Is that a cloud coffin nail I see before me?
More like a bunch of them I think.
Microsoft has lost the first round in its fight to stop the US authorities from seizing customer data stored inside its overseas data centers. Following a two-hour hearing before the US District Court for the Southern District of New York on Thursday, District Judge Loretta Preska ruled that a US warrant ordering Microsoft to …
" I would hate to be the admin who convinced their company to move to the cloud within the past few years"
When did the admin have that much clout? It's usually an out-of-their-depth CIO who's going along with the CEO, who in turn was taken out for a very nice lunch by a bunch of IT or management consultants, and they told the CEO that the cloud was where it was happening, and if his company didn't move there, then competitors would eat his very nice lunch.
I'm not sure why directors are so gullible when faced with the sleazebag liars of the consultancy sectors, but all important aspects of corporate decision making seem to involve paying these people ludicrous amounts of money to sell poor quality and undifferentiated corporate, technological or commercial strategies that never address the real issues facing the companies concerned. Eighteen months later, the same consultants are re-employed and paid handsomely to offer some new insight, which in reality is a vast pile of powerpoint slides making irrelevant, selective and out of date comparisons, and has been marginally re-worked (by a handful of well qualified graduates with no real world experience) from a version touted round every competing player in the industry over previous months.
Because then they can tell the world that they have saved x by going with outsourced, the cost is transferred from one set of overheads to another. This makes their company profile look better to the people who invest because it fits better their expected company model on overheads etc. so the share price rises.
But in reality no one sees the decrease in efficiency in other parts of the company who now can't get IT problems sorted out so put in old style time consuming workarounds, and no one is left to tell the Director they are being ripped off because thought it only costs peanuts per hour - those peanuts add up when it takes weeks when someone who knew the system would fix in minutes
"It's usually an out-of-their-depth CIO who's going along with the CEO, who in turn was taken out for a very nice lunch by a bunch of IT or management consultants, and they told the CEO that the cloud was where it was happening, and if his company didn't move there, then competitors would eat his very nice lunch."
I'm sure that helps, but it's usually the vast cost savings that really facilitate moving stuff to cloud based services...Our email and collaboration infrastructure is now effectively free after moving to Office 365 when we consider that a full Office license was included!
What a circus. I think we will discover that nailing clouds is even harder than nailing jelly to a wall.
Can't wait to see which country becomes the first to provide proper data protection within its own borders while the US shoots itself in both feet. 'murrican companies are not the only ones selling cloud services, they are just the biggest. I wonder how long that will last.
You write: " I wonder how long that will last."
Long. VERY long. Simply because proper such protections will ultimately mean gunships.
Connect the dots: Data protection -> IP Piracy -> Money Laundering -> Drug Trafficking/Terrorism -> Frozen off USD denominated financial markets -> Commerce is severely hampered
So whoever decides on proper data protection will soon find themselves in the pervailing axis of badness of the time.
Anyone who cares about protecting their data will move it offshore or into their basement, much as corps and various bad guys already do with their money. The smart ones make sure they have good tax lawyers and follow all extant legislation. Right now, data protection is a legal and regulatory nightmare for banks, companies and governments. It is strangling a nascent recovery. The "your data are belong to us" mentality is an opening US salvo in a global trade war for everyone's data. It is the new gold and Amerika wants it all.
Commerce has not yet been severely hampered, just greatly inconvenienced. Like the dinosaurs in Jurassic Park, business will always find a way.
MS is trying to help clear the legal landscape so it can successfully market cloud services in non-US markets. Meanwhile the smart money will stay in smart people's wallets or look for alternatives. I predict more fragmentation and pretty good short-term opportunities for a few brave captains of enterprise and potential misery for many others. I am all for rule-of-law, but it has to be wielded by people who have a clue. And that is what is missing here.
It doesn't look very good, but if other countries just roll over and take it up the caboose, it won't get any better.
Letting the US legal system slowly define international data privacy and protection principles is like letting a lumbering, blind, mentally retarded, physically handicapped, heavily armed pedophile guard an orphanage. It ain't gonna work. Extra-territorial laws will just lead to war, oppression, confusion and pain. Check your history books.
All of us (not just Microsoft) need to fight this shit.
Agreed. What I was alluding to is the excuses employed to stop anyone granting proper data protection.
The EU, having repeatedly bent over to accommodate the yanks already is hardly likely to put up a fight.
As for China, I think there's a contradiction in terms if China starts defending data privacy (not a native English speaker but something about foxes and henhouses springs to mind).
Putting your data on a Microsoft server in Ireland rather than one outside the EU would comply with EU data protection laws, however it now appears that those rules are ineffective and need to be reviewed. But how do you do that? The contract is with Microsoft Operations Ireland Ltd, a company registered in an EU country. Ownership of an Irish company or a company based anywhere else in the EU could change at any time.
Switzerland is the country you are looking for.
Yes and no - a few caveats apply. If you just set up a subsidiary there you have effectively gained nothing (sorry, US pretenders, but I know the laws here). In addition, the actual law that applies is the one that is formulated in Switzerland's national languages - that list does NOT include English. Next, there is the practical implementation of law and the connections you need to make that happen properly (you don't do this overnight, trust me), and last but not least, you must not just understand Swiss privacy law, but also how they work and how international requests for assistance work, there are plenty of land mines in that alone.
You need an in-depth understanding of the full legal picture (and how to screen for "unofficial leverage"), just placing your butt in Switzerland is not enough. Sadly, a number of US companies are doing exactly that, and are thus giving their clients a false sense of security (and that list includes some rather well known names).
Beware - deceiving customers is a LOT cheaper than doing it right...
I don't understand why this is even necessary. International co-operation between law enforcement agencies investigating drugs smuggling is AFAIK totally normally and non-contentious, at least in the Civilised World (tm).
Why don't the feds simply ask the Irish authorities for their help instead of bludgeoning the US tech industry to smithereens? That would be a lot simpler, quicker and would leave everyone including most users (apart from the individual(s) being investigated) entirely happy that things have been done properly.
This result will apply to Google and Apple too. If you're anyone anywhere in the world with an Android or iPhone or WinPhone then all your stuff can be asked for by Uncle Sam no matter where you live.
