Good
Maybe we'll get some clarity on the subject. Though I suspect the Supreme Court will have to get involved.
At Microsoft's own request, a judge has held the software giant in contempt of court for failing to comply with an order to give US authorities access to customer emails housed in a data center in Dublin, Ireland. Redmond's request was made jointly with government prosecutors, with the aim of expediting its appeal of the July …
@ratfox
Yes, that seems likely. The SCOTUS only hears so many cases per year but this looks to be one that ends up clarifying the intersection of several laws and laying down a significant precedent.
Given the SCOTUS's purpose and the wide-reaching nature of this case, I'd say it's almost certain to end up there.
Erm, You do realise that this whole tedious song-and-dance routine is NOTHING more than a contrived PR/propaganda spectacle, don't you?
The US government has its own bloody key FFS! ( http://cryptome.org/nsakey-ms-dc.htm ) ...AND it pwns all the pipes anyway... AND it pwns all the "crypto" AND it pwns all the infrastructure... except for the Huawei bit - a fact which, as they've been hilariously unable to conceal, is DRIVING THEM COMPLETELY UP THE WALL
Hasn't anyone learned anything from the Snowden "revelations"?
BOTH parties share EXACTLY the same objective, although their motives differ ever so slightly:
MSFT desperately wishes to dispel the nasty post-Snowden stink and restore the sheeples' blind faith in Microsoft products/services. Thus securing the flow of said sheeples' money into their coffers.
US gov desperately wishes to dispel the nasty post-Snowden stink and restore the sheeples' blind faith in Microsoft products/services. Thus securing the flow of said sheeples' data into their coffers.
So, they've got together and decided to stage a pitiful public circus in which the brave and benevolent Microsoft Corporation Inc. can heroically feign concern for the "rights" of its foreign victims and thus appear to "force" the US government to appear to mend its ways.
Was ANYONE expecting ANYTHING different?
No, and I wish there was a once-a-day 50-downvote option for the same-old-same-old con-con-conspiracy sheeple-spewing idiots that plague this place. And, dude, Snowden is just the government's revenge against Assange to emasculate him and his reputation. Don't you keep up?
This post has been deleted by its author
> Or the original criminals for potentially having their email accounts read?
What criminals? If this is to do with a crime, then there are plenty of internationally acceptable ways of law enforcement agencies in the US to obtain these data from Ireland, many of which could be completed very quickly if time was of the essence. We do not know if criminals were involved in this or if crimes have even be committed, let alone who may have done them.
It's not unreasonable to wonder what is being staged here, as the snippets of information do appear to be about some larger issue than a criminal investigation. It's also not unreasonable for readers of a tech rag to wonder about a large tech company's motives
"US gov desperately wishes to dispel the nasty post-Snowden stink and restore the sheeples' blind faith in Microsoft products/services. Thus securing the flow of said sheeples' data into their coffers."
Microsoft have encrypted most of their data flows now, and will encrypt all of them by the end of 2014. Meaning that the NSA can't simply slurp on demand but have to ask nicely first for specific things:
http://blogs.microsoft.com/blog/2013/12/04/protecting-customer-data-from-government-snooping/
"For many years, we’ve used encryption in our products and services to protect our customers from online criminals and hackers. While we have no direct evidence that customer data has been breached by unauthorized government access, we don’t want to take any chances and are addressing this issue head on. Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services.
This effort will include our major communications, productivity and developer services such as Outlook.com, Office 365, SkyDrive and Windows Azure, and will provide protection across the full lifecycle of customer-created content. More specifically:
· Customer content moving between our customers and Microsoft will be encrypted by default.
· All of our key platform, productivity and communications services will encrypt customer content as it moves between our data centers.
· We will use best-in-class industry cryptography to protect these channels, including Perfect Forward Secrecy and 2048-bit key lengths.
· All of this will be in place by the end of 2014, and much of it is effective immediately.
· We also will encrypt customer content that we store. In some cases, such as third-party services developed to run on Windows Azure, we’ll leave the choice to developers, but will offer the tools to allow them to easily protect data.
· We’re working with other companies across the industry to ensure that data traveling between services – from one email provider to another, for instance – is protected."
I doubt it. This is a narcotics case, probably domestic, probably FBI. So 1) The NSA would not deign to get involved in such pedestrian affairs and 2) The FBI would need their evidence to be obtained through the proper legal channels in order to present before a court. Probably more cock up than conspiracy, this one.
If Microsoft lose this case, it will make the use of any cloud business with ties to the USA untenable to companies and individuals outside the continental USA.
It already is. MS is merely using this as a publicity vehicle to make some of this visible, but it is impossible for any US company and multinational with a US HQ to claim it can protect your privacy and be credible - it is simply legally impossible.
