back to article Microsoft challenges US gov over attempts to search overseas data

Microsoft has challenged a ruling that would allow US government authorities to search its overseas facilities. The company said in a petition filed to the US District Court for Southern New York that it objects to an order that would allow law enforcement to search all Microsoft-owned facilities worldwide. At the heart of …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Amazing what you can do when your revenue stream is threatened - especially if you have removed the more obvious back-doors before the lawyers arrive.

    1. Anonymous Coward
      Anonymous Coward

      Why Not

      Challenge it in an EU court??

      Where the US warrant will be immediately dismissed.

      1. Bronek Kozicki

        Re: Why Not

        ... because Microsoft headquarters are in US. Thus anything presented under US law may be binding to the company as a whole.

        1. localzuk Silver badge

          Re: Why Not

          But the remote data centres aren't directly owned by Microsoft USA, they're owned and operated by a subsidiary, which is registered in the country where it exists usually. So, the USA has no direct oversight over that company. In fact, the local laws may specifically disallow such interference by the USA.

          1. Lionel Baden

            Re: Why Not

            @localzuk

            And this is the exact reason their fighting this.

            the court order just assumes that because the company operates in their country all of its assests should be available to their scrutiny

            1. Tom 13

              Re: this is the exact reason their fighting this.

              No, it's not. Go back and read the article again. They are fighting it because the judge conflated a subpoena and a warrant. The entire case is being brought under US Constitutional law, specifically the 4th amendment.

              If they were going to fight it on the grounds you suggest they would have to get the EU Court dismissal and then come back to the US and claim the ruling was binding on them via Treaty. Not sure how well that would work because I'm not sure which Treaties you'd need to reference.

          2. Anonymous Coward
            Anonymous Coward

            Re: Why Not

            But the remote data centres aren't directly owned by Microsoft USA, they're owned and operated by a subsidiary, which is registered in the country where it exists usually. So, the USA has no direct oversight over that company. In fact, the local laws may specifically disallow such interference by the USA.

            Ah, but here we touch the rather insiduous part of US law, and the surrounding politics. First off, US law doesn't care one iota that it gets you in trouble abroad. As far as US law is concerned, the rest of the planet doesn't exit so making you do something that is a crime abroad is not their problem (Gitmo is a good example of "not on our soil" excuses, but I'm drifting off topic).

            As far as US law is concerned, if your HQ is under US law, you are the owner and what you say goes so any unwillingness to comply is seen as actively resisting a legal demand. What's more, you're seen as having the leverage, so if a direct legal demand doesn't work they'll make your life miserable in other ways. No fly lists, endless IRS audits - they have means aplenty and are not afraid to use them. All they need to whisper is that you help communists terrorists (sorry, had to update the magic word) and all is well - isn't life fun if there is no real oversight? "National security" covers so many sins and offers such a nice slice of the budget that it'll never go away.

            So, in short, if you're in the US and are deemed to be a gateway in any way, shape or form to data that an agency wants, they will throw whatever they have at you to get it. There is just a lot of posturing going on to hide it, but there is no privacy in the US, and no apparent restraint to steal data from wherever it can be obtained - the only thing that changes are the excuses.

            1. localzuk Silver badge

              Re: Why Not

              "Ah, but here we touch the rather insiduous part of US law, and the surrounding politics. First off, US law doesn't care one iota that it gets you in trouble abroad. As far as US law is concerned, the rest of the planet doesn't exit so making you do something that is a crime abroad is not their problem (Gitmo is a good example of "not on our soil" excuses, but I'm drifting off topic)."

              Not completely true. The USA is a signatory to a long list of international treaties, which mean they have to respect the laws of other countries/areas, else those areas will themselves ignore the laws of the USA. International relations are a balancing act, and the USA knows this.

    2. Adam Nealis

      "Amazing what you can do when your revenue stream is threatened"

      Indeed. M$ finally grow a a pair.

      Be interesting to see who really has the best lawyers.

  2. K
    Devil

    Data hosted in Ireland

    Surely this falls under the EU Data Protection directive - Whilst I commend Viviane Reding for taking on the mobile operators, I would now like to see those feisty teeth sunk into this.. Swiftly followed by the middle finger salute to Uncle Sam!

