If Europe is against US's Irish email grab, it must pipe up now The European Commission is running out of time to wade into the battle between US prosecutors and Microsoft over servers in Ireland. Uncle Sam's lawyers want the American company to hand over emails stored in the Emerald Isle, and everyone but the EC is piling in with their 2p. Before Christmas, the Irish authorities filed an …
Had Microsoft put a little bit of thought into the legal implications of its corporate structure:
- A subsidiary company would own the server farm in Ireland
- No one in the US would have access to the data, except for support purposes
- The people who do have access to the data, in Ireland, would be bound by Irish data protection laws
- The US prosecutors would have no option but to go through the Irish authorities?
Why should the US authorities go through Ireland* when they can effectively threaten Microsoft employees in the US until they get what they want (and they WILL get what they want, such is the power held by a US federal prosecutor).
* Well, other than it being fundamentally the right thing to do.
Microsoft does operate through a subsidiary in Ireland; however any subsidiary is still ultimately under Microsoft's corporate control, and so susceptible to this kind of order. Presumably Microsoft et al would have to come up with some kind of technical rather than managerial scheme whereby only the subsidiary could access the data; eg only the subsidiary held the encryption keys, under the control of Irish citizens.
"Presumably Microsoft et al would have to come up with some kind of technical rather than managerial scheme"
As I've suggested before, a franchise scheme should work. An Irish owned and staffed company would have the franchise to run MS-branded email services for European subscribers with all servers located in European countries under European legislation licensing the IP from MS. I doubt that setting that up would be beyond the abilities of MS lawyers and if necessary I'm sure they could take a little advice from their opposite numbers at Starbucks.
Hi AC,
Umm, nope, it is owned by a subsidiary. Unless Microsoft just gives away it's European operation entirely, though, it's still under MS control, which is the point that district judge is making. It does seem weird to me that a district judge is abrogating treaties, I did not think that this was in their remit.
I'm pretty sure no-one in the US has access. But, as the district judge has realised, they can give orders to the people that do, even if they are under European data protection laws, the judge doesn't care. He's ordered MS US to get the data from MS IE and, presumably, if MS US does not comply it will be sanctioned - it's up to MS US to either find a way to comply or get the order struck down somehow, and I think they do deserve some credit (I don't know how much) for actually fighting it rather than rolling over.
I'm really not sure why they didn't use the existing option. Was this perceived as an easier option? Is someone trying to make a point? Do they actually _want_ to reduce American competitiveness abroad (Yeah, sure, I'll put all of my precious data on a US-owned cloud now, what could possibly go wrong!)?
Ad
"I'm pretty sure no-one in the US has access. But, as the district judge has realised, they can give orders to the people that do, even if they are under European data protection laws"
If nobody in the US had access I don't think there'd be a problem: Judge orders MS/US to pass on the orders. MS/US passes on the orders. MS/IE says "Got the orders. Sorry, can't follow them, local legislation forbids.". MS/US tells judge they passed on the orders but they were countermanded outside their (MS/US's) remit.
"It does seem weird to me that a district judge is abrogating treaties, I did not think that this was in their remit."
I seem to remember reading somewhere that there is something very odd about the way the US handles treaties. Something along the lines that individual states aren't bound by the treaties the Federal Gov't makes.
Whether individual states are bound by treaties is not at issue here. Judge Loretta Preska, who issued the warrant on Microsoft is a federal district judge, issuing warrants based on federal law and court rules. However, a quote from the US Constitution is informative (Article VI, Sction 2):
"This Constitution, and the Laws of the United States which shall be made in Pursuance thereof; and all Treaties made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Ting in the Constitution or Laws of any State to the Contrary notwithstanding."
It appears that treaties are quite binding upon individual states although, again, that has nothing to do with the case under discussion.
Had Microsoft put a little bit of thought into the legal implications of its corporate structure:
- A subsidiary company would own the server farm in Ireland
- No one in the US would have access to the data, except for support purposes
Nope. You've already lost the plot at the first point. As long as you have a HQ in the US you cannot escape the demand because you have the control. If you just left a subsidiary in the US you'd be in a better position to claim a lack of control, but then you'd have the issue that the US may start playing other games to gain leverage, like threatening to close your subsidiary.
The simple bottom line is that you CANNOT have a US based HQ if you have any need to protect personal information, and if you have a subsidiary there you have to be prepared to lose it.
This is also why the EU stays out of this - it is entirely outside their control. The only thing they can do is bring it up during trade negotiations, but the EU cannot plausibly require the US to respect EU sovereignty if it does not respect the same for the US - even if that leads to the Irish sub breaking the law as a consequence. The EU has no grip on the Irish sub because there is no legal process running in Europe to access that data. Annoying, but those are the facts.
If US companies would like to fix the clusterf*ck of laws they have in their country which make this possible they are welcome to go home and talk to the people in Washington they sponsored so hard to make it this way instead of trying to get the EU to clean up the mess they made themselves.
- No one in the US would have access to the data, except for support purposes
Well, that's a honking big loophole right there. If you have access to the data "for support purposes" - you have access, and you're subject to whatever the authorities tell you to do with it.
Ireland, in its brief, decided to flex its muscles, reminding the New York court that: “Ireland is an internationally recognised sovereign nation state. The United States recognises and maintains diplomatic relations with Ireland.”
Ummm, I thought we all knew at this stage that the US doesn't care about the sovereignty of other countries... Looks like somebody didn't get the memo.
