back to article Law's changed, now cough up: Uncle Sam serves Microsoft fresh warrant for Irish emails

The US government has issued Microsoft with a new warrant to get access to emails held on the firm's Irish servers, while asking the Supreme Court to dismiss the existing legal battle. The long-running wrangle began back in 2014, when Microsoft was taken to court by American prosecutors who wanted access to suspects' emails …

Page:

  1. Snorlax Silver badge

    Next step?

    MS asks the Supreme Court to rule on the constitutionality of the Cloud Act?

    Unlikely to get anywhere, but a stalling tactic nonetheless...

    /off to read the Cloud Act

    1. Charlie Clark Silver badge

      Re: Next step?

      I suspect trying to apply it retroactively is enough to get it thrown out of most courts.

      OTOH Trump has just made himself wide open to the next "Benghazi" because the new law will also allow non-US spooks access to data held on servers in the US. What could possibly go wrong? Okay, those provisions will probably be thrown out on constitutional grounds because of the protection that the US constitution offers to US citizens (the rest are just "aliens" and fair game for spooks, scammers, etc.).

      1. Paul Hovnanian Silver badge
        Devil

        Re: Next step?

        "I suspect trying to apply it retroactively is enough to get it thrown out of most courts."

        Ex post facto laws are in fact banned. But I suspect (and IANAL) that this would apply to data stored overseas going forward from the date of passage. No penalties for past refusal to comply with a warrant. But from here on out; hand it over.

        Devil, because that's where the details lie.

        1. Androgynous Cupboard Silver badge

          Re: Next step?

          > Ex post facto laws are in fact banned

          Not if you're HMRC

    2. Dan 55 Silver badge

      Re: Next step?

      Here's a summary of the Cloud Act so you don't have to read it:

      All your data are belong to US.

      1. Swiss Anton

        Re: Next step?

        "All your data are belong to US"

        Until we sell it on for a profit.

      2. Uffish

        Re: Cloudy

        All your data are belong to US, says US.

        There, I've put that in a wider context for the benefit of US administration types.

  2. aks

    I assume that the Irish government will still refuse to let the USA have direct access to servers in Ireland.

    A search warrant against specific individual individuals or countries causes no problem for the Irish. It's the direct access they object to, allowing the USA to use 'big data' methods.

    1. Anonymous Coward
      Anonymous Coward

      I assume that the Irish government will still refuse to let the USA have direct access to servers in Ireland.

      Why do you assume that? I don't.

      So long as US businesses have the Irish government on a short leash, courtesy of the liberal application of tax laws, the Irish gubbermint will do whatever US big-tech tells them. In this case, it'll be "do as the MIB say", because that gives people like Apple a "get out of jail free card".

      1. Doctor Syntax Silver badge

        "So long as US businesses have the Irish government on a short leash, courtesy of the liberal application of tax laws"

        Well, this allows the EU to impose what's effectively a 4% global turnover tax on US companies. That probably far exceeds anything they'd have taken via a with-holding tax on EU turnover.

    2. Oh Homer Silver badge
      Mushroom

      Violation of national sovereignty

      The ramifications of this go far beyond mere data protection. The US is, in effect, claiming sovereign rights over another nation. Frankly I don't think it's an overstatement that this is tantamount to a declaration of war. This is not America. You don't get to do just anything you like in our country.

      American hegemony is not exactly new, but rarely is it this brazen.

      If you're an American citizen or company operating in our country, then you are governed by our laws. If you or your government dispute this, then you need to leave. Period.

      1. Joe Montana

        Re: Violation of national sovereignty

        They're not claiming rights over another nation, they are claiming rights over data which is privately held by a subsidiary of a US corporation that just happens to be located in another country.

        If the data was held on a server belonging to an Irish company then the US would have no way to demand the data, and would need to apply for an order through the Irish court system.

        The fact is while Microsoft employees in Ireland are not directly answerable to the US government, they are answerable to senior Microsoft employees based in the US who in turn are answerable to the US government.

        Employees working for an entirely Irish owned company with no US parent company would not be answerable to the US government at all, and could only be compelled to perform any action by Irish or EU governments and courts.

        If you're concerned about foreign governments interfering in your business, then support local businesses and only worry about your own government (which you cant avoid anyway, and theoretically have some control over).