    1. Anonymous Coward
      Anonymous Coward

      Re: Data hosted in Ireland

      El Reg hosted a similar discussion only a few days ago. There was an unteresting comment there in that US law is written as if no other country exists. If that is correct, MS is going to lose this one but the ramification of that would be case law proving that a US company cannot safely hold your data under ECPA. That would be a VERY significant rüuling so I'm going to keep an eye on this one.

      1. Steve Davies 3 Silver badge
        Unhappy

        Re: Data hosted in Ireland

        MS have to try this but they will fail.

        There are already precidents in US law that will triumph here.

        US Companies and Citizens have to report their WORLDWIDE Income to the IRS. They are then taxed in it. If there are arrangements where locally paid tax is taken into consideration then great. If not, then you pay Uncle Sam for the pleasure of selling someing in a Foriegn Country. The reach of the US Gov is everywhere on this planet. You can't hide.

        Also, MS has to ensure that all of its employees around the world follow US laws around things like 'backsheesh' etc.

        For these reasons MS will fail but for once, I tip my hat to MS for at least trying to Limit the reach of the US Gov in this area.

        1. Uffish

          Re: Data hosted in Ireland

          Microsoft may lose this battle but they sure as hell won't lose the war. I'd bet on a bunch of corporarate lawyers beating the Feds any day.

          p.s. The standard method for US companies to be washed whiter than white over baksheesh is to do business with a local - who then does business with the end user. Might work for data centres too.

          1. Cipher

            Re: Data hosted in Ireland

            Microsoft will lose because the Obama Administration has proven that the law means nothing to them, and no one will challenge his lawlessness. The IRS scandal alone would have toppled any other U.S. President. A lapdog US press is a big help in this regard...

  3. Anonymous Coward
    Anonymous Coward

    Illegal request

    I believe that the US Government is requiring Microsoft to break EU laws on privacy. There is no immunity for US companies operating in the EU - they have to obey the law.

    This is a variation of that strange US law that allows the US to prosecute crimes against citizens wherever they take place. This is a unique extension of the concept of universal jurisdiction and appears to have been used to justify water-boarding, extraordinary rendition and drone strikes.

    1. Anonymous Coward
      Anonymous Coward

      Re: Illegal request

      There is a standard position on this in the US judicial system concreted by a century of precedent.

      It is the US court interpretation of the 14th amendment to the US constitution. It can be summarized as follows:

      * International and local country law is null and void, US law applies

      * Any US local law (even your local city ordnance) supersedes international law and nullifies any US international obligations even if the Senate has ratified them. Ratified treaties do not automatically become law as in civilized countries, they need "derived" law which US can use to "correct" them as it pleases (which it usually does).

      Microsoft knows all that and knows what the result will be - this is being done purely for publicity reasons.

      1. h4rm0ny

        Re: Illegal request

        >>"Microsoft knows all that and knows what the result will be - this is being done purely for publicity reasons."

        I don't think so. Failure here would be genuinely damaging to Microsoft (and many other US companies). As another poster wrote - they have to fight this.

        If they fail, maybe they'd like to relocate their company to Europe. We could do with a $60bn turnover company in Europe at the moment.

      2. Irony Deficient

        Re: Illegal request

        Anonymous Coward,

        the US court interpretation of the 14th amendment to the US constitution […] can be summarized as follows:
        if you’re referring to Reid v. Covert, in its most expansive interpretation, what it states is that the US constitution overrides international treaties, not that federal, state, or local statutes override those treaties — in the particular case, the decision was that overseas US civilians have 5th and 6th amendment protections regarding not being tried in a US military court, despite an executive agreement which allowed dependents of US military personnel to be tried in a US military court instead of in the host country’s courts.

        Ratified treaties become part of domestic law here only when those treaties are self-executing. An analogous situation is that of EU directives; because they’re not self-executing, they become incorporated into each EU member state’s lawbooks through national (“derived”) legislation.

    2. Anonymous Coward
      Anonymous Coward

      Re: Illegal request

      I believe that the US Government is requiring Microsoft to break EU laws on privacy. There is no immunity for US companies operating in the EU - they have to obey the law.

      Interesting position to be in as a US company with subsidiaries abroad. Whatever you do when they give you an ECPA request, you're breaking the law, even if you don't want to. I wonder if anyone has thought through the rather large side effects this has.

      It's almost as if they are deliberately aiming to make the US a pariah internationally. I don't get this.

    3. Irony Deficient

      Re: Illegal request

      Anonymous Coward,

      This is a variation of that strange US law that allows the US to prosecute crimes against citizens wherever they take place.
      what is the title of this strange US law?