Seems to me that the consequences are severe:
1) If you're a company using Office 365, outlook.com, Gmail or Google Apps, or AWS, etc. then all your data can now be accessed by Uncle Sam. Any US agency with a warrant can get access to your stuff. That's not just law enforcement remember, I expect other parts of the US government can issue a warrant too. So if some agency in the US government fancies a peek at, for example, your intellectual property they can simply ask MS, Google, or whoever to hand it over. Continued use of those services is in effect taking a gamble that that won't happen. Is it worth risking an IPR leak just to save a bit of IT admin money?
2) BOYD suddenly looks like a bad idea for the same reason. Android and Apple kit is all heavily tied into their respective clouds, and who knows what is synced to their servers. Presumably it's the same for Microsoft phones too. The exception is BlackBerries tied to a company's servers using BES, where only the company (and not Blackberry) has the encryption keys. Or at least that's the idea.
3) This now exposes every business / financial person worldwide to the all encompassing US Wire Fraud Act. Previously to be subject to this your discussion about dodgy deals had to pass through US based servers. Now if you use an iPhone (or whatever) in London to discuss (or even just joke about) a dodgy share deal with a colleague in London then they have both committed a criminal offence under US law. People have already been extradited from Europe to the US and jailed for Wire Fraud offenses; it's now become a whole lot easier.
In short if you use US owned services or have an iPhone, Android or WinPhone (which will use those services behind your back) you are now subject to US law, even if you have no dealings with or presence in the US. The first time you'll know that they've taken an interest in you is when you transit there and get arrested.
Providing your own services is the only way to know where your data is and how it's accessed. That's straightforward for companies to arrange, not so for individuals.
The point is of course that it isn't really about drugs or terrorism or other things they can easily ask European authorities for and it never was. It's about blanket surveillance of everyone and everything all the time specifically for all the things they cannot get warrants or cooperation for because they aren't legal or moral.
"Why don't the feds simply ask the Irish authorities for their help instead of bludgeoning the US tech industry to smithereens? That would be a lot simpler, quicker and would leave everyone including most users (apart from the individual(s) being investigated) entirely happy that things have been done properly."
Because they would be told to fuck off in no uncertain terms. The "Civilised World (tm)" has a concept you might have heard of known as "presumed innocent until proven guilty", the US has a shortened that to "presumed guilty".
"Because they would be told to fuck off in no uncertain terms. The "Civilised World (tm)" has a concept you might have heard of known as "presumed innocent until proven guilty", the US has a shortened that to "presumed guilty".
That's mostly missing the point. International cooperation in drugs investigations is quite normal, and good cooperation leads to good results. This move by the US is tantamount to saying to other countries "We don't need your cooperation anymore". That's going to sour any existing investigatorial cooperation agreements, so the results on the whole will be worse. That's the last thing everyone needs, especially after all the badies will have moved away from US-associated services.
Regarding your quoting of "presumed innocent until proven guilty"; crime has to be investigated (we all want that to happen and happen properly, right?), it's just they're setting about investigating this one in a manner that will annoy a lot of people, countries and companies. If this is really just a fishing expedition then the US is going to cause itself a lot of harm with nothing up front to say that it's worth it. If it's definitely more than a fishing trip then it's a big insult to the Irish; it amounts to saying that the US doesn't trust them to help in an important investigation.
Given the way the Irish government has rolled over in order to get US corporations based on its territory, and given the notorious level of Irish government corruption, I doubt they would tell the US anything other than to hand over the usual brown paper bag of euros in exchange for what they wanted.
It's an interesting idea - law enforcement agencies are only allowed to seek evidence once the criminal has been convicted. However, there would seem to be certain practical problems with that.
It's a matter of transparency and balance. Law enforcement gets the privilege to ignore certain rights and obligations we have as members of a society for a reason - we WANT them to catch bad guys. However, they are not to use those privileges for anything else, which is what is happening now. Hence the need for much better transparency and control or there will come a reaction and a possibly far harsher clampdown that is good to keep law enforcement functioning. However, until there is evidence that they can be trusted with the powers they ask for, I certainly am not willing to hand them even more.
However, until there is evidence that they can be trusted with the powers they ask for, I certainly am not willing to hand them even more.
Two comments: The first is that I would amend the italicized bit to read ". . . until there is evidence that they can be trusted with the powers that they HAVE . . .:
The second is that I take issue with the notion that law enforcement gets to ignore any of the rights and obligations of other members of society at large. In theory, a society accords them certain privileges and powers under a rule of law, so that they can exercise certain responsibilities on its behalf.
Law enforcement can, and occasionally does, ignore the fundamental rights and freedoms of the people it serves. But when they and we accept it as being appropriate the practical ability to attain any degree of balance and transparency are lost. We, as members of society, have no basis for requesting them. Law enforcement has no incentive reason to supply them.
In short if you use US owned services or have an iPhone, Android or WinPhone (which will use those services behind your back) you are now subject to US law, even if you have no dealings with or presence in the US. The first time you'll know that they've taken an interest in you is when you transit there and get arrested.
Dear fellow A/C, there is no "now" - THIS HAS BEEN THE CASE EVEN BEFORE 9/11.
However, post 9/11, even the last shred of control and transparency was sacrified to the greater good of
keeping the war spend going "protecting Americans" and the fact that the vast majority of people on the globe are NOT Americans clearly defines them as fair game.
You have struck upon the dark secret especially Silicon Valley has been desperate to keep from you: there isn't a single US based entity that is legally in a position to protect your information if the authorities come a-knocking for whatever reason: there is a heady blend of 5 federal laws that allow them to walk in and get that data. Considering EU law, if you are a EU company you should not even /consider/ using a US company (or one with a HQ in the US) because they will cause you to be in breach before you know it. Now think what that means: still feeling clever for moving your company's email to Google (hello, Virgin Media)?
This is also the source of all these announcements of multimillion dollar investments in those new companies that will "save you from the NSA": camouflage. Because they cannot. And Silicon Valley companies did that all by themselves...
"Presumably it's the same for Microsoft phones too. The exception is BlackBerries tied to a company's servers using BES, where only the company (and not Blackberry) has the encryption keys."
Nope - Windows Phone encryption - both SSL and Bitlocker are fully under corporate control and don't rely on cloud services from Microsoft.
The Us does currently make tonnes of requests to Ireland for data stored there. However Irelands laws on this conform to EU regulations. This means the US has to submit a full application for each request then wait for responses etc. To follow this new avenue would allow the US administration to simply bypass such regulations and trawl the data en masse, or at least with much less oversight, similar to the access they currently enjoy to their own citizens data.