        1. big_D Silver badge
          Facepalm

          Re: Violation of national sovereignty

          @Joe Montana the data is on a server on Irish soil, owned and run by an Irish company, which just happens to be a subsidiary of a US company.

          And regardless, the data is in Ireland and falls under EU and Irish law. If Microsoft US hands over the data, the board of Microsoft Ireland could face large fines and imprisonment for breaking data protection laws. Microsoft Ireland cannot hand over the data to a US organisation or US law enforcement without the written permission of all identifiable persons in the communications (if they are EU citizens) or a valid EU / Irish issued warrant.

          So Microsoft US executives faces imprisonment and fines if they don't hand over the data and Microsoft Ireland (a separate entity) face imprisonment and fines if Microsoft US does hand over the data.

        2. Anonymous Coward
          Anonymous Coward

          Re: Violation of national sovereignty

          "They're not claiming rights over another nation, they are claiming rights over data which is privately held by a subsidiary of a US corporation that just happens to be located in another country."

          You actually believe that? It's data which is not owned by US company and it's not in US.

          That's the definition of claiming rights over another nation. Even if you are not admitting it: That's irrelevant.

        3. Tom 38 Silver badge

          Re: Violation of national sovereignty

          The fact is while Microsoft employees in Ireland are not directly answerable to the US government, they are answerable to senior Microsoft employees based in the US who in turn are answerable to the US government.

          In most countries, working for a company doesn't mean that you are obliged to break the laws of your country because your superiors abroad order you to.

      2. It wasnt me

        Re: Violation of national sovereignty

        Exactly. Can we pass a law in Westminster saying that our citizens can help themselves in US shops? Or that a speed limit of 70 mph applies on US motorways to English people? I don't get the difference with what the merkins are doing.

        By the way, I like the way you ended your post with 'period'. Very USA'ish. Full stop.

        1. wallaby

          Re: Violation of national sovereignty

          "Can we pass a law in Westminster saying that our citizens can help themselves in US shops? Or that a speed limit of 70 mph applies on US motorways to English people?"

          I think we should

          the US embassy in London refused to pay the congestion charge on the grounds of diplomatic immunity, but UK embassy staff in the US don't have that luxury as they have to pass through toll booths.

          Data held in servers in the EU should be subject to EU law only - but in reality we know that the US will never respect that nor any other laws that they don't pass.

      3. Muscleguy Silver badge

        Re: Violation of national sovereignty

        Remember the US is the country which granted itself the right to invade The Hague should any US citizen by arrested by the ICJ. Thinking they can do what they like in the world is par for the course.

        See also Trump pre election thinking he could use compulsory purchase to acquire neighbouring properties for his Aberdeenshire golf resort. You can do that in the US but not here in Scotland.

        Then there's that TV series where an FBI unit is allowed to travel the world with weapons and arrest/shoot/kill bad guys in other people's countries. That is just 'Merican wish fulfilment wet dream fantasy.

        If that is their cultural reference this is little surprise. The EU equivalent with Donald Sutherland is much more realistic in terms of jurisdictional issues.

      4. jchevali

        Re: Violation of national sovereignty

        Ireland can't fight this. If they do, the tiniest US nuke could blow them up in a second.

        Ireland could fight this by allying themselves with China, whom the US can't defeat, but if they do, next step is for China to demand all data held in Ireland, so they're not going to be any better off.

        Ultimately the only recourse to the pious people of Ireland is that the Lord in his infinite mercy may grant them an afterlife where they'll not be so weak and abused by other nations. I pray for that.

    3. Velv Silver badge

      I assume that the Irish government will still refuse to let the USA have direct access to servers in Ireland.

      Isn’t part of the problem that the US hasn’t even bothered to ask Ireland for access?

  3. malle-herbert Silver badge
    Big Brother

    Cloud Act ?

    They should have called it the : Amuricah World Police F*ck Yeah ! Act...

    1. Yet Another Anonymous coward Silver badge

      Re: Cloud Act ?

      Or the "American companies all banned from operating in Europe" act

      1. This post has been deleted by its author

    2. John Smith 19 Gold badge
      Gimp

      "They should have called it the : Amuricah World Police F*ck Yeah ! Act..."