It's quite fun to ask Silicon Valley execs about this when they're over in Europe on a sales tour - politicians have nothing on the evasive skills of these people not to answer that question. You get reframing, deflection, "let me get back to you" delaying tactics, the squirming is simply entertaining. It's also not a good way to secure your next invite to a publicity event, of course, but my point is that they very well know they have a problem, all of them, and there is nothing they can do about it other than pay lip service to privacy.
For MS to win this it would require a change of law. I honestly cannot see that happen, because it would interfere with what appears to be a genuine investigation. Sure, it's overreach from an Irish perspective, but the US can argue that is has both access to that information as well as authority (being HQ). That this would involve breaking the law in Ireland is irrelevant, it does not break the law in the US and that's that. It's the same principle that prevent DVD Jon from being handed over for creating DeCSS - what he did didn't break the law in his country of residence.
If it's an individual who is in contempt, they do jail time. Given that this is a corporation.. who will do the time?
Major kudos for them standing up to the government but I suspect there will be some major headaches coming their way. One doesn't fight city hall and win, normally.
They're not fighting "City Hall", though. They're just fighting the government itself, which is not the same thing at all as "fighting the government backed by every powerful economic interest in its neck of the woods".
The Feds have an interest in seeing the ruling upheld, but they're the only ones who do. Pretty much everyone else will be on Microsoft's side.
Let's just say Microsoft loses and are forced to turn the evidence over because the SCOTUS says so. Now, Amazon runs the gov cloud, let's just say Germany demands information from the Gov cloud to be turned over. While the US government would say it can't be released because of national security interests, that law doesn't apply in Germany. So now you have a precedent set; it doesn't matter where the data is actually stored (foreign or domestic). Take IBM, 64% of their revenues comes from foreign sources. If they had government data and refused to release it, 64% of their revenue would be at stake. They could be held in contempt of a foreign court and say it was the EU, that would be about 40 to 50% of their revenue right there if they were barred from doing business.
When this makes it to the SCOTUS, I expect foreign governments to join in supporting Microsoft. Where does it stop if Microsoft loses? BlackBerry could be a target. Apple could as well.
"While the US government would say it can't be released because of national security interests, that law doesn't apply in Germany. So now you have a precedent set; it doesn't matter where the data is actually stored (foreign or domestic)."
The precedent won't be set until the appeal process is exhausted. If the appeal goes the Fed's way the precedent will only apply in US law. If the case you envisage were to be raised in Germany it would be tried under German law which might come to a different conclusion.
"If the appeal goes the Fed's way the precedent will only apply in US law. "
Courts in many parts of the world (including europe) look at and are guided by precedents set in other parts of the world (including the USA).
In MS's case, it has signed a number of contracts stating that short of a PATRIOT act order, data stored in irish servers was not obtainable by non-EU entities without obtaining an irish court order first.
The fact that this isn't a PATRIOT case is why there's so much heat and light about it.
" While the US government would say it can't be released because of national security interests, that law doesn't apply in Germany. So now you have a precedent set; it doesn't matter where the data is actually stored (foreign or domestic). "
It's not hard to have an encryption scheme designed so that only resources in the local jurisdiction have access to decrypt local data. Microsoft EFS is a good example of a system that can be implemented like this.
It's not hard to have an encryption scheme designed so that only resources in the local jurisdiction have access to decrypt local data. Microsoft EFS is a good example of a system that can be implemented like this.
To use anything made by Microsoft for security is like building a firesafe out of hardwood..
@Mark 85
Those seeing the inside of SingSing are probably the MS employees with a bad performance review. Joe Blow, you get day one, Sandy Beach, you get day two, on in that fashion. Wait, Ballmer's no longer with the company? Damn, who's going in for the long weekend?
Yep - contempt of court? Who cares! No-one goes to jail. Might mean they're fine a bit more in the future, but I'm sure their sofa contains enough spare change to fund that.
I'm more annoyed that companies are allowed to ignore the law/be unafraid of the law, because there's very little consequences to them.
Personally, I'm quite keen on the: if a company kills a man by manslaughter, someone at that company should be serving time.
"The US has entered into many bilateral agreements establishing specific procedures for obtaining physical evidence in another country including a recently-updated agreement with Ireland . . . We think the same procedures should apply in the online world."
It's funny - the way both software companies and government/law enforcement selectively choose when digital is the same as physical and when it isn't.
or paranoid if you prefer . . . but i wonder how much the feds are paying Microsoft to be "in contempt" in this case.
first - judges usually treat contempt seriously and if personal they throw your ass in jail until you repent and see the light or if corporate they impose a huge fine per day until they get the same result.
second - the government wants this to get to SCOTUS (or, if you prefer, SCROTUS) where The Five Supremes™ can rule that the US government has the right to subpoena any data anywhere on the planet or elsewhere that is held by, or accessible to, any person or corporation having any residency or branch office in the US including "just passing through."
thing the third - this lays some nice groundwork for declaring that digital and physical assets are the same kind of thing . . . which allows the government to seize anything anywhere as "evidence." . . . and by "seize" i mean take, not copy.
so what . . . if it's just me being paranoid then you suffer no harm . . . but...