  4. Frank Zuiderduin

    This is why american companies can never be trusted.

    And no Microsoft publicity stunt (which is what this is) is ever going to change that. If those companies really meant it, they would have ignored this type of abuse of power from the start - or at least told the proper authorities (i.e. the ones in the country the data was stored in) about it. Instead they have always just complied with it and would have continued to do so if it hadn't been for the likes of Snowden.

    1. Gordon 10
      WTF?

      Re: This is why american companies can never be trusted.

      eh? What kind of basis do you have for the drivel you have just spouted?

      I'm no MS fan but even ai can see there's a major difference between an in the open and up front court order and some NSA sponsored data slurp.

      for the record they can't ignore this - they risk fines and jail time for contempt of court. Instead they are continuing to fight it at the legal level. It's also irrelevant if it's a publicity stunt - if it results in case law making the next chancers to try this much less likely to be sucessful then it serves its purpose.

      Every US corp with a European base - and that's most of them - can see their cushy double Irish South sandwiches at risk from this so I suspect the behind the scenes pressure to squash this is immense.

      And that's even before the case is examined on its legal merits which are dubious to say the least.

      1. Paul Crawford Silver badge

        Re: @Gordon 10

        I think his point is the secret requests, and being paid to honour them (e.g. PRISM), were hardly discussed or much in the way of objections raised until the full extent was exposed by Snowdon, and now they find their revenue threatened so are having to grow some and challenge the legality.

  5. dan1980

    I think this is going to come down to trade agreements and I think you'll find that it is the EU countries that have messed-up here.

    The US always screws down things like this - for example, inserting TRIPS and DMCA clauses into their trade agreements - and I suspect that the EU member countries have probably bargained away the rights of their citizens in the pursuit of these deals with the US.

    In other words, the US is being consistent and it is likely that the EU is the one in strife. That said, while the EU might talk big against individual companies like Google who gain significant value in Europe (through tax loopholes if nothing else), Their all-to-ready agreement to sign away the rights of their citizens is a pretty clear indication of which side their bread is buttered on.

    1. Anonymous Coward
      Anonymous Coward

      The US always screws down things like this - for example, inserting TRIPS and DMCA clauses into their trade agreements - and I suspect that the EU member countries have probably bargained away the rights of their citizens in the pursuit of these deals with the US.

      Whatever gave you that idea? What US companies do in this context is quite simply commit an illegal act under EU law (if they do so, let's first of all recognise that some are challenges this). The problem is, of course, catching them at it because secrecy applies, but EU law does not allow this and it matters ZERO what the US says about this - that's what sovereignty is about.

      The whole privacy battle with the EU is exactly a sign that the US doesn't get its way, nor should it. Even from before 9/11, the US has gotten away with running roughshod over the rights of practically every human being on the planet. Remote control bombing, locking people away in a place (which is all OK because it's not on US soil), ignoring human rights as if they didn't sign up t them too in 1949 and yet wanting to sport that Hollywood banner of defenders of the world. It is really time to call bullshit before people start to think it is actually OK that way. The excuse does not matter - we have laws and rights for a reason, and we were quite good at catching bad guys without all those new rules which mainly function to take away our ability to see what is actually been done in the name of *cough* justice. What do THEY have to hide?

      Anyway, rant over. Just don't try to sell me any BS that the blame lies anywhere but in the US, because it only means you haven't been paying attention.

      1. dan1980

        @AC

        Companies must follow whatever laws they are subject too. The problem arises because trade treaties have seen the US impose their rules on foreign countries. What I am saying is happening is that, in effect, companies like MS are subject to CONFLICTING responsibilities as a result of (e.g.) the EU agreeing to American terms in private but professing adherence to local laws domestically.

        But they talk tough.

        The US are bullies but their bullying tends towards enforcing their will through laws. Essentially, they bully other countries into agreeing to write laws that favour the US. Thus I think it highly unlikely that the US government's request of MS is outside of the scope of the trade treaties and laws applicable to this situation.

        1. Trevor_Pott Gold badge

          According to my understanding, it is. There are lots of treaties that basically give the US carte blanche to ask for a foreign warrant for the data, wherein the foreign plod will see that warrant enacted and the data returned to the US. That's the proper way to do this, according to treaty.