      But that would have ruined the apparently user friendly (but deeply citizen unfriendly) backronym.

      So it's no longer safe dealing with US subsidiaries if you want your data secure.

      Don't deal with US companies for data storage or transmission at all.

      1. Yet Another Anonymous coward Silver badge

        Re: "They should have called it the : Amuricah World Police F*ck Yeah ! Act..."

        Not just if you want your data secure.

        Don't deal with American companies if you don't want your users to sue you and your directors to go to jail

        1. Martin 47

          Re: "They should have called it the : Amuricah World Police F*ck Yeah ! Act..."

          That includes windows, your data may be on your PC in a foreign (i.e. non American) country but Microsoft still has access to it so, it appears, be legally forced to hand it over.

          So nothing new there then

        2. Anonymous Coward
          Anonymous Coward

          Re: "They should have called it the : Amuricah World Police F*ck Yeah ! Act..."

          Don't deal with American companies if you don't want your users to sue you and your directors to go to jail

          starts looking for American companies to deal with

          They should have given me that pay raise

        3. Doctor Syntax Silver badge

          Re: "They should have called it the : Amuricah World Police F*ck Yeah ! Act..."

          "Don't deal with American companies if you don't want your users to sue you and your directors to go to jail"

          Or be fined board-visible amounts.

    3. Chronos Silver badge

      Re: Cloud Act ?

      America Rogering Someone Else, AKA ARSE Act.

      MS are between a rock and a hard place. Uncle Sam says they must, Europe and Ireland say they must not. It's not often I feel sorry for the Redmond land sharks but this time? I can't see a way they can obey either without falling foul of the other.

      In other news, several imps have perished due to the unusual cold spell in Hades.

      1. big_D Silver badge

        Re: Cloud Act ?

        Exactly Chronos.

        If the CLOUD Act holds up to scrutiny, companies with a US presence will have to decide, whether they want executives in the USA to face fines and imprisonment or executives in Europe to face fines and imprisonment...

        The Microsoft model for data centers in Germany will be interesting, going forward, they are owned and run by T-Systems on Microsoft's behalf. MS don't get any physical or electronic access to the datacenter or the information in it, they have to request it from T-Systems and the DoJ would still need a European warrant to get access, just like they did before the CLOUD Act.

        1. Yet Another Anonymous coward Silver badge

          Re: Cloud Act ?

          Except if the CLOUD act force them to do anything to obtain the data. So the German owned MSFT data center can no longer accept any Windows updates or Intel CPUs in case they contain a official trojan

        2. spodula

          Re: Cloud Act ?

          Seems to me to be more "F*king over American CLOUD companies act"

          If i was holding personal data (And a lot of companies are), I certainly wouldnt put it in a cloud that could be read by the FBI at a whim.

      2. Anonymous Coward
        Anonymous Coward

        Re: Cloud Act ?

        I wonder what would happen if Microsoft were to announce it was moving its HQ to Ireland and becoming an Irish company?

        Should make for an interesting US congressional election season if they did.

        1. Charles 9 Silver badge

          Re: Cloud Act ?

          They may also intervene. Remember, Microsoft is publicly traded, meaning the SEC can get involved.

    4. Scroticus Canis Silver badge

      Re: Cloud Act ? ... F*ck yee-haa ...

      FTFY

  4. Anonymous Coward
    Anonymous Coward

    It would appear that the DoJ are trying to add the case in retrospect. The law wasn't there when the case started therefore they shouldn't be able to apply the law retrospectively.

    Oh, sorry I forgot this is in the US that thinks it rules the world and make laws that overrule the laws in sovereign countries.

    1. bombastic bob Silver badge
      Meh

      "It would appear that the DoJ are trying to add the case in retrospect"

      actually no. it's a new action related to an old case.

      I think everyone knew this was coming. Now Micro-shaft can say "we tried" and make themselves APPEAR as if they care about user privacy. But, based on EULAs and actual BEHAVIOR, they obviously do NOT.

      1. Aladdin Sane Silver badge

        They do care, when it affects their bottom line.

      2. Charlie Clark Silver badge

        it's a new action related to an old case.

