back to article Microsoft tries to defend Irish servers from US g-men invasion, again

Microsoft is continuing its battle against US demands that it hand over e-mail data stored in Ireland, arguing in its appeal that the US government would resist any demand by a foreign government that it hand over data stored in America. Detailed at Digital Constitution, the Microsoft brief filed on December 8 puts the …

  1. Anonymous Coward
    Windows

    Well, good luck to Microsoft

    This would play badly if it were a foreign government trying to seize the data of an American citizen here in the U.S. Not sure how it would play if (for example) the Irish were trying to extra-territorily seize data in the U.S., but for prosecution of an Irish resident.

    1. Saint Gerbil

      Re: Well, good luck to Microsoft

      I totally agree however in recent history they have just done as they pleased. For example the FBI hacked in to silkroad and claimed they didn't need a warrant since it was on foreign soil.

      http://arstechnica.com/tech-policy/2014/10/us-says-it-can-hack-into-foreign-based-servers-without-warrants/

      Granted Silk road are kind of bad guys but the FBI in this instance is just as bad, at least in this case they can't use the "well we all know they are bad people" line.

  2. Mark 85

    Good on Microsoft

    I have to admit I admire them for this. If it were another country pulling the same thing on data in the US, I'm sure our government would react badly. It's good to see someone (or some company in this case) stand up to the bullying.

    I do have to wonder if the NSA already has the data but the government needs the formal handover?

    Disclaimer: I'm a US citizen and very angry at the way my government plays fast and loose with the rules.

    1. cyke1

      Re: Good on Microsoft

      NSA might already have the data, but if it was used in a case against a company or someone it would be a problem in the fact how that data was obtained. Likely would be ruled as obtained via illegal tap or another illegal means so would be deemed inadmissible.

    2. Ken 16 Silver badge

      Re: Good on Microsoft

      I'm sure that MS have a disaster recovery image of the data in question within US jurisdiction but, of course, the court didn't ask for that.

      Why wouldn't the US cooperate if, for example, China wanted to subpoena data held in a US data centre by a Chinese citizen subject to prosecution?

      1. Anonymous Coward
        Anonymous Coward

        Re: Good on Microsoft

        I'm sure that MS have a disaster recovery image of the data in question within US jurisdiction but, of course, the court didn't ask for that.

        Exactly. So they only have their in Ireland? If that were true, that's not something to brag about if you're trying to make out that you're a highly available and scalable cloud provider.

        High redundancy? I'm sure their staff will tell you all about that.

        1. Ken 16 Silver badge

          Re: Good on Microsoft

          AFAIK MS have 2 DC's in Ireland, not aware of any others in Europe but their Azure TOS say data will be held on customers primary and secondary sites _and_ a DR site, implying that is outside of EU.

        2. h4rm0ny
          Facepalm

          Re: Good on Microsoft

          >>"Exactly. So they only have their in Ireland? If that were true, that's not something to brag about if you're trying to make out that you're a highly available and scalable cloud provider."

          Because Ireland is a tiny country that could catch fire and lose all your backups? It's just not safe having Dublin and Cork so close together!

          Idiot.

        3. Teddy the Bear
          Facepalm

          Re: Good on Microsoft

          They have a separate datacentre in Amsterdam which mirrors the Dublin datacentre. They've got multiple redundancies at each centre too, see their "trust centre": http://www.microsoft.com/online/legal/v2/?docid=25

      2. big_D Silver badge

        Re: Good on Microsoft

        @Ken 16 No, Microsoft don't have copies on US soil, they have explicitly told the EU that they follow EU data protection rules and the data is only stored within the EU territory.

        Storing the data outside the EU would be illegal and handing it over to a non-EU third party without a valid EU warrant or the written permission of all identifiable persons in the data would open both Microsoft and their customer up to prosecution in the EU for contravention of EU data protection laws.

        @Snorlax and the company holding the data is Microsoft Ireland, an Irish company on Irish soil with hardware bought with cash earned within the EU... They just happen to be owned by Microsoft Inc. in the USA.

        1. Snorlax Silver badge

          Re: Good on Microsoft

          "@Snorlax and the company holding the data is Microsoft Ireland, an Irish company on Irish soil with hardware bought with cash earned within the EU... They just happen to be owned by Microsoft Inc. in the USA."

          I'm very familiar with the status of the company. What's your point and how does it apply to anything to I've written?

          1. big_D Silver badge

            Re: Good on Microsoft

            @Snorlax, in essence, they don't control the data directly. The data is controlled by an Irish company.

