back to article Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals

Apple, Microsoft, HP and other cloud giants are begging Europe for help to stop US feds seizing customers’ data from servers on the Continent. A policy paper [PDF] published on Friday by DigitalEurope – which represents the above goliaths – urged the European Commission to wade into an ongoing legal fight between Uncle Sam and …

  1. Anonymous Coward
    Anonymous Coward

    Just goes to demonstrate the lack of political sophistication of the tech sector!!

    Now, if these U.S. tech companies had sloshed around an additional several tens of millions in the just-completed midterm elections, now THAT would have been sophisticated!!

    More seriously, this shows that the tech sector is having trouble getting the Obama administration to listen to them, and they need the EU to help fight its battles. However, it remains to be scene whether the EU is ready to actually cross their security/intelligence benefactors back in DC.

    1. Anonymous Coward
      Anonymous Coward

      Re: Just goes to demonstrate the lack of political sophistication of the tech sector!!

      "More seriously, this shows that the tech sector is having trouble getting the Obama administration to listen to them, and they need the EU to help fight its battles."

      I'm not sure that it is anything to do with the political relationship (or lack thereof) between the tech sector and Obama. I'm sure that it would be improper for the Executive and politicians to be seen to be intervening in a criminal investigation by the FBI.

      However the case does raise questions as to whether or not the Executive is paying attention to what its law enforcement agencies are up to and the effect that might end up having on foreign relations and, plausibly, its digital economy. The Executive (under a previous president?) had signed Mutual Legal Assistance Treaties with Ireland, and one of its agencies (the FBI) would appear to be doing its damndest to undermine it. That is something over which the Executive can legitimately (and probably should) intervene.

      "However, it remains to be scene whether the EU is ready to actually cross their security/intelligence benefactors back in DC."

      Dunno, but presumably the Irish authorities are wondering what the hell is going on. They can't really afford to ignore it; ignore it once, that'll set the precedent and then they might as well tear up the MLAT there and then. They would also be under some sort of obligation to go public and tell Irish citizens that a commercial service within Ireland was not be regulated solely by Irish laws, leaving the public to choose whether or not it was in their best interests to continue to use the service. Which is exactly the scenario that MS (and Google, Apple, Amazon, etc. etc) are desparate to avoid.

      Future of American Tech Companies

      There's no particular reason for any of the major tech companies to actually be inside the US. That's where this sort of company has tended to form, but this episode could make a continued US presence a real threat to their business.

      Being based in the US is important to succeed in the US market. But there's only 318 million people there; there's 6+ billion people everywhere else. The mass, global market is not the USA.

      Companies like this will examine what threat to their profits stems from this case. If they decide that the global loss is more than they earn in the US market then they will leave the US. Simple as that. Especially as the US tax situation isn't so favourable to them.

      It's especially easy for Google to move. They are proud of the resilience of their global architecture of data centres, and presumably they could simply switch off the US ones and disappear over the border to the civilised world in Canada.

      1. Anonymous Coward
        Anonymous Coward

        Re: Just goes to demonstrate the lack of political sophistication of the tech sector!!

        You missed a couple of points.

        1. It is not a question of being based, it is a question of being present. It is sufficient to have a desk and a lowly clerk somewhere in USA to be subject to the Patriot Act. Same as it is sufficient to have a desk and a lowly clerk somewhere in Europe to be a subject to the local variety of DPA, etc.

        2. While in theory, Google and tech giants can move, in practice they cannot. All USA tech companies are deeply involved with the Californication lifecycle. Spin-out, spin-ins, etc - the whole Alice in Wonderland Caucus Race. Breaking this is nearly impossible and 90% of the companies in the list are openly unwilling to employ any R&D or engineering staff in a real job outside the USA. It is either "the valley way" or the highway.

        1. Anonymous Coward
          Anonymous Coward

          Re: Just goes to demonstrate the lack of political sophistication of the tech sector!!