        Which makes it different to restrospective in what way exactly? It would set a very dangerous precedent if it succeeds. I would not be in the least surprised if the most conservative judges come down the hardest on this aspect. Will be fun to see Trump moan about judges he picks but can't sack.

      3. John Brown (no body) Silver badge

        "actually no. it's a new action related to an old case."

        ...but referencing the same warrant, not a new one. Although they are claiming that the CLOUD Act negates the need for a warrant. It's all moot anyway as they already have a legal, treaty based method to get the data. This is all about getting around the treaty method of requesting specific data in relation to specific evidence and trying to get unrestricted access to anything they feel they might want to grab.

        1. PeterGriffin

          I think that is exactly what they are attempting to do. Should they have a valid need for the data they could issue a warrant in Ireland for the data. They haven't. This either means they don't have a valid need for the data or they wish to set a precedent to circumvent international treaties and access any data they wish without appropriate oversight.

          Microsoft will resist and Google and Amazon should be trying to assist them otherwise no one in their right mind will be looking to buy cloud storage or compute services from an American based company.

    2. JimC Silver badge

      Retrospective - Muddled thinking

      There's nothing retrospective going on at all. They are making a request in the present for something that exists in the present.

      Retrospective would be fining Microsoft for not handing over the data before the new law came into force. Now the new law is in force companies and people are now required to comply with it.

    3. Dal90

      It's not retroactive.

      It's a new warrant, under a new law.

      If they are quibbling about warrants, the was never a "case" that went to trial. So there is no violation of double jeopardy.

  5. Rob D. Bronze badge

    Responding ...

    Countries or regions like the EU with an interest in protecting individual privacy, will rule that for a cloud provider to hold data on individuals there must be regional or country bound stewardship of the data where the cloud provider is able to enforce local protections (such that CLOUD Act warrants cannot be served because the data is not under the control of an entity affected by such a warrant).

    Countries or regions with an interest in extending access to information for government organisations will apply reciprocal arrangements so that, for example, if a cloud provider wishes to operate in the region, they must provide access to any data under their control whether in the region or not.

    IANAL and some of this probably already exists, but this does seem like an awfully big can of worms to write in to the US legislative framework.

    1. big_D Silver badge

      Re: Responding ...

      The current laws already state that. The data cannot be transferred out of the EU (unless the destination land has equivalent levels or data protection or things like Privacy Shield being an exception) and cannot be handed to third parties, including legal authorities, without a valid EU issued warrant.

      That means it would be illegal for Microsoft US to hand over the data under the CLOUD Act and would leave Microsoft Ireland in a very sticky situation.

      1. Anonymous Coward
        Anonymous Coward

        Re: Responding ...

        Current laws already state that. I know for certain of at least one company, and suspect several more, knowingly breaching that law. The company I know of was audited by the FCA and given a clean bill of health. The FCA simply looked the other way when it came to cloud data storage....

        So the law is worth exactly the paper it is written on.

  6. ratfox Silver badge

    The case against multinationals

    Slowly but surely, the only option left to EU governments to implement the privacy protections guaranteed by their own laws will be to demand that private data must be held in European data centers operated by independent European companies, which have no need to obey US demands. I'm not sure they will go that far, or that they care enough about our privacy...

    1. John Brown (no body) Silver badge

      Re: The case against multinationals

      which makes Office365 and Google Documents, as used by governments, a bit of an embarrassment when it turns out the USG can slurp it all when they feel like it.

      Some while ago, we got a company wide memo reminding all staff, sales people in particular, to NOT use Google docs etc for business related activities.

  7. adam payne Silver badge

    "Microsoft no longer has any basis for suggesting that such a warrant is impermissibly extraterritorial because it reaches foreign-stored data, which was the sole contention in its motion to quash... There is thus no longer any live dispute between the parties, and the case is now moot."

    You can not pass laws in your own country and expect all other countries to follow your laws. Sorry but it doesn't work that way. That law doesn't apply to a different country.

    Anyone would think they passed this law to get back at Microsoft.

    1. Daniel von Asmuth Bronze badge
      Alien

      Extraterrestrial clouds

      The government is "unquestionably entitled" to all information stored or transmitted anywhere, rendering moot the word 'extraterritorial'; for the time being this does not apply to extraterrestrial space beyond reach of U.S. missiles and rockets.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019