            MS USA has indirect control over the data, in that they can tell the Irish company to hand it over, but the Irish company can only act within the laws of Ireland.

            1. Snorlax Silver badge
              Facepalm

              Re: Good on Microsoft

              "MS USA has indirect control over the data, in that they can tell the Irish company to hand it over, but the Irish company can only act within the laws of Ireland."

              They control the subsidiary, therefore they control the data. That's the view of the US court, and that's what we're talking about here. You're talking about the laws of Ireland and an Irish subsidiary that isn't in court - the parent company is...

              At the risk of repeating myself here - the US court could have gone through the correct channels (MLAT) and had the required info by now. The fact that they haven't would tend to suggest

              (a) somebody's on a fishing expedition,

              (b) somebody obtained a piece of evidence illegally and now they need to cover their tracks from a procedural point of view to avoid embarrassment (as in the recent Stingray case in Baltimore*)

              (c) they want to create some kind of precedent.

              * http://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-stingray-officer-contempt-20141117-story.html

              1. big_D Silver badge

                Re: Good on Microsoft

                I agree with you, I was just trying to clarify that one point for those who might not be so up on the subject.

                1. Snorlax Silver badge

                  Re: Good on Microsoft

                  To be fair, anybody who read the article could have figured out what was going on without using too much brain power.

                  Your replies to my comments actually went off on a tangent, and didn't really add to what I had written...

              2. Anonymous Coward
                Anonymous Coward

                Re: Good on Microsoft

                > At the risk of repeating myself here - the US court could have gone through the correct channels (MLAT) and had the required info by now. The fact that they haven't would tend to suggest

                d) Maybe the judge is just incompetent?

                I have no idea how the legal system works in the US, how well prepared your average judge is, and how much they are assisted by their peers or offices in points of law or procedure. I would be curious to know if the above is a real possibility though.

        2. John Smith 19 Gold badge
          Gimp

          "They just happen to be owned by Microsoft Inc. in the USA."

          THE PATRIOT Act applies.

          Therefor All your data belong to USG.

          "Personal information" to customers

          "Business records" to business

          Makes f**k all difference to USG.

      3. Fluffy Bunny
        Holmes

        Re: Good on Microsoft

        "Why wouldn't the US cooperate if, for example, China wanted to subpoena data held in a US data centre by a Chinese citizen subject to prosecution?"

        Because most of the things you can get shot for in China aren't even crimes in the US. Or most civilised parts of the world.

    3. kmac499

      Re: Good on Microsoft

      Doesn't really matter whether MS is taking the attitude from a purely moral point of view, or defending it's business model in the eyes of it's international customers, they have to defend this action.

      A possible future option will be to host servers in a jurisidiction that will not demure to the US, China maybe ??

      1. Snorlax Silver badge
        Facepalm

        Re: Good on Microsoft

        'A possible future option will be to host servers in a jurisidiction that will not demure to the US, China maybe ??'

        The word is "demur" not "demure", and I don't see anything in the article about Ireland cooperating with the US in this matter. In fact it you might want to ask yourself why the US court hasn't gone through the correct legal channels, and got the Irish courts to make an order for the data to be handed over.

        The issue is that a US court thinks a US company should hand over data it controls, even if it's outside the jurisdiction. Whether it's in China, Ireland or the South Pole is immaterial to them.

        1. 's water music

          Re: Good on Microsoft

          'A possible future option will be to host servers in a jurisidiction that will not demure to the US, China maybe ??'

          The word is "demur" not "demure"

          If we are going to be pedantic it might be worth pointing out that that the PP probably meant that (s)he did want the hypothetical jurisdiction to demur at a request for data by the US. My aunt, who I live with, (and who is demure) certainly would.

      2. Anonymous Coward
        Big Brother

        Re: Good on Microsoft

        "A possible future option will be to host servers in a jurisidiction that will not demure to the US, China maybe ??"

        Exit frying pan, enter fire...

  3. The Vociferous Time Waster

    One rule for Uncle Sam

    USA - greatest threat to freedom in the modern world

  4. Snorlax Silver badge
    Black Helicopters

    Tricky situation for Microsoft...

    I shouldn't think Microsoft (or any other corporation) give a crap about the privacy of your data sitting in an Irish data center.

    The only issue for them is to shore up public confidence in their cloud offerings in a post-Snowden world.

    Speaking of Snowden, are we really to believe that the emails in question haven't been read by some three- or four-letter-agency already? Maybe there's a bit of parallel construction going on?