          "1. It is not a question of being based, it is a question of being present. It is sufficient to have a desk and a lowly clerk somewhere in USA to be subject to the Patriot Act. Same as it is sufficient to have a desk and a lowly clerk somewhere in Europe to be a subject to the local variety of DPA, etc."

          Indeed, but what is it about Google's business model that requires them to have anyone or anything at all in the USA? Nothing so far as I can tell. Apple have shops, Amazon need warehouses. MS and Google don't need anything at all. The unique legal environment in the US is their potential problem; nowhere else in the world has the same profit-threatening, global-reach warrantry system. Anywhere but the US would suit their requirements.

          "2. While in theory, Google and tech giants can move, in practice they cannot. All USA tech companies are deeply involved with the Californication lifecycle. Spin-out, spin-ins, etc - the whole Alice in Wonderland Caucus Race. Breaking this is nearly impossible and 90% of the companies in the list are openly unwilling to employ any R&D or engineering staff in a real job outside the USA. It is either "the valley way" or the highway."

          Yes, but if the companies start moving to, say, Canada that's where the money and people will also go. People and money go where the business is. Happens all over; Thailand cornered harddisks manufacturing that way.

          1. streaky

            Re: Just goes to demonstrate the lack of political sophistication of the tech sector!!

            "nowhere else in the world has the same profit-threatening, global-reach warrantry system. Anywhere but the US would suit their requirements"

            Also Canada, UK, Australia, New Zealand. And oh god don't forget China. And Russia is about 14 times worse. I'd probably stay out of basically all the Middle East too because the operating environment borders on the silly.

            Oh and then you need a certain standard of developer and the ability to attract them to whatever country you operate in so you can wipe India, Pakistan and Eastern Europe off the list. Can't go to South America because your business might become state owned at basically any second. Then if you're Microsoft and you do find a suitable country - your business if probably worth more than the country's entire GDP - what happens if you have do to a recall or end on the wrong side of a lawsuit and need a loan without too much noise?

            Oh and you're still going to need to repatriate funds from the USA so you're going to need a bank there that can be frozen, and hey conferences and layovers on your way to Barbados for your jollies and now you're subject to arrest for wire fraud and whatever else the US govt decides to use against you in it's pool of "stuff we can use to arrest people when we don't like them".

            Pretending you don't have business interests in the USA isn't the same as not having them - the ultimate truth might well be "the cloud" isn't suitable for certain people (see: criminals and people likely to be accused of criminality - valid accusations or otherwise, businesses with trade secrets and states) to use because it's likely unprotectable.

            It also might well be that it isn't ethical to provide such services. Cloud storage should be ultimately encrypted with the end user's keys that never leave the end-users possession so there's no access in the first place to a customer's data then in principle you can't be ordered to turn over data you have no access to - there's a double security benefit here which is if you're say apple and you have a security compromise or the user's account is compromised whoever does it still won't have crypto keys for the files so no nuddy pictures of d-listers splashed all over the internet. Come to think of it why doesn't iCloud work like that?

            Cloud based hosting/servers is an entirely different problem - which speaking as somebody who has a fledgling stealth mode cloud host - is a really serious problem to resolve.

            1. Anonymous Coward
              Anonymous Coward

              Re: Just goes to demonstrate the lack of political sophistication of the tech sector!!

              "Also Canada, UK, Australia, New Zealand. And oh god don't forget China. And Russia is about 14 times worse. I'd probably stay out of basically all the Middle East too because the operating environment borders on the silly."

              Except that none of those countries is seeking to make their domestic warrants apply world wide. The US is.

              1. streaky

                Re: Just goes to demonstrate the lack of political sophistication of the tech sector!!

                "Except that none of those countries is seeking to make their domestic warrants apply world wide"

                The UK does, I'm sure many of the others do too - I just can't be bothered to read their laws.

                And also you're confusing a public process of law creation followed by courts (even where secret - and where the laws are totally nonsense) with the FSB up in your grill and asking where your licence to talk about things like this and/or revoking it.