          This judge is saying "we don't need to do that, because MS is a US corporation. Our vague and general subpoena is enough to obtain data on foreign soil without involving that foreign government."

          Not even Canada would agree to that...and right now, Harper is the POTUS's bitch.

  6. Anonymous Coward
    Anonymous Coward

    Access to a datacenter facility in Dublin ..

    "At the heart of the issue is a warrant granting authorities access to a datacenter facility in Dublin, Ireland. Citing the US Electronic Communications Privacy Act (ECPA)"

    Doesn't GCHQ already have access to all such facilities in that country .. ref

    1. amanfromMars 1 Silver badge

      Re: Access to a datacenter facility in Dublin ..

      "At the heart of the issue is a warrant granting authorities access to a datacenter facility in Dublin, Ireland. Citing the US Electronic Communications Privacy Act (ECPA)"

      Doesn't GCHQ already have access to all such facilities in that country .. ref ..... Anonymous Coward

      At the heart of the issue is if you have nothing to fear you have nothing to hide .... ergo if you have something to hide, have you something to fear and Microsoft have been doing God ...... which means all sorts of highly unusual and creatively destructive things? And power corrupts and absolute power with windows into everything corrupts absolutely is not surely in question?

      Isn't Bill Gates an honourable knight of the British Empire servering Queen and country ....... and can any man have two or more masters and be true to any of them and not be a freelancing renegade rogue? ......... https://www.informationweek.com/bill-gates-the-honorary-knight/d/d-id/1022841

      IT's a mad, mad, mad, mad world in deed, indeed ….. and it doesn’t appear to be wanting to get in any way saner any time soon if you can believe any and all of the media and global news reports ……. although appearances can be quite deceptive and totally misleading. :-)

      Such craziness makes for a quite an interesting novel future and interesting future novel[s] ….. and may the Best Beta Master Peace win win for who dares care share is what AIMissions with Global Operating Devices in Dark and Darker Web Ventures is Trailing and Trialing/Monitoring and Mentoring. I Kid U Not. :-)

      1. kmac499

        Re: Access to a datacenter facility in Dublin ..

        amanfrommars 1

        "At the heart of the issue is if you have nothing to fear you have nothing to hide"

        That old chestnut again confusing privacy and secrecy. ..

        Sorry this is just a dumbass attitude often said by one group of people judging another group. Usually with the first group of people fiercely protecting what they regard as traditionally private and personal information (i.e income and financial matters.) whilst expecting others who may not give a stuff about such matters to disclose things that they regard as very private and personal. (ie Data held on the internet.)

        To anyone who trots out this canard I would simply say publish everything about your life. Bank Balance, Tax details, Health Records etc.. after all you obviously have nothing to fear

      2. Fred Flintstone Gold badge

        Re: Access to a datacenter facility in Dublin ..

        Epic, I like it.

        if you have nothing to fear you have nothing to hide

        Sure, that's why we cannot see the personal details of the Google and Facebook owners, nor of senior people at Microsoft or politicians in the US - it's nice they explain themselves that they do indeed have skeletons around. It's rare people are that open, so appreciate it.

        Isn't Bill Gates an honourable knight of the British Empire servering Queen and country

        I have a bit of a problem with the meaning of "honourable" in this context, it doesn't appear to mean what I understand it to be. It's sometimes hard not to be a native English speaker..

    2. phuzz Silver badge
      Alien

      Re: Access to a datacenter facility in Dublin ..

      It seems not everyone has met the manfrommars and it's Markov chains yet.

      1. Michael Wojcik Silver badge

        Re: Access to a datacenter facility in Dublin ..

        It seems not everyone has met the manfrommars and it's Markov chains yet

        Certainly they haven't learned to read what amfm1 actually writes, rather than what they think he wrote.

        Hint: "if you have nothing to fear you have nothing to hide" is not the same claim as the more common "if you have nothing to hide you have nothing to fear". That, in fact, appears to be the heart of the implied argument amfm1 intended1 in the first part of that paragraph.

  7. Anonymous Coward
    Anonymous Coward

    Clueless

    Any U.S. or internet based company is going to be subject to full discosure of data so they might as well get use to it.

  8. John Smith 19 Gold badge
    Gimp

    TL:DR version. We are the US govt, all your data belong to us.

    And if that one don't work there's always THE PATRIOT Act.

    While the USG runs round more paranoid than a coked up drug lord this will continue.