    1. Anonymous Coward
      Anonymous Coward

      Re: Tricky situation for Microsoft...

      I shouldn't think Microsoft (or any other corporation) give a crap about the privacy of your data sitting in an Irish data center.

      Of course they don't care! All they care about is meeting quarterly targets (I'm not saying that's a bad thing, btw).

      The only reason they're so keen to keep the governments mits off it is (apart from the PR) they want exclusivity.

  5. FordPrefect

    Of course microsoft is crying blue murder they and other American cloud providers know that the rest of the world will dump American cloud services if this goes ahead. It also would most likely put microsoft in breach of EU law and most likely in breach of its contractual obligations. What EU company could live upto its legal never mind moral data protection obligations if this judgement is allowed to proceed. How long before people start pulling office 365 hosted sharepoint and email provision?

    1. Trevor_Pott Gold badge

      The hell of it is, Microsoft is the only cloud provider positioned to actually win if the USA pulls a douchecanoe here. Unfortunately, it would require some political maneuvering within Microsoft that they are currently incapable of.

      Microsoft could license their technology to third-party service providers at reasonable rates and allow the creation of Azure, Office 365 and other such things by companies with zero US legal attack surface.

      Of course, that means that Microsoft wouldn't get 100% of the subscription revenue from those setups and they simply aren't prepared to do that. Microsoft is only interested in driving their partners out of business so they can hoover up all that lovely subscription revenue. Instead, they could the arms dealer of the cloud wars, ensuring that everyone has a decent shot at privacy and security.

      Sadly, they're just far more interested in a few extra % of margin to actually consider doing what's right for the people.

  6. EddieD

    One thing...

    You have to wonder which other cloud companies in the same situation have been asked for data in the same manner and have quietly capitulated.

    1. Flat Phillip

      Re: One thing...

      I wouldn't say many if it has gone to court. The defence would argue that the material was cannot be used as it was not obtained correctly and that would of been picked up by some news outlet; even if it was to compare it to this one.

      Of course if it was one of those US courts that doesn't care about procedural fairness, such as some of the military ones, then who knows what has gone through them.

      This is really all about Microsoft avoiding the situation where all of its non-US competitors would sprout some (if it is upheld, actually valid) FUD about any US based cloud service and how the US government can have a sneaky peak in whenever they feel like it.

      1. Mephistro
        Headmaster

        Re: One thing...(@ Flat phillip)

        I agree with your comment, except for the little part about "its non-US competitors would sprout some (if it is upheld, actually valid) FUD about any US based cloud service". Something can not be true and FUD at the same time. ;-)

  7. Anonymous Coward
    FAIL

    EU

    "Smith notes that the prior ruling has also been protested by the EU, whose Commissioner for Justice says “it bypasses existing formal procedures that are agreed between the EU and the US” and that it “may be in breach of international law” ".

    And what did the EU and the Commisioner in particular? "Blá blá blá blá"... no sanctions whatsoever or real and practical measures...

    1. Lars Silver badge
      FAIL

      Re: EU

      " "Blá blá blá blá"... no sanctions whatsoever or real and practical measures..." Microsoft has not done it yet. As far as we know.

      1. Anonymous Coward
        Anonymous Coward

        Re: EU

        First, I was talking about the EU and the Comissioner...

        Second, did you read the part about the "prior rulling"?

    2. Gordon 10
      FAIL

      @JahBless Re: EU

      You can hardly apply sanctions for something that hasn't happened yet. The fail is yours sir.

      1. Anonymous Coward
        Anonymous Coward

        Re: @Gordon10

        There was a prior rulling. The fail is actually yours sir.

        1. Richard 12 Silver badge

          Re: @Gordon10

          No, said prior ruling is what is being challenged.

          The US may be breaking international law if the challenge fails.

          At that point the EU could (and should) take the US to court over such possible breaches.

          It would also sound the death knell of Amazon AWS, MS Azure and all other providers as they currently stand, forcing both companies spin off non-US-owned, totally separate companies to own and run all the servers and hardware outside of the US, simply to meet their legal obligations.

          - If you break the law in Country B in order to follow the law in Country A then you're utterly screwed as a company and absolutely have to split.

          It'd definitely make cloud hosting within the US a hell of a lot more expensive.

  8. Slx

    So could China do the same with Chinese companies' US subsidiaries?

    Dangerous precedent.

    Also it's not as if the Irish legal system wouldn't facilitate a normal criminal investigation.