Amen my friend. I've been arguing for quite a while that the "cloud" would be a privacy nightmare. A convenient one stop shop for the NSA, the DHS, the CIA and the FBI. Also, with the proof of concept recently on Amazon (botnet), the "cloud" is a hacker's wet dream. Here in the US where internet speeds vary dramatically depending on where you are and upload speeds are mostly dismal, accessibility is a real issue. Couple that with the loss of Net Neutrality and the user/business will pay a premium for faster speeds and so will the content provider. ISP's following, Wall Street's dictum, are making a play for absolute control of the internet while monetizing everything they can. Then of course, there is reliability. True mobility is not having to be connected to the internet 24/7 to get the job done or even entertain yourself, a higher end laptop will do just fine.
One already is. Earlier this month the British government passed a law asserting its right to require tech companies to produce emails stored anywhere in the world. This would include emails stored in the U.S. by Americans who have never been to the U.K.
I look forward to seeing this in operation. Should provide a fair bit of entertainment.
Indeed, the US is very much against anything happening to them, whilst at the same time doing exactly the same thing to everyone else.
And if the US law isnt up to it already, they will rush in something that shields them.
The "our troops can do no wrong" law, i forget the actual Act name, is a good example of this.
No, wasnt SoFA, thats an agreement between nations.
It was the ASPA, the American Service Members Protection Act, brought in to protect US troops from the International Criminal Court.
It even allows the President to use force to free US troops being held by the ICC, regardless of guilt.
So how many readers here, who are not US citizens, are planning to continue using Microsoft, Google or any other US based company's email or other cloud services now that this ruling says that the US can just grab what it wants from servers on foreign soil?
I am guessing this will only accelerate the UK's plan to move away from MS products, as well as Germany's!
If this ruling is upheld, they may as well just follow it up with an order to prohibit any US business overseas, because NO ONE is going to want to have their data subject to US snooping!
"Nah, they'll just bring in a law making it illegal to trade in the US or with US-based organisations if your infrastructure is not open to the US government - on the basis that you must have something to hide."
That would be slitting their own throat. The US economy would collapse literally - not figuratively - the next day.
A bit over the top on both sides. The US government won't do that (it would piss off too many Americans) and the US economy would not collapse if all non-US Microsoft/Google/Amazon etc. customers abandoned them (assuming they all could find alternatives that met their requirements).
And we are, after all, apparently talking about execution of a warrant in a criminal investigation.
"the US economy would not collapse if all non-US Microsoft/Google/Amazon etc. customers abandoned them (assuming they all could find alternatives that met their requirements)."
You don't understand what I actually wrote. I said, in essence, that "in the eyes of US.gov and US.courts, anyone who does any business whatsoever in the USA makes themselves subject to US law." That's not something you get to argue, that's proven fact at this point.
I also said "if the US passed a law that said any company with a US presence must make available all their data for review by the US government at any time the US government says so, their economy would collapse the next day." I stick by that. Because that law would mean that any Russian, Chinese, etc company that did any sort of business in the US or had a US server, or rented a US server, or used a US cloud service etc would suddenly be on the hook to pony up unlimited amounts of data to the US without a warrant - which is what this whole case is about, BTW - and that is something that the rest of the world absolutely wouldn't put up with.
Functionally, I would instantly become illegal for Chinese, Russian and EU companies to do business in or with the US overnight. That would destroy their economy. And that is the only reason they don't do it.
"And we are, after all, apparently talking about execution of a warrant in a criminal investigation."
No, we're talking about the right of police and/or the courts to access that information without a proper international warrant. Merely the demand of a local bench judge. This is a completely unprecedented scenario and could have disastrous consequences for US economic relations, especially in sensitive industries where tensions already exist and industrial espionage is already rampant.
For the reasons Mr. Pott cites, there will be no US law requiring that a company with a US presence must make its data available to the US government. On the other hand, the recently enacted UK Drip Act appears to go a few steps in that direction without triggering mass flight of businesses from there.
This case is not about an unrestricted requirement for US businesses to give up data held in foreign data centers on request of nosy government officials, or without a warrant. That would be a matter for the NSA, if anyone. It is, instead, about a warrant issued, in a criminal inquiry, by a federal judge with a passing knowledge, at least, of legal procedures and the fourth amendment. The decision, as the article pointed out, does not appear to set a precedent. The process of obtaining a warrant may present a low bar, as some of the FISA orders indicate, but it still interposes some procedural requirements and judicial review.
Trevor, Trevor, Trevor....
How would that come to happen, then? Are you saying that the not-so-gullible Europeans could possibly make up by themselves for not doing business in the US? Not really...
Or are you potentially suggesting that the shear markets in China and India are so great for (there) non-local businesses? No, I didn't think so...
Hmm, let's look at what really matters: money, and monetary policy. Most of the world's financial institutions count / compute / save their money in what is normally construed as US dollars. China may be an exception, however that is just one (albeit very large) country. And then even they report on the basis of US dollars. So doing business with / in a currency that is largely accepted seems to be advantageous.
And even apart from that stuff: Who would come up with gmail completely on a non-US basis? Not a smithereen of IT equipment anywhere in the middle may be in the US, or else they can legally intercept the communication / information.
So, the US says: Hey you're using the newly created European Internet? Tough! We don't trade with you. Do you really really think that uhm a lot of companies will jump on the European Internet? Tiny small businesses who couldn't really be bothered with the US, still might jump onto the European Internet, but other than that? You wanna facebook page / twitter account for your tiny European Internet based company? Good Luck!
If the US really would be afraid of losing business and having their throats cut, why would they fine non-US banks for crimes(?) against international law? Barclays didn't seem to mind paying up, because apparently the benfit of US customers outweighs the fine... UBS, similarly, didn't seem to mind paying up... Neither will BNP Paribas... so, your point, my dear Trevor, will largely be overlooked by the US, because there is absolutely no reason for them to be so paranoid...
"Most of the world's financial institutions count / compute / save their money in what is normally construed as US dollars. China may be an exception, however that is just one (albeit very large) country".
In other words: Russia, China, India, Brazil... plus South Africa. The thin end of a wedge consisting of all of Asia, Africa, and Latin America.
That's why they call it a trade war. Similar government idiocy greatly contributed to a perpetuation of the Great Depression well into the 1930's, eventually leading to WW II. And if you don't believe throat-slitting is already back in vogue, go read some news about the Middle East. As soon as the crazies have taken over and fully locked down the asylum (a highly advanced Work in Progress), we are all doomed.