Covers my key concern. However, I think it's also possible that Microsoft may be playing for some people who are dull witted enough to think the big MS has an actual concern about their human privacy.
In reality, if Microsoft feels like giving the email to the government, you'll never know. Ditto the rest of them, eh?
The truly worrying thing about this whole mess is that the 'mericans believe that they have jurisdiction over OFFSHORE servers. Once again, the USA want to meddle in the affairs of another country - since when was Ireland a state of the USA? They seem to fondly believe that their "Laws" apply to the rest of the world!
The US Government can request the data from the Irish Government, but will probably be told where they can stick their request!
It's also rather worrying that MS can claim to have any kind of data security - everyone knows that this is complete nonsense.
"It's also rather worrying that MS can claim to have any kind of data security - everyone knows that this is complete nonsense."
On what basis do you make this claim? Microsoft OSs currently offer one of the most comprehensive and secure set of data encryption and control / right management options on any competing platform - together with one of the lowest vulnerability counts. These include advanced features such as constrained delegation and conditional access control (claims based multifactor controls) - that simply don't exist on most other OSs.
Microsoft OSs currently offer one of the most comprehensive and secure set of data encryption and control / right management options on any competing platform - together with one of the lowest vulnerability counts.
Wow. Can I have some of what you're smoking? It clearly is seriously powerful stuff because you must have visited a parallel universe..
"The US has entered into many bilateral agreements establishing specific procedures for obtaining physical evidence in another country including a recently-updated agreement with Ireland"
This whole episode is very insulting to Ireland. What's the point of the agreement if the US governement is going to ignore it and bully US corporations into handing over the material directly? Does the US government think that the Irish are somehow going to be happy with their sovereignty being ignored this way?
Somewhere there will be a document signed by both the Irish and US governments, and it's looking increasingly like it's not worth the paper it's written on. It would be highly entertaining if the Irish Ambassador were to walk into Obama's office, tear that document up, and then leave.
Sure, it's nothing more than a symbolic act, there's nothing substantive that the Irish government can achieve by itself. However if the EU as a whole takes umbrage at this episode then the US could find that data protection laws within the EU get tightened to the point where companies associated with the US can no longer operate in the EU.
Effectively the US government is carelessly making it less viable for online services companies to be hosted or based in the US if they want to have a meaningful global presence too. Companies like Google could offer exactly the same global service by hosting its entire corporate presence outside of the US. Afterall, the Internet goes Everywhere... Microsoft are rapidly heading that way too. Amazon has it's warehouses, so it's kinda stuck with a physical presence, and Apple has its shops, so global business for those companies could become very difficult in the future.
MS captured the UK HE sector by promising that their Ireland data centre was immune to the Patriot Act. Google couldn't make such assurances so despite a better cloud offering at the time, lost a lot of business. I imagine the same applies in other industries.
"Google couldn't make such assurances so despite a better cloud offering at the time"
What better cloud offering was that? Certainly not their compute / IaaS platform which is vastly inferior to Azure and always has been. Just look at market share - Azure about to overtake AWS - and Google not even close.
I can only think that you mean Google Apps - and that was only superior in that Microsoft didn't actually offer a cloud service at the time. Office 365 is now leagues ahead of what Google offer in that space.
Yeah, sorry, I just meant their email and online docs. I disagree that MS has moved ahead, but it's more a matter of preference I think. The fact is my institution were swayed by the assurances of security, and I'm guessing a lot of others were too. If your business is new knowledge, you want to be able to keep your email away from foreign governments.
"What better cloud offering was that? "
Gmail vs Outlook.
Google's system was (and is) more reliable/technically superior but HE entity which pulled in data lawyers were told in no uncertain terms Google couldn't be used for the reasons given above.
A significant number of HEs didn't bother with lawyers and just signed with Google. Those responsible for that decision really should be feeling the wrath of the ICO (which basically means a slap on the wrist with a wet bus ticket).
MS captured the UK HE sector by promising that their Ireland data centre was immune to the Patriot Act
I cannot believe anyone fell for that without getting a second opinion from lawyers who didn't have a dog in this fight, because AFAIK that is total BS. There is no way that MS can free itself from a US court order for data as long as it keeps its HQ in the US.
It's not as easy as quickly setting up a data centre abroad, otherwise any criminal would do this too.