    It's actually insulting that they feel the need to just ride roughshod over another country's legal system. Ireland's rated as one of the most democratic countries on the planet and has an extremely effective and fair system of justice.

    If they can't argue a case in an Irish court, then it suggests that there's something wrong with their case.

    1. P. Lee

      re: it suggests that there's something wrong with their case.

      Maybe not. They might not want to recognise other countries as equals or that there is a limit to American rule.

      1. John Smith 19 Gold badge
        Unhappy

        ".. not want to recognise other countries as equals or that there is a limit to American rule."

        It's called "Extraterratoriality"

        Yes US federal law really does believe it applies everywhere.

        The usual standoff is that other countries think its a crime and the USG applies other sanctions to its suppliers to compel compliance.

        In the case of ITAR for example, where if you use a UK part in a US satellite US law expects you to comply with ITAR for all sales of that product to all customers, even when you are a UK company.

        It's hard to believe just how far US Federal Jurisdiction is up it's own a**e.

  9. Gordon 10
    Trollface

    Crank up the farce to 11

    I almost want Microsoft to lose this first round to watch the next stage of the farce in operation.

    It could actually end up in the Judge directing an officer of Microsoft Corp directing an Officer of Microsoft Eire ltd to hand over the data and the Officer of Microsoft Eire refusing on the grounds of Irish/Eu law.

    Even better if I know Corporate Legal entities (and I do) they could even be the same person.

    My guess would be that whilst Judge nutbag could take punitive actions against Microsoft Corp, the person would be relatively safe.

    1. Test Man

      Re: Crank up the farce to 11

      "It could actually end up in the Judge directing an officer of Microsoft Corp directing an Officer of Microsoft Eire ltd to hand over the data and the Officer of Microsoft Eire refusing on the grounds of Irish/Eu law."

      They already have - what do you think this whole furore is all about?

  10. Alien8n
    Alien

    MS has it's data between a rock and ...

    The problem for MS is that they could end up stuck between a rock and a very hard place.

    If the US declare all data held by a US company abroad to be fair game MS will find that no matter what they do they're breaking the law, either in the US or in the EU. Note they never state in the article that the emails they wanted to see were from a US company, just that the data was being held BY a US company. Further from the wording of MS's brief it would suggest that it's NOT a US company that's being investigated. It's bigger than just MS though. I almost ended up working for a company called LexisNexis a few years ago. The company that decides how much credit you as an individual or as a company gets is US owned. If the US Govt gets access to that data they basically get free reign over every person's financial history in the UK. Add to that the increasing privatisation of things like the NHS and you could soon see pretty much every piece of data about every person in the UK being held by US owned companies.

    1. Kristian Walsh Silver badge

      Re: MS has it's data between a rock and ...

      For whatever it has to do with this, LexisNexis is not US-owned, but part of the UK/Dutch publishing conglomerate Reed Elsevier, and has been for the last twenty years.

      Incidentally, a credit bureau (or credit ratings agency) does not "decide how much credit you get", any more than TripAdvisor, Inc. decides whether a particular hotel is good or bad. They ratings agency only reflects the experiences of those companies who have either lent you money or sold you goods and services on credit in the past.

      1. Terry 14

        Re: MS has it's data between a rock and ...

        If you believe that you'll believe anything. The credit bureaux look at a whole raft of things to decide your credit rating! You could be a millionaire, but if you don't have a credit card or had a recent loan, you'll have a poor credit rating and would not get a loan. This was a recent newspaper article about a lottery winner who could not get a buy to let mortgage.

    2. John Smith 19 Gold badge
      Unhappy

      "If the US declare all data held by a US company abroad to be fair game "

      Already done.

      It's called THE PATRIOT Act.

  11. Anonymous Coward
    Anonymous Coward

    I'm glad MS is fighting this. We've had potential customers in foreign ( non-US ) countries decline to use our software because we are an American company even though the data would be stored within the boundaries of their country. Basically they feared that US authorities could compel us to disclose it.

    I suspect that MS has faced similar issues and is finally trying to legally resolve it.

  12. Panix
    Paris Hilton

    Have I missed something?

    Has it come out what this warrant is all about or is this an initial reporting?

  13. MJI Silver badge

    Very interesting

    The result will have huge implications for the cloud industry, I am following this with interest.

    My personal thoughts are that local Irish and EU laws matter more in Ireland and the EU than any US laws. Basically the US has no jurisdiction in Ireland. MS may be between a rock and a hard place but MS US cannot demand that MS IE breaks local laws.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like