Looks like a rather dark replay of another episode in global history, we're only missing a few bogeymen dictators with unlimited power....oh wait....
If half of the world's 2.7 Bn Internet individual users voted with their keyboards, PFS, end-to-end encryption and secure cloud services, international G-Men and other data crooks would have to go back to following the rules.
So what is stopping us ? How bad does it have to get?
"So what is stopping us?"
Near terminal laziness, starting with use of webmail, for which decent end to end encryption still is somewhere between nonexistent and seriously deficient.
"How bad does it have to get?"
For nearly all people, it will have to appear to be a lot worse than it does now, even in the mild state of moral panic in which we now find ourselves. And those who actually need end to end encryption probably are using it already, which explains the intelligence agencies' interest in communication metadata.
"Nah, they'll just bring in a law making it illegal to trade in the US or with US-based organisations if your infrastructure is not open to the US government - on the basis that you must have something to hide."
They've already done that with Swiss banks.
Remember the NatWest Three?
One potential side effect, as with corporations shielding themselves from US taxes, would be to incorporate in another country, one not inclined to comply with US law. Probably not an easy or inexpensive feat for existing companies, but a definite consideration for startups.
Sorry, but no. The issue is "US legal attack surface." It doesn't matter if you are incorporated in another country. If you have any operations or assets in the US, then the US will say you must comply with them. That includes - at la megaupload - even renting servers in the US.
So not only is Microsoft legally bound to turn over all foreign data it controls, but if you use Microsoft's Azure and Office 365 then you are making yourself and your company subject to American law.
Now where is that Anonymous Coward Microsoft marketing shill to tell us how this is all totally irrelevant because Microsoft is the greatest company on Earth and the cloud is the future? Something comes up that on the face of it seems to be downright horrible for any non-Americans who might want to use cloudy computing - and it's certainly bad for Microsoft, who has bet the farm on same - and he's suddenly nowhere to be found!
Come on, let's get a debate going here, where he can jump in with things like "if you have nothing to hide you have nothing to fear". I really do want to see him worm his way out of the fact that the US feels it has sovereignty over my data.
Dance marketing shill sockpuppet, dance!
The many billions that MS make from O365 seem to indicate that not many companies share your paranoid views Trevor. The plus side of all this cloudy stuff of course is that all the moaning junior sys admin cum 'journalists' that blather their 'Linux is great and MS is evil' views all over the internet will be looking for a new job as they will be surplus to requirements.
Whereas, us marketing and sales 'shills' who sell this cloudy stuff will continue to thrive :-)
Oh hey cowardly scumtoad! How ya been? Totally off your rocker as usual? Awesome.
I don't know where you've ever seem me saying "Linux is great". Must be those drug induced hallucinations of yours. I seem to recall writing quite a few articles and comments that thrashed various bits of Linux, from the community to specific packages. But how great or not Linux is doesn't change the fact that Microsoft behaves in a manner that is quite decidedly evil.
As for your "Microsoft makes many billions" off of Office 365, you are again full of shit. Office 365 is still only somewhere around $1.5B annual run rate. Run rate. Not profit. And there's a lot of money to be made from Americans and from those foreigners who either don't have data protection laws or don't care about their own data protection laws. Capitalizing on stupidity has proven profitable throughout human history.
But I note again that you keep pointing to the amount of revenue Microsoft pulls in as an attempt to demonstrate that Office 365 must have some "obvious" value. You never actually manage to prove this, you just assert and assert and point to revenue figures.
So let me repeat a few things. First: the mafia makes a big swack of cash out of protection money too. They will break your kneecaps if you don't pay up. That doesn't make the "service" the mafia provides good value for dollar. Secondly, a lot of companies - especially enterprises - get in bed with services like Office 365 and Azure not because it offers the best value for dollar, but because it allows those companies to bypass their internal purchasing rules and get what they want with less fighting.
One day, maybe, cloud computing will be a good enough value for dollar that it is ready to take over for locally run systems and permanently purchased licenses for all segments. Personally, I look forward to that day.
As much as you are completely incapable of understanding this, I don't want to run servers. I'm not some locally-installed systems fetishist trying to protect their job. I hate fixing computers. It's boring and it doesn't pay well when compared to creating content for marketing or even to tech journalism. With any luck, I'll be mostly out of the game by January, keeping my hand in only for select companies and as a consultant on some larger projects. (I have a 100,000 node dual-DC project in mid 2015, as one example.)
I don't want to own and run servers. I don't want to maintain servers for my clients. I don't like doing any of that shit at all. Wanting cloud computing to take over this tedium for me still doesn't make cloud computing the best value for dollar for my company or those of my clients.
Unlike certain anonymous cowards, I'm not some deluded narcissist that thinks that whatever I happen to like or believe magically becomes true. My job isn't to proselytize a religion, or profess a belief. It isn't to shill for a company or to push one computing model. My job is to find the best solution for my client's specific needs amongst the available offerings and to do so without any blinders or biases, even if that means recommending services or products I personally dislike.
Oddly enough, that's the exact same attitude I bring to my writing.
And yes, more than just the technology matters. Value for dollar encompasses everything from the trustworthiness of the company to the availability and visibility of a long term strategy, to the planned refresh cycles, to the history (if any exists) of the company and how it treats it's customers/partners/etc all the way through to disaster planning that ranges from technology to dips in revenue that could affect the availability or functionality of subscription-based IT services.
All of it has to be looked at, analyzed, and planned for bearing in mind the level of risk acceptance/aversion of the people who actually own and operate the companies in question.
As to my continued relevance, we....I'm a systems administrator by trade. I have backup plans for everything. I suspect I'll be here to refute your bullshit for quite some time to come.
You, on the other hand, only seem to have assertions to offer. Oh, that and calling me "paranoid". Good show, that really served as a grand comeback to the real world issues of both the legal complexities of data sovereignty and the ethical issues that underpin the whole conversation. Congratulations on that riposte, it was absolutely legendary.
At the end of the day, I am who I am, and the people who read my words - as an article or as a comment - can learn about my background and me in depth quite easily. They have a dozen ways to contact me to ask me specific questions about why I might say this or that. Ultimately, if something I say worries them or makes them want to chase that topic more to understand if something could affect them the ability to do so is there...and because they know my real name they can even quite easily find people who've worked with me in the real world and ask them pointed questions. My life, in that regard at least, is an open book.
