
That might lose them business in the US, but then again the US is only about 270million people; the worldwide market is far larger.
This kind of thing has already happened in the US. When the US introduced the Sabanes-Oxley Act quite a few American companies (especially those with large overseas operations) moved their entire HQ away from the US. Many foreign companies delisted from the NYSE.
So who in the US worries about this sort of thing? It's not the FBI's job to worry about the economic consequences of their actions. The Federal Reserve and the Treasury would certainly care a lot if the result is brain-and-company drain abroad, but they probably cannot intervene in the FBI. The whole thing could go badly wrong in an entirely predictable way.
Then again, What About Tax?
Another factor is tax. A lot of companies like Google and Apple pay very little tax on their overseas earnings in the US. A US based company that is able to avoid paying so much US tax is not entirely "Socially Useful". Speaking purely hypothetically, would the loss of a company such as Google from US soil actually be a major issue for the US economy anyway? They are indeed a very valuable company.
But how much of that value actually turns into tax revenue for the US governement and wider benefits for the country as a whole beyond prestige and a few thousand hi tech jobs?
If the answer to that is "Not Much", then that leads on to wider questions such as, "Why not?", and "What can we do about that?". Those are deep economic questions related entirely to US taxation policy.
The fact that these companies go through so many hoops to be as non-American as possible in their tax affairs is interesting. It suggests to me that there's already not a whole lot beyond habit and the staff's domestic and cultural ties keeping these companies in the US at all. This court case might snap those ties altogether.
So Microsoft aren't allowed to take the data from Ireland?
So who let them put it there in the first place? What if they wanted to close the Ireland data-centre - wouldn't they be able to move their data to a different country?
What about off-site backups?
They chose to have the Irish data center for exactly this reason in the first place. Any data captured in Europe about a European citizen cannot leave the EU without the users express permission and it cannot be handed to a third party (in this case the US Government) without the express permission of the persons identified in the communications or a valid EU search warrant (an Ireland being part of the EU, an Irish warrant).
There is Safe Harbour, but that doesn't seem to be worth the paper it isn't written on.
The internet makes a mockery of international borders when it comes to the dissemination of information. It is about to make a mockery of international borders with respect to issuing warrants. There are people who think the first is a good thing and the second a bad thing. They do not concern themselves with the fact that the second flows from the first.
Google had the chance too but blew it.
It would be questionable to interfere with a proper investigation if there wasn't another route to get to that data. In this case, MS is right, and they basically are using the opportunity as handed to them by the DoJ for publicity. I can't fail them for that, other than that I hope that this doesn't convince people that MS is in any way benign or truly interested in their rights. This is about protecting revenue, pure and simple.
If an admin runs across obviously illegal material during routine work (especially stuff like kiddy porn) and fails to report it, that admin runs a risk of being charged as an accessory after the fact.
The simple fact is that once such material is discovered (for whatever reason), it MUST be reported.
If an admin runs across obviously illegal material during routine work
.. then that admin has in many countries broken the law by accessing client data without authorisation - there is *no* need for routine work to access client data.
In some countries you're not even allowed access on warrant: you're only permitted to provide access, your corporate lawyer is the one who is permitted to have access once he/she's made part of the investigation as they have a professional obligation to secrecy to ensure the rights of the data owner are not harmed. If you access client data without permission as sysadmin you could be facing jail.
In fact, it is a legal requirement in the USA for email providers to actively scan email for known kiddie pr0n. They are given a list of signatures or checksums for all "known" illegal KP images and any mails with images matching those signatures have to be reported to the authorities.
It isn't an admin, it is the KP equivalent of a spam filter.
".. then that admin has in many countries broken the law by accessing client data without authorisation"
You should reread the contract you have with your freemail provider. Any assumption of privacy is hot air.
In any case:
Postmaster double bounces are one example (and how such stuff came to my attention, as I was the postmaster - we didn't allow client storage _at all_)
Finding material whilst walking customers through helpdesk stuff is another (the most regular way, by all accounts - it used to be more common when people had small quotas)
Being unintentionally sent stuff is a 3rd way (I've seen a couple of cases where this happened).
Attracting mailbombs and the subsequent cleanup
etc etc
Noone (other than google) sets out to find objectionable material. Apart from anything else it's a major administrative headache if something turns up.
Noone (other than google) sets out to find objectionable material. Apart from anything else it's a major administrative headache if something turns up.
Ain't that the truth, but that's only the 4th issue with implementing censorship:
Issue 1: Deciding what to filter for
Issue 2: Dealing with overzealous dictionaries that stop things from working
Issue 3: Handling the legal fallout of getting issue 1 wrong (as it implies approval of the omitted stuff)
Issue 4: Dealing with the objectionable material in a way that doesn't make you an extension of local government (too late in the UK; for instance).
It's a nightmare for an ISP IMHO.
Yes, you can and do run across such material during routine work. Possibly not as much these days as in the past because of the faster speed of machines. Two examples from my own work:
1. Transferring data from an old PC to a new one. At the time I was doing this work the usual way to do it was connect the old drive to the new system, use an admin account, and do xcopy *.* from the source to the appropriate target drive on the new system. In the process you'd often be copying the browser cache. The names of certain files were obviously porn caches. This tended to be even more obvious on retained images. If the names suggested kiddie porn I would have had the duty to report. With faster copying speeds and windows no longer displaying the full path, this isn't quite as likely as once it was.
2. Demonstrating something for a user in his office on a work PC. nondescript file name on a text file. Turned out to be word pron which was against company policy. Needed to report him. Since he was a VIP and I wasn't personally offended, no punishment. As far as I know not even a verbal it died when I reported to my boss. But if I hadn't I would have been in breach of company policy.
And let's not shit on them for doing what is, after all, the decent thing.
MS are pretty serious about privacy. It's their major differentiator from Google's "you have no privacy, suck it" stance and as such, yes, it is worth money. But it's worth money because (and I know this may horrify you) some people like the idea of privacy and dislike the idea of somebody selling them to advertisers.
Normally I might ask whether somebody posting this kind of comment was being genuinely cynical or was only cynical "because Microsoft" but in this case, your posting history makes it all very, very clear.
MS are pretty serious about privacy.
Because they are realistic and have realised that they might as well shut shop for their online efforts (in essence their next revenue generator) if US laws really apply, whereas Google seems unable to shake that arrogance that makes them pretend they are above the law and thus merrily continues with a privacy model that got them into court in many EU countries.
MS has no user focused motive here: it is, quite simply, about keeping a revenue stream going. Unfortunately, that effort will fail as long as they are a US company - US laws are simply not in favour of privacy.
This post has been deleted by its author
was a vision of freedom of information and communication.
Now, by using the internet one is rendered guilty of everything by default.
Pse allow me to quote this chap:
"Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies.The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience."
Clive Staples Lewis * 29. November 1898† 22. November 1963
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