                Don't get me wrong the stuff GCHQ and NSA are doing is utterly nonsense the difference is we know about precisely what they're doing. The good news is everything we're doing to shut the numpty security services in our own countries out is also making us more secure against the Russian, Chinese and other alphabets - which is what the NSA and GCHQ *should* be looking at helping with rather than cat pictures we're sharing on facebook and the like that they're actually doing.

  2. Steve Davies 3 Silver badge

    Yeah right

    And Pigs might fly.

    That's how much hope this has of getting anywhere.

    1. dogged

      Re: Yeah right

      The problem is that even if it flies and the EU run with it, the Tories and UKIP will then spin it as a bad thing and immediately hand over everything.

      *sigh*

      1. Anonymous Coward
        Anonymous Coward

        Re: Yeah right

        The problem is that even if it flies and the EU run with it, the Tories and UKIP will then spin it as a bad thing and immediately hand over everything.

        The EU or UK have no control over a sovereign state, pretty much as the US can only pretend it has an ability to write laws in other countries. Even with the largest possible seasoning of BS you cannot spin this one into an EU problem, it is a US one.

        It's also not Europe's problem that the US political machine is pretty much out of control - again, that is a problem only fixable in Washington. Nothing to do with us. At best we could buy tickets and watch it all play out, but it is not Europe's problem, and they should not try to make it Europe's problem either.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yeah right

          "The EU or UK have no control over a sovereign state, pretty much as the US can only pretend it has an ability to write laws in other countries. Even with the largest possible seasoning of BS you cannot spin this one into an EU problem, it is a US one."

          Quite right, except that it could become a problem that European countries have to deal with.

          Growing Problem?

          The increasing extra-territoriality of US law and policy could result in more European citizens being caught up in legal contradictions between the US and Europe.

          Consider a hypothetical situation where an Irish kid sent a rude selfie to his girlfriend using a Microsoft mobile phone. Is he going to get arrested for child pornography if he ever travels to the US, the evidence in the case having been lifted from MS's servers in Ireland by a US Prosecutor?

          If the FBI win this case against MS, the answer to that question is potentially yes, and not a definite no. Bear in mind that US Prosecutors are paid a bonus for successful convictions, so easy win cases are financially attractive to them.

          Already Too Late?

          The FBI seems to be after data already on MS's servers, which in itself raises a dangerous point.

          If the FBI wins this case then everything you have ever done with or via online services provided by a US company will potentially be open to US investigators and prosecutors. They win the case, they can start issuing all the warrants they want straight away.

          So ask yourself, how long will it take for MS, Google, Apple, Facebook, or Twitter to actually delete your data if you choose to close your account now? Most of them take ages (they want to keep mining your data for ad revenue for as long as possible). Will they delete it before MS's case with the FBI is concluded? You don't control that.

          So, is it an EU Problem?

          Potentially yes. We all know that the US has very different views on nudity, business, breast feeding, etc. Certainly one big difference between the US and European business environments is the US Wire Fraud Act (and if you don't know what that is, wise up fast).

          Travel

          So how is a European government supposed to give sensible travel advise to its citizens? At the moment it's easy; "What you do in your home country stays in your home country, and anything you do in the US is your problem". If the FBI win, European governments will have to say, "Who knows? We can't protect you if you travel to the US; your acquital here won't count for anything over there".

          Political Trouble at Home

          If the FBI wins this case then everybody would know that the US can get any access they want into data centres all over the world owned by US companies. That includes European governments and their politicians.

          Hypothetically speaking US warrants against foreign data centres could become common place, then extended, then generalised, then all encompassing. Many European governments, citizens and businesses would see that as excessive. So what if the US were revealed to have excessively exploited their own warrantry system? Governments and politicians outside the US will then have to explain why they didn't enforce their own data protection laws. Naturally no European politician would want to have to explain that.