You, on the other hand, are a coward. You won't put your name and your reputation to your comments. There's no ability to check out your background or question those you've worked with. There's nothing but assertion after assertion after assertion, most of it straight out of Microsoft's marketing guide. Hell you're arguments even evolve to echo Microsoft's marketing arguments whenever their playbook changes!
You don't offer a thoughtful, considered viewpoint with any depth of complexity. There's no nuance to your assertions and there's no middle ground. You parrot back Microsoft's party line with a dull persistence that borders on an elemental force while viciously attacking Linux, often with outright lies or - at best - half truths.
I despise you. Not because of what you say, but because of how you say it. I have no respect for you because you hide behind a cloak of anonymity, and use baseless assertions, lies, half truths and ad homenims to push an agenda that you hew to with religious fervor.
I despise everything you represent not because you champion a cause I disagree with, but because you go about it in a manner that lacks any form of personal honour. You are a bad person and - to be perfectly blunt - you make Microsoft look very, very bad.
That you personally champion Microsoft is probably as responsible for my loathing of Microsoft's business practices as what Microsoft actually does. You are the living embodiment of Microsoft's marketing messaging and methodology. Their voice made manifest.
For all the evil that Microsoft actually perpetuates it is the utter contempt with which they treat customers, partners, developers and staff that I find detracts most from their credibility and their trustworthiness. Every single post you make reinforces the reasons for that for me. it reminds me all over again exactly what it is about that company that is impossible to work with.
You are a poison. One set loose on the internet without restriction or morality...but it is your host that you are poisoning. It is Microsoft's name and image that you are degrading, not that of Linux, Apple or any other Redmondian competitors.
You obviously couldn't care less about what I think, and that's entirely your right. But I am absolutely positive that I don't speak merely for myself regarding the above. I am positive of this because I have had hundreds of commenters reach out to me to either complain about you, thank me for engaging with you or both.
So by all means continue with your manufactured tirade against me, Linux and whatever else you can find while pimping and promoting Microsoft. No matter how much you frustrate me personally, you ultimately are doing Microsoft a far greater disservice than I - or anyone else on these forums - ever could.
In the future, however, your arguments might bear a little bit more weight if you disabused yourself of ridiculous notions like "Trevor hates the public cloud" or "Trevor loves Linux." For the record, I hate everything until it has proven itself to me, and even then I am only interested in those products, services, companies and individuals which can be shown to provide the maximum value for dollar for the individual or company in question. And I absolutely don't believe that one size fits all.
Now, you can take all of this and twist it around, take it out of context or attempt to use it to paint me as a small man who obviously isn't as important as yourself. (And how could anyone ever know? As an anonymous coward you are nobody and you mean nothing.) Go right ahead. I'm not posting this for you. I'm posting it for me. To vent my spleen and so that I have a post to link to for future interactions.
Good luck with all your endeavors in the future.
Well said Sir!
I've been saying the same for several years when I found out that the US had passed a law extending their boundaries to the whole planet.
As I worked for a US company for 20years, I know from the mandatory US Export Licensing Training that we had to do, US Law applied to us even though we worked in the EU. What the US says basically trumps local law.
It does not need a PHD in Rocket Propulsion to realise that doing ANY business with a company that has ANY sort of presence in the US means that YOU are a potential target for US Lawmen. There is no escape.
So Mr Pott, have one on me.
The sooner more people understand the legal risks on doing business with the US the better.
What the US says basically trumps local law.
Only in the eyes of the US.
The local lawmakers still believe - rightly, IMO - that their laws apply in their territories.
This leaves US companies in something of an invidious position; it is entirely possible that, whatever they choose to do, they will be breaking one or other of the laws that apply to them.
I don't see this ending well...
"Good luck with all your endeavors in the future."
Wow! I did enjoy that Mr Pott. Reading it was like watching some gobshite in the pub finally given the good kicking they richly deserved, each finely crafted paragraph like a fast moving boot decelerating against sensitive body parts.
"Then if he/she didn't post as AC he/she would be able to put a "Joke" icon!"
But I thought posting as AC was part of the joke! After all it was a response to Trevor's justified rant against the AC MS shill. The problem with AC posts is that we never know how many or who they are.
"Oh hey cowardly scumtoad! How ya been? Totally off your rocker as usual? Awesome."
<snip magnificent vade mecum for vitriol and consultant ethics >
Said in my best Sergeant Major Shout:
Mr Potts!!! Stand back that man stand back!!!
Lovely post by a man call Trev' (1.)!
1. Probably a hated shortening like some that I have.
Wow, nice job/post. However, living in the US, I do "hate the cloud". None of the cloud services are talking at all about Privacy, Security, Accessibility nor Reliability, at least publicly. Amazon remained absolutely quiet after a Botnet was easily set up in their cloud. And Office 365? Why would I want to use that? I have always run Office locally and will continue to do such. Oh, MS said that way you will always access the latest and greatest. Really? I don't remember managing the infrequent Office updates to be a daunting task. Office upgrades have become less and less useful so I don't see the value there. In the US, we clearly have the most expensive internet and far from the fastest or most reliable. The ISP's are consolidating for control of the internet and they charge a premium for faster speeds and content providers will be charged to not be throttled. Remember, the ISP's are also the TV providers. Now many companies are providing cheesy data plans that are easy to exceed, so one gets pushed into more expensive monthly data plans. In other words, the "cloud" is slowly being forced on us in the United States. American companies seem to feel if they want it, build it and sell investors on it, you will use it one way or another.
Proper debate is good. First lets work out if we want to start talking about civil law or criminal law as the law works differently in each case. Civil law is bad enough (Think about the Spamhaus being sued by spammer fellow and because Spamhaus made a small error whilst trying to state that the court in question had no jurisdiction they had a default judgement made against them (I paraphrase massively). However in the civil courts it is not possible to make the kind of "give us all the data and don't tell anybody" demands which are being talked about in this article.
Here we seem to be talking about criminal law as it involves the Feds looking for information on a criminal matter. Now assuming we are talking about criminal then are we talking about common or garden crime or are we talking about the kind of stuff that intelligence services will get involved in?