    Microsoft is doing this for marketing to show they are making some (very slight) effort to protect their customers privacy but it's BS as they know they will loose.

    US based US companies have no choice. Their law makes them untrustworthy.

    So don't trust them.

    1. Anonymous Coward
      Anonymous Coward

      Re: TL:DR version. We are the US govt, all your data belong to us.

      US based US companies have no choice. Their law makes them untrustworthy.

      It's actually any company based in the US of having their HQ there, but for the rest you're correct, and it's worse than most people think. There are actually 5 laws that actively interfere with any attempt by a US company to protect data, the USA PATRIOT Act and ECPA are just two of them. More damning is the fact that all these laws are federal, which means they override any state law, so beautifiers like the Californian effort to create a privacy law are merely cosmetic.

      Where this gets entertaining is when you translate that in money. I have no idea how much money US businesses make in Europe, but as a result of those laws an EU company can in principle let no data escape to the US if it is deemed of a personal nature or they'd be breaking the law.

      Can they fix that? Sure. But it's federal law, and you cannot change a federal law in a couple of weeks, that takes years. And there are 5 of them. And that's assuming they WANT to change them - they got into that state for a reason.

      Hence the hardcore haggling in Brussels..

  9. thomaskwscott

    You don't often hear me saying this but Go On Microsoft! This kind of thing needs to be challenged openly if just to establish what the correct practice "should" be. As has previously been mentioned it makes little difference in practice as there are other less transparent pieces of legislation US government slurpers can hide behind but it can hopefully go someway to avoiding the current headaches we suffer in putting sensitive European data on American company's servers in Europe.

    I just finished a project where we used the Amazon cloud in Ireland to store and process financial data that could have been classified as sensitive. Cue hours of negotiations with regulators, compliance and Amazon lawyers...

    1. John Smith 19 Gold badge
      Thumb Up

      "I just finished a project where we used the Amazon cloud in Ireland to store and process financial data that could have been classified as sensitive. Cue hours of negotiations with regulators, compliance and Amazon lawyers..."

      Damm right. That's an excellent bit of good systems design in the true sense. Now you're starting to do some proper thinking about security.

      Bo**cks to this "It's in the cloud" BS.

      No. It's in a globally distributed server farm you markedroid.

      Now which part of that farm is it in and whose jurisdiction does it come under?

      To any developers out there who are have time on their hands. The ultimate solution is a database that uses encrypted data and metadata storage yet still remains searchable by local clients IE not in the cloud itself, as that would throw all your security down the drain.

      How you implement this I have no f**king clue, but I'm certain the smart a**e that does (and can prove it) will make a serious amount of cash.

  10. David Pearce

    Allowing the US to take sensitive government data from several countries in Asia could earn some MS executives the death penalty. Interesting clash of jurisdictions

  11. Jason 41
    Holmes

    Sleight of hand?

    Waiving a court order in one hand, doesn't it make you wonder what they're giving away with the other?

    Hell, MS might even be playing an NSA stooge here!

    </end of cabaret themed post>

  12. Anonymous Coward
    Anonymous Coward

    Angela Merkel is Right?

    Now we understand that such as MS and the other sons and daughters of the data leakers are not suitable business partners.

    Angela Merkel is correct to suggest we require European companies with NO connection to the land of the slaves. Then the data thieving yanks with their imperial colonialist desire can stay home and stew.

    Hopefully we can start on the tax free activities of that fruity bunch of tax dodgers who set up base in Ireland. At least the EU are starting to look, I do hope that 100% compound interest can also be applied, compounded for each year of tax evasion.

    Perhaps they should also forfeit their wonderfully rubbish patents as well?

    As those of the wrong side of the pond want to play dirty and are now happy to publicly display the fact, we should think seriously about applying a 'BP legal restoration tax' to the Yank corporations who are happy to see their bent abusive legal crap shoot abused the way it is these days

  13. Wardy01

    Maybe im just stating the obvious but ...

    Can't the US gov just get a copy from the NSA backup of all M$ data?

  14. John Smith 19 Gold badge
    Joke

    The NSA: "Don't think of as as the enemy of democracy and privacy"

    Think of us as more your universal backup service for everything, PC, phone, tablet.

  15. Irony Deficient

    Thanks for the laugh.

    “Verizon highly values the privacy of its customers and the confidentiality of their information, and makes great efforts to protect its customers’ interests,” the company said in its filing.

This topic is closed for new posts.

Other stories you might like