That would be a disaster. You'd have judges in various countries issuing arrest warrants for eachother, because in France it's illegal to issue a death sentence, so you can slam some judge in the U.S. for doing that. But in the U.S., unpasteurized milk products are largely illegal, so you can issue a warrant for some French judge who in some way ruled in favor of a company who sold some unpasteurized product that gave someone food poisoning. Meanwhile, in Saudi Arabia, there's a judge who will issue arrest warrants for any other judge around the world who issues decisions that protect defendant's rights to "disrespect the prophet".
The U.S. judge is overreaching, but lets not use this as an excuse to start some kind of unworkable judicial tit-for-tat.
your post illustrates exactly the poor understanding (some) EU citizens have of the US setup.
ANY company with a presence in the US is deemed a US company. And as such is subject to the power of the US feds.
That's it really. No amount of circular documentation with company setups can change that.
If you use a company that has a US presence, then it will be subject to handing over whatever data Uncle Sam wants. And if they use the PATRIOT Act to do it, you won't even know. Safe harbour ? Safe bollocks more like.
I call bollocks to you on that one AC. Its not that simple. Otherwise the US Tax man would be seizing all the profits Apple and Co. are storing oversea's.
You would have been far more correct to say there are a complex web of legislation and treaties whose interpretation in different legal and govermental remits can sometimes result in the appearance that the Patriot act trumps everything. Don't get me wrong its a steaming pile of dog crap that needs to be repealed - but the reality is far more nuanced than you are shrieking about.
The sovereignty in question is Irish and the Irish government has already replied (if only to rather snarkily remind everyone that they needn't have done). So maybe the EU doesn't reckon that it has anything more to contribute. Or maybe it is replying through diplomatic channels and saying "Look guys, we know you can't tell the judge what to say, but you *really* don't want to push this one much further.".
I would guess it's the other way round, and the US is probably leaning heavily on the EU to keep its mouth shut on the whole debacle.
"That's a nice economic recovery you've (finally) got going there. Be a shame if someone suddenly sold all their Euro bonds..."
She was made Italian Foreign Minister just because she helped Renzi to become first head of his party, then President of the Council. In exchange Renzi made its party praetorians ministers. Then, following the old "promoveatur ut amoveatur" way of doing things, thought it was a good idea to send her to the EC, where almost nobody wanted someone with no previous real experience in diplomacy at that level. Unluckily, she now sits there, but she really has no idea about what she should really do unless told to, and anyway, she doesn't really care of such matter, it's not something that could help her strengthen her position within Italian politics - which is the only real thing that matters to any Italian politician.
Let's get this straight.
A US judge granted a warrant for emails of a suspected drug dealer. This is not a data grab or some underhanded spying, but a search warrant for electronic data limited to a specific individual. The warrant was used to request the data from Microsoft - presumable as the email account was held with them.
Microsoft must have then refused to provide the information and their defense was that the data was held in Ireland. At which point the US judge then said 'doesn't matter because you are a US company' and now lots of US companies are saying this will damage their business.
Now, forgive me for being somewhat dense here, but are they saying that their business relies on hiding information from a legitimately granted and served search warrant? I know everyone just loves to jump up and down about illegal data grabs by whatever security service is the flavour of the month, but that is not what is going on here.
> Now, forgive me for being somewhat dense here, but are they saying that their business relies on
> hiding information from a legitimately granted and served search warrant?
No, they are saying their business relies on complying with the laws where the servers are based.
If the court had gone though the "normal" channels as outlined in the article, they would have basicly asked the Irish legal system to obtain this data, and therefore would have complied with the local and normal international law.
The judge is basicily saying "the server is in Ireland, you are US based, you own the servers via a subsidiary, therefore laws in Ireland don't apply to this data in Ireland".
Providing the information that this US court has requested involves someone in Ireland breaking Irish law.
Breaking the law is illegal.
Therefore this is an illegal data grab.
In addition, this isn't a valid search warrant. You can't search an Irish property with a US warrant. Well, you could, but someone could break your legs for your troubles and probably walk off scot free.
The other US companies are right to be scared. If I hold sensitive data on a service provided by an Australian subsidiary of a US company, and these shenanigans are allowed, than the US can seize my data at any time they wish without consulting an Australian court.
Naturally this isn't something I like the sound of; therefore I will not put my data at risk in this manner. Now, I might be a small drop in a large ocean, but these US companies are already looking at losing their foreign markets because of the NSA actions, and this is another nail in that coffin.
oh yeah, we have a reason to invade and bomb Ireland now!!! they are harboring potential drug dealers and probably terrorist too!!! I mean if it is a good enough reason to kidnap and imprison president Noreiga from Nigaugura then it damn well is good enough for those Irish!!!! LOL
i know this will never happen, the Irish are considered "White" now
"Something along the lines that individual states aren't bound by the treaties the Federal Gov't makes."
Federal government aren't bound by those treaties either.
"and imprison president Noreiga from Nigaugura"
actually the dude was from Panama, and he was imprisoned because he stopped cooperating with the CIA's drug smuggling operations.
The US' motto is "all your sovereignty are belong to us".
The issue is not quite so simple as many posters seem to think. Orin Kerr, an actual lawyer and law professor with real knowledge of Fourth Amendment law and the Stored Communications Act, has written about this case several times in the Washington Post. The articles refer to others with different viewpoints.
http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/07/07/what-legal-protections-apply-to-e-mail-stored-outside-the-u-s/
http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/07/25/more-on-privacy-rights-in-e-mail-stored-outside-u-s/
http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/07/30/verizon-responds-to-my-posts-on-the-foreign-e-mail-case/
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