If it's common or garden crime then I totally agree that one countries law enforcement can speak to another countries law enforcement and get the information they want through co-operation. Unless I am mistaken that has been going on for a long long time. Don't get me wrong I don't think that it's as fair as it should be at the moment with some very lopsided sided extradition agreements (Mckinnon and many others) in place. However the point it that this isn't new.
If we are talking about super secrit spies and stuff then we are in the territory of "memorandum of understanding" which have been in place for a long long time and where one government's spies can ask another government's spies to share information. The bit about the government being able to secretly grab your data is specifically only about metadata NOT about content. In order to be able to get the content the US law is very clear about judicial oversight and due process. IF the US government really think that there is something on your servers which falls into the category of "terrorism" then they are going to get by having the UK police knock on your door with a warrant.
What's my point? Perhaps the US is trying to throw its weight around by making it easier to grab the information it needs but actually whilst these may (may) be new powers the tools to get this information has been around for a long time.
If you don't want to be subject to US jurisdiction then the number one thing to do would be not to do business with the US or with any US company.
Also this is all about risk and risk management. To my mind your data is no safer on your own servers than it is in the cloud unless you want to encrypt it and refuse to hand over the keys (and are therefore prepared to go to jail for not handing over the key)
The whole "Those with nothing to hide have nothing to fear" is a pretty stupid soundbite used by both sides to show that the other side are bad...
"To my mind your data is no safer on your own servers than it is in the cloud unless you want to encrypt it and refuse to hand over the keys (and are therefore prepared to go to jail for not handing over the key)".
No. If I were living in Ireland then the only authority to make me hand over my keys would be the Irish courts. End of story.
What we have here is the US demanding the data on a non-US service/server based on the company having ties to the US. Had they the slightest sense of decency and international decorum, they would have made a formal request to the Irish law enforcement agencies who, no doubt would have cooperated if there was probable cause.
In that case here I'm pretty sure the comentards on this forum would have supported it as the proper legal process.
"In that case here I'm pretty sure the comentards on this forum would have supported it as the proper legal process."
Exactly! Due process is due process and is generally right and proper. The US has declared that it is the worlds policeman and has the right to do what it wants wherever it wants so I suppose it is logical that it wants to do the same in the digital domain.
Stand by for an invasion of servers having funny domain endings.
Sad really, what a shit place to bring up kids.
You really think "content" is not extracted? That US laws and oversight protect such an intrusion? Wow, I have a bridge in Brooklyn that I'd like to sell you. Interested? Yes spying has a long history, however, with current and upcoming technology, the extent of spying is unprecedented and the fact that everyone is fair game is Orwellian.
"The whole "Those with nothing to hide have nothing to fear" is a pretty stupid soundbite used by both sides to show that the other side are bad..."
That line is really so retarded; it makes you wonder how that person graduated from primary school as it's so fundamentally flawed, I mean try saying that line to the Jews during WW2.
Purely as a thought experiment, what would happen if some Irish judge decided that the tech companies in Ireland had an Irish legal attack surface? He or she could get at all data held by US companies around the world with some shoebox office in Ireland just to take advantage of tax laws in the same way. And they would have them by the balls if they said something like "give me the data I want or cease operations in Ireland".
What would the US say about that?
@Dan 55 Loud and raucous laughter on the other side of the pond, would be my first guess.
But Irish jokes aside, it would be a valid thought experiment indeed, and it would be great to see an MS lawyer trot it out into court. I suspect he'd be cited for contempt.
The only good news about this is that the scary dark underbelly of US over-reach gets dragged out into the light for everyone to see. What happens now is anybody's guess.
Based on past performance, I am not very optimistic.
I think this will depend on who has the bigger stick to wield over the company the "Good ol" USA or the EU.
As these warrants or whatever letter is used to get the tech company to provide the data from the EU data centre, i guess that the local company may be in breach of EU data protection regulations for giving out the information without a LOCAL issued warrant so are the CEO and board of the company more worried about fines from the EU or sitting in the clink in some super max prison in the middle of Nevada with Bubba as a cell mate. and as they probably reside in the USA they will be more scared or personal risk than company risk.
the only way Microsoft can win trust from non USA customers (even USA Customers :-( ) and show they actually have the rights and data of their clients as a priority and to "protect" their bottom line ie the freedom of their bosses is to bring out the next generation of Windows (WITH A START BUTTON) and software like office to include local strong encryption of data BEFORE any of it is loaded in to ANY cloud so only the user has the key. and to implement Dark mail in to outlook and Exchange for good measure.
"What would the US say about that?"
I imagine they would ignore it to start with. Then, if the Irish started actually to do something, they would have a quiet word with the Irish President. Along the lines of "how would you like your little island turned into a nice shiny lake of radioactive emerald glass?"
"I really do want to see him worm his way out of the fact that the US feels it has sovereignty over my data"...
Granted it is your data. However, because it uses communication technology operated by US companies, the US government feels as though the can snoop on it. So they don't give a monkey's behind that it's your data. All they care about is to incriminate you, should you ever have something against the US. And for that, my man, they need to know what you think, write, talk about...
So they spy...
Agreed old chap.
"Dance marketing shill sockpuppet, dance!"
I have successfully fought off the cloud for the past few years in the same way I fought off Exchange and batteries of Windows servers. A nice man called me in today, thanked me for all I had done and passed over a nice bunch of Euros and a booking for four at one of Ramsey's restaurants. I guess it was this announcement among other things that triggered their response although I am helping them go national.
When I used to have to work less selectively I used to tell people "if the answer is Microsoft then you have misunderstood the question".
Old truism that is equally valid today as it was then.
This is interesting. What about US companies operating government contracts in other countries.
For example, in the UK, IBM run parts of the IT for the DVLA, the ID and Passort Service, parts of DEFRA, and probably other government or civil service entities. I think HP has a strong relationship with the Inland Revenue, and I'm absolutely certain that there is one or more US company associated with running the NHS IT systems.
And the UK Government has said that it intends to use Office 365 (although how that sits with the ODF statement recently, I don't know).
~90% won't care enough to do anything
~9% will care and actually do something, but won't carry it through
~1% actually will do something effective
~0.01% actually will benefit in a measurable way
US Tech companies won't suffer a lot.
Sadly this true!
"I am guessing this will only accelerate the UK's plan to move away from MS products, as well as Germany's!"