          So, how to enforce European data protection laws in the face of the FBI winning this case and be sure that that hypothetical situation doesn't become reality? Either spy on the data center's traffic (hard, and getting harder I expect), or simply close it down. Relying on the dubious reassurance of an American ambassador or US government spokesman sounds, well, unwise. Especially with what has already emerged from the likes of Snowden.

          Closing down US owned data centers might in the end be the easiest way for a government to demonstrate that their data protection laws are the only ones that apply. Though of course those too might not be so popular with the population... It would be a good excuse for a bit of good ol' protectionism though.

          Scaremongering? Well, perhaps. For most people it won't ever be a problem because most people are ordinary and law abiding, so it's not likely to be a major political issue either.

          But for an individual the rest of one's lifetime is a long time to gamble that the US also considers you to be ordinary and law abiding. We know that they already have very different attitudes to nudity, breast feeding, digital piracy and the definition of business malpractise. Who knows where that goes in the future?

          So as a minimum we require European governments to keep an eye on what the US is doing, how their laws and attitudes are changing, just to make sure that we don't unwittingly fall foul of the US legal system for things that are perfectly normal and legal at home. That's not something they've had to do before, but a win for the FBI in this case changes that.

          1. dogged
            Thumb Up

            Re: Yeah right

            Very well put, Anon.

          2. Yet Another Anonymous coward Silver badge

            Re: Yeah right

            It doesn't even need to be the FBI

            Anybody can file in federal court, in say east Texas, and demand all the defendants documents under disclosure, with this they could demand all the documents held overseas.

            So Billy-Bob either on his own, or paid by say a US oil company, could get a judge to hand over all BPs data if they were stupid enough to host it on a service that used American servers.

            An American drug company could get a single local judge to rule that the NHS violated American anti-trust and all its patient data should be available for him and his marketing chums.

            1. Peter2 Silver badge

              Re: Yeah right

              Except that if the US do try and make any one of the examples posted above stick, then the cloud is going to rain really, really hard into data centres or on premises servers that the USA cannot possibly touch. Microsoft in particular will probably just give up with the cloud, and start pushing servers again.

              This would be bad news for American cloud providers, and good news for pretty much everybody else (especially readers of this site) as more jobs in local countries are created building, selling, shipping and supporting servers.

              1. Anonymous Coward
                Anonymous Coward

                Re: Yeah right

                Except that if the US do try and make any one of the examples posted above stick, then the cloud is going to rain really, really hard into data centres or on premises servers that the USA cannot possibly touch. Microsoft in particular will probably just give up with the cloud, and start pushing servers again.

                Actually, the big elephant in hiding is that it already IS a problem. You only see the occasional isolated instant, but pretty much any decent size EU enterprise is already asking their big US providers for a fix, which isn't actually possible (there are some shenanigans planned, but a solution isn't really on the cards). This is not an assumption, this is fact - I deal with EU parliament functions and US companies are getting rather desperate, they need a fix before the public at large becomes aware of it and this is starting to affect their sales. Thankfully, the marketing is working for now so not too many people are asking the right questions, but lawyers in the bigger EU companies are already warning about compliance problems. It's not going to go away.

  3. Anonymous Coward
    Anonymous Coward

    It's not Europe's problem to fix

    Sorry, this is such a serious heap of bullshit.

    The root problem has NOTHING to do with Europe, and is not fixable in Europe. Europe has no ability to tell US lawmakers what to do, but I guess the US companies think it's easier to use the EU for their purpose than the monster that now lives in Washington.

    Well, it's not a European problem, so pack your bags and go home. Sponsor some senators or something. Don't try to get EU consumers to do your work. Fix the problems that some of you have actually caused yourself.

    1. dogged
      WTF?

      Re: It's not Europe's problem to fix

      > The root problem has NOTHING to do with Europe, and is not fixable in Europe.

      Well yes, hence an amicus brief.

      (I currently work for lawyers - don't hate me, I do enough of that for all of us)

      1. Vic

        Re: It's not Europe's problem to fix

        I currently work for lawyers - don't hate me

        You do realise you're asking the impossible, don't you?