"AFAIK that is total BS. "
It is. The assurance was anything SHORT of a PATRIOT act order.
There will be a number of unintended consequences whether or not the SCOTUS rubberstamps the state court order.
Expect cloud providers to become fully separate companies in each jurisdiction, contracting to Google, MS, etc.
The Irish Government will huff and puff a bit, but will eventually do what the US Government asks. there are too many jobs and too much investment at stake to do otherwise.
The Irish /Courts/ are an entirely different matter. They have never recognised US legal extraterritorial reach, and never will. Otherwise we might as well tear up the Irish Constitution (flawed as it is) along with the US one.
If this issue gets anywhere near the Irish legal system, M$ can - and will - apply to the High Court for Judicial Review. And that will probably be the end of that for a few years, probably many years if they appeal it all the way to the ECJ.
If Microsoft Ireland receives a request through the appropriate Irish legal channels for this data, it will hand it over. I don't know whether Irish law would require a High Court order, or whether a Circuit Court order would be sufficient, or whether Irish law provides a mechanism for the Garda/Police to request certain types of data directly.
Microsoft isn't arguing to prevent the release of these specific e-mails. They are arguing to prevent a US court ordering the release of these specific e-mails that are housed on servers outside of the US.
Whether or not the feds have access to the data already is irrelevent if they can't use it in court.
The reason that MS needs to win this case is because losing it will cause the collapse of the cloaud market, not just for them, but for Amazon, IBM, Google and everyone else trying to sell online services that involve offsite storage.
Corporate governence demands that the board takes all 'reasonable' measures to keep their data secure. If the feds bang on the door with a warrant or sopena, then they must mount the appropriate legal defence. If MS loses this case, then the feds would be able to issue a warrent or supeona for data from someone who might not defend it as rigourously as the board would, opening the board to the risk of being sued by their own shareholders. The means the board would refuse to use the cloud for corporate data. End of market.
"There will be this brand new country with no treaties"
IANAL but I suspect (*) that simply isn't true. A company can't walk away from a contract it doesn't like by transferring ownership to someone who didn't sign on the dotted line. Equally, I suspect that Scotland is under all the treaty obligations of the rUK and will enjoy all the benefits of those treaties as well until and unless all parties to the original treaties agree differently. Anything else would just be a get-out-of-jail-free card for a sovereign state that wanted to be shot of its own history. (There are several debt-ridden countries who'd like that, but as Argentina are demonstrating on a daily basis, the rest of the world isn't so keen.)
(*) Of course, if this were a sane referendum, voters would actually know the answers to these questions before they voted. But that's getting a little off-topic...
"and Scotland votes Yes. There will be this brand new country with no treaties with anyone looking for a way to sure up it's economy.
Hello world's corporate HQ's."
lol. No one is going to host anything in an economy likely to collapse like an independent Scotland. The Scottish banking sector is ~ 20 times the Scottish GDP. Iceland's was 'only' 8.....
There will much more likely be an exodus of companies. As can already be seen by investors withdrawing money and resources from Scotland due to the possibility of a yes vote. For a start all the financial companies are near certain to relocate to the rest of the UK rather than be outside of the EU.
"I suspect that Scotland is under all the treaty obligations of the rUK and will enjoy all the benefits of those treaties as well until and unless all parties to the original treaties agree differently."
No - it doesn't work like that. As an 'independent country' Scotland will have negotiate even recognition from scratch. In particular it is doubtful that Scotland will get EU membership as Spain are likely to veto it.
Generally the presence of of a corporation in another country tends to be wholly owned subsidiary that is incorporated/registered in that country. So MEGACORP would be most likely to have for example MEGACORP UK Ltd, MEGACORP Ireland Ltd which would be obviously governed by local laws.
So in theory the parent company in US could argue it does not hold/own the data, but its subsidiary does. Quite simple really (...in theory).
There are clearly parties in US (government or otherwise) who had great difficulty in grasping this. Microsoft seem to be forcing the issue in getting it resolved once and for all, which is a good thing (regardless of their motives).
Funnily enough, the US Government is able to understand this concept when it comes to Tax, though it is increasingly unhappy about the way that US companies are "abusing" this process (and funnily enough, Ireland gets a mention in some of those cases too). There are probably some people in Washington DC that would use a government win in this case to push for a re-appraisal of how the profits of foreign subsidiaries of US Corporations are taxed, even if it meant killing a few golden-egg-laying gooses* along the way!
(golden-egg-laying geese just doesn't have the same ring to it!)
1. It must have been a pretty big drug ring or amount of said "drugs"
2. The retards didn't use encryption?! That's how the easy people get caught.
3. Just imagine how many "not so dumb" criminals and terrorists that DO use encryption actually succeed in their mission. I bet you aren't as mad and upset with us at the NSA now are you?