I think it may have escaped your notice that GCHQ and the NSA are joined at the hip. They are both unaccountable, both share the same mission to spy on both native and foreign populations to the maximum extent that technology will allow, and operate with a complete lack of proper oversight and a near limitless budget. The US and British government (whilst still spying on each other) have happily co-operated to share the job of global spy in chief, and the idea that the UK is moving away from MS products or taking a stand over NSA intrusion is sadly nonsense.
I think you're referring to the supposed adoption with immediate effect of ODF by government instead of proprietary MS formats, but this is tokenism, as most departments continue to publish Word and Excel documents, and even if they used ODF or HTML they won't have used FoOSS to write them.
NSA and GCHQ are not really the point here; the main arguments being presented are about the extension of US laws to all nations by use of services and servers either based in the USA or provided by companies who are either domiciled in the USA or are controlled by such. What GCHQ does by spying on USA citizens and then allowing our country cousins access to the information would be illegal as far as the USA courts are concerned but hey, it doesn't happen.
Didn't Germany cancel Verizon's contract and kick them out due to US spying? I hope this is only the beginning. I'm a US citizen and hope that Europe and other nations start pushing back, hard, on America's Orwellian surveillance. After all, what is the US going to do about it? Nothing. Washington is so gridlocked they can't even agree on toilet paper. I store nothing in the "cloud". I download my emails via Outlook, then the emails are deleted from the server thereafter. One thing other countries need to realize is the parasites on Wall Street have instituted a perpetual growth model. In order to maintain that momentum, globalization is absolutely necessary or the system will collapse. If American companies are not welcomed abroad due to these unprecedented over-reaching laws we might actually see the business and investment machinery unite to stop this intrusion for survival purposes.
" Because Microsoft is a US company and it "controls" the data held in its overseas servers, they reasoned, the same rules apply."
It would be interesting to hear the opinions of an Irish judge on the question of whether Irish data protection laws don't apply to Microsoft servers in Ireland simply because MS are a US company.
If the warrant has been served on Microsoft in the US on the basis that Microsoft controls Microsoft Ireland then the obtaining of the data would be an internal activity which would be out of site of the Irish courts. Unless the specific individual knew that a)they were being investigated and b)that the warrant had been issued so at to be able to seek an injunction from an Irish court then the Irish would have not involvement in the decision to hand the data over.
Only in the US court's view. In the Irish court's view MS Ireland would be guilty of breaking the injunction with the consequent fine or jail sentence for the directors that that entails.
This is why we generally have laws that stop at national borders. If they don't then they usually involve arrest upon return or cooperation with other countries' legal systems. Apart from the US of course because US.
Yes, but paying tax is not the same as being independent - your parent company may own you and you poor Irish subsidiary may be making massive *cough* profits due to trading with said parent company and then proceed to say pay a lower tax rate than the parent company would.
But your US parent company still owns you=>has control. (Though I agree popcorn may be in short supply if Irish judges/privacy commissioners get involved for the opposite view)
Not really. It just raises the cost.
I'd expect all data to be synced to multiple data-centres and T&C's in all usage agreements saying that you don't mind data being stored in the US. This is Cloud, so the idea is that you don't care where the data is stored.
There are two parts to this:
a) Explicit Cloud usage. You don't use the cloud to store medical data for example. That's obvious and simple to deal with.
b) "sneaky Cloud." That's things like storing all your search history from Bing/Google and siphoning off all your contact data from your address book for "synchronisation purposes."
If I had important sensitive data, I wouldn't be happy with this ruling. Ms Merkel's email is going to be available to the US government anyway without spies doing anything in Germany, if she's using Apple, MS or Google email. That's just annoying and will likely drive alternative tech companies. SmallCo might use Outlook 365, but no-one larger is going to touch it and without enterprise buy-in, the money for cloud development will be in short supply.
(Of course Ms Merkel won't be using non-government servers anyway. That means that there is a space for a decent smartphone with no ties to US companies. Jailbroken Android? FirefoxOS?
Microsoft (Azure) T&Cs allow users to limit storage by geographical area (e. g., European, Asian, American), with some exceptions; and like all or nearly all companies, their privacy rules have a law enforcement exception. Within an area, or within the world if the customer fails to limit to a geographical area, Microsoft can move the data around as it sees fit.
I've never been a fan of "the cloud", but can't see there is a good reason not to store arbitrary data there, provided you encrypt on your premises and before transmission any data you would not want to post on a publicly accessible web page. Processing in the cloud is a different matter, as it involves outsourcing your security, accepting the associated risk, which may be either greater or less than the risk of doing it on your own.
There seems to be quite a bit of conflation in this thread about legal process and espionage, the latter being generally illegal in the target country while possibly legal in the one doing the spying. A foreign government official, including a head of state (like Ms. Merkel) could be an espionage target for various reasons, but it is unlikely that a US judge would issue a warrant to compel production of their communications. I do not think it is impossible, though, and there might be circumstances in which a warrant for communications would result in production of government officials' communications even when the target is not an official.
Anybody recognize her name but not quite able to put a finger on it? Loretta Preska was the presiding judge for Jeremy Hammond (Stratfor) and Hector Monsegur (Sabu). Look, I get it, Hammond broke the law, but she sentenced him to 10 years and didn't even actually make contact with the wrist of the guy that arguably entrapped him. I want her and Lucy Koh to fight to the death before either of them gets to hear another precedent-setting case that they issue a pants-on-head ruling on. I hope they both lose, our nation would have a higher ratio of responsible adults:childish autocrats.
Google, Microsoft and Facebook reading my e-mail in order to advertise at me doesn't affect me much. They aren't likely to read my e-mail for industrial espionage purposes, because if I could catch them at it, they would lose everything.
They can't use what they learn there to hassle me when I try to enter the US to get some business done, or cover news as a reporter. They can't use what they learn there to try to prevent me from doing business via some form of protectionism.
Corporate snooping on my data for the purposes of advertisement just doesn't mean much, excepting that the adverts might be a little non-opportune and mildly embarrassing in the wrong company. Oh well.
The US government can ruin your entire life or put your company out of business based on misinterpreting what other people choose to send you in an e-mail. That is a problem.
The US government can ruin your entire life or put your company out of business based on misinterpreting what other people choose to send you in an e-mail. That is a problem.
You get it. A lot of us get it but I think most people don't understand this.
For example, perhaps the gov decide to go after someone you've had an exchange of harmless emails with. To get to them, they will screw with you. And it's not just the US government that would do that. Governments only care about themselves and not the people they serve.
So whose email do you use then?