        Vic.

        1. dogged

          Re: It's not Europe's problem to fix

          They pay enough for my little boy to go to nursery.

    2. Lars Silver badge
      Coat

      Re: It's not Europe's problem to fix

      Yes and no, but more yes as we live on the same planet, as I like to think, and we use the same clouds, not that we should perhaps, something Apple, Microsoft, HP and other cloud giants are understanding too. And what the heck, Microsoft is an expert on this as they had to bend before the EU when American companies asked the EU for help, Rather confusing but nothing new, and I would agree that the US DoJ should wake up after falling asleep, as I think, at the end of November 1963. (Almost like yesterday).

      Oi, the World!

    3. Yet Another Anonymous coward Silver badge

      Re: It's not Europe's problem to fix

      Europe could say - allow this to go through and all safe harbour provisions are cancelled.

      So it is illegal for any US company to process any data subject to data protection act in europe and we will look into whether the same will apply to Facebook pages, Gmail etc.

      Then Facebook/MSFT/Google can wave this at the senators and say that billions of jobs will be lost if this happens.

    4. jonathanb Silver badge

      Re: It's not Europe's problem to fix

      It is Europe's problem. If I host my data with an Irish company, Microsoft Operations Ireland Ltd, I expect Irish law to apply to it. I don't expect American law to apply just because the company happens to have an American shareholder.

  4. Volker Hett

    What about Safe Harbour?

    Just tell the US companies they can't do business in the EU anymore and then reconsider TTIP ...

  5. Trevor_Pott Gold badge

    Any company with a US legal attack surface great than "nonexistent" simply cannot be trusted. Ever.

    1. P. Lee

      >Any company with a US legal attack surface great than "nonexistent" simply cannot be trusted. Ever.

      Any such company obviously is in league with terrorists and should be hacked forthwith.

      Oh, hallo Iceland!

  6. Velv
    Pirate

    Perhaps it's time for the tech giants to relocate their headquarters and company registration to a more friendly jurisdiction. Most of their tax affairs are already there...

  7. JaitcH
    WTF?

    Yet another demonstration as why NOT to use US services

    The US government and it's judiciary really don't give a toss about the niceties of law.

    Witness Guantanamo, invasions of countries without provocation, etc.

  8. Bladeforce

    Intetesting...

    ...so the EU can't access US servers and the US can't access the EU servers. Seems a win win for the corrupt 3 here as they can move offending emails etc to either so to keep the law away. I say we give these 3 our own EULA that says FU

  9. razorfishsl

    All this bullshit could be circumvented if the applications were written properly.

    Encrypt ALL the data sent to the servers and keep the private keys on the users computers,

    but noooooo , these scum bags don't want to do that for at least two reasons

    1. They loose access to mine the data.

    2. Data de-duplication, encrypted data cannot be de-duplicated thereby pushing up storage space requirements.

    Afterall what's the point in having all that lovely private data and internal documents from a massive number of companies and internal government departments if you cannot mine it ?

    They just want to be greedy and are attempting to use European law to stop the US government from putting customers off cloud storage thereby fucking up their massive data grab.

    Complain to your government and request that they NEVER use Microsoft products that store documents on cloud servers.

  10. RyokuMas
    Facepalm

    "Complain to your government and request that they NEVER use Microsoft products that store documents on cloud servers."

    As if any of the alternatives are any better...

  11. Hans 1
    WTF?

    So, do I get this right ? US companies ask EU to step in for them to protect them from the Intelligence services of their own country ?

    Probably the EU should tell them to piss off since they are on the receiving end of intelligence gathered by the "Letter agencies" on their EU competitors.

    You cannot have it both ways, guyz.

    Besides, there are a lot of commentards on here who think it is an excellent idea to store ActiveDirectory, Email, "Office" documents as well as other sensitive data on a cloud ... numpties enough, guyz. Besides, the guyz who have brains use open source anyway and you will never get their sensitive data.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like