I use google and yahoo and much though I don't like the US snooping what am I really going to do about it? Which provider will not be tapped by the 5 eyes, especially as I reside in a 5 eyes nation? Even if I did not it seems that GCHQ has a large part of the pipework tapped. Sure, I could encrypt my email but then everyone would either ignore what I send or reply with "send it in plain text you stupid bastard". This is what happens when something so ubiquitous was insecure by design.
I admit to not being too knowledgeable in this area but, given the cert authorities fall mainly under 5 eyes regimes, how much is there they cannot generally access short of using full gpg style email encryption?
I use a Canadian provider, as I'm Canadian. Canada is Five Eyes, yes...but the US of A still can't just scan my e-mail "just because". Our laws very clearly prohibit that.
Now, if the US wants to use a warrant, my country will comply. I'm actually okay with that. If I've done something to draw targeted attention, then by all means, they should be doing their jobs and checking up on me.
But it's the dragnet surveillance that gets me. I'm a mostly law abiding citizen* who honestly tries to do the right thing. I make mistakes. I sometimes go a little far in having fun or asserting my independence. But I'm not a threat to anyone.
So why should my e-mails be scanned by a robot as part of a massive international fishing expedition and then taken wildly out of context and used against me? Why do I have to get hassled at the border when all I want to do is go to a conference and report on the events there?
I have a friend who lives in Washington. He's a systems administrator. Why does the border patrol flag up that I'm going to stop by his place for drinks on my way to San Francisco as being "obviously business related"? Seriously you guys, I met him on Spiceworks. He's a friend. We're going to have some fucking beers. It's the 21st century, that's perfectly normal!
Why does the US border patrol even have the power to snoop on my e-mail and determine that I am going to meet him? What the fucking fuck? Again: I'm not a threat to anyone, and there was no reason I would be "targeted". It was just caught up in dragnet fishing and then used against me.
So yeah, I switched my e-mail to something local. What the US is up to first of all is questionable under my nation's laws at best, and is illegal at work. More to the point, it's not okay.
My solutions aren't perfect. And maybe there aren't any good answers. But the only vote we foreigners have is the one attached to our wallets. So let's vote.
*laws are structured in such a way that it's impossible for anyone to fully comply with the law.
@Trevor_Pott: "I sometimes go a little far in having fun or asserting my independence. But I'm not a threat to anyone."
Hmm... Trevor, can you spot a contradiction in what you wrote?
Seems like any assertion of independence by anyone - a person, a company, or a country - is now treated as a threat.
"Hmm... Trevor, can you spot a contradiction in what you wrote?
Seems like any assertion of independence by anyone - a person, a company, or a country - is now treated as a threat."
I can assert all I want, that doesn't make my independence a fact. It's those who try to go beyond asserting into "enforcement" that become threats to the powers that be.
@Trevor_Pott - You really do articulate the issues involved in this well. It sounds as though you have had first hand experience of the intentional law of unintended consequences America's paranoia creates. So you're in an ideal position to continue to inform us and to describe the issues. You also seem to be providing details that confirm what I suspect is an instinctive reaction in many of us to these issues.
Thanks very much.
Oh but Trevor, you are threat. I feel threatened, for one ;)
Also you're a mean drunk, so when you have a few beers, you're bound to hit somebody.
Lastly, you're a magician who has (you say so yourself) the ability to make beers fuck. That scares the shit out of me, so I want to detain you, just because.
It's a joke, alright... But this could be how the USofA border patrol reacts to seeing you post something on a website that is hosted by a US organization called Rackspace. Therefore, they (the US Gov) have the right to make sure you're a nice and good citizen and eat the crap they (the US Gov) feed you about such nice things as Patriotism and War Crimes and TerrorIsm
Or as Orwell once put it
"War is Peace",
"Freedom is Slavery",
"Ignorance is Strength",
"Visiting US Sys Admins is business".
Some of us do get it Trevor, so keep shouting.
I just wish more people in the US would get it, particularly the political establishment.
Until then, remember
"CAPDAMUzmob7i4F0UbOZgQHiaCLuEa9rrd is none of your f*ing business !"
Web site hosting + email does not cost all that much, in the end, and you don't even have to bother with the web site if you don't want to.
I have my own web site hosted by a company in Switzerland, ironically enough. My web host guarantees email hosting and anti-spam/anti-virus measures in the basic package, for free.
No, I am not totally paranoid, and I took up this website pseudo-hobby years ago before all the hoopla about Snowden and the NSA. It just so happens that now, in the post-Snowden era that we all live in, I am quite happy that I made that choice.
Oh - and I don't leave my mail on the servers, I download it all and keep it locally.
Eat that, NSA/GCHQ goons !
"Eat that, NSA/GCHQ goons !"
The chaps and chapesses in Cheltenham probably have.
At work: I loaded Chrome to check the appearance of a Web page I'm writing. The popup thingy informed me that the Google Hangouts application is running and logged in... I'm using a different browser now.
The sky won't fall because of this case (which will no doubt trundle through various levels of the legal system for years) but the long term chill effect (drip-drip-drip in the background if you listen carefully) will accelerate very slightly.
Economic power is shifting southward. And that's that.
The tramp: Being totally unimportant has its virtues sometimes.
@Pascal: You've missed my point entirely. Your email may not be susceptible to Google searches on its contents but it is still just as susceptible to 5 eyes dragnet surveillance. GCHQ has taps on (likely) every fibre landing in the UK. Have you looked at the submarine cable network recently? Pretty much most of it transits the UK. The other eyes can mop up the rest. Given this my point is that you only have security if your email is gpg/pgp'd - remember data transitting between Google data centres was unencrypted and tapped? It's likely that also applies for email server to email server. See the following...
The Internet was not designed for (or against) security. Accordingly, it is incumbent on those with a great interest in privacy of the communications they pass on the Internet to provide their own. For most of us, most of the time, the imitation privacy that goes with "not of interest to any but the communicating individuals" together with "mixed in with a great bunch of other trash" is sufficient, at least judging by the widespread failure to incur the additional cost of bothering with encryption. Using commercial services leaves one exposed to the risks that someone will snatch the messages in transmission (possibly assisted by broken SSL - including compromised certificates) or from the servers (possibly by breaking any storage encryption or compelling production using legal process). The closest thing to a guarantee of privacy is end-to-end encryption using the likes of (Open)PGP. Even that, of course, is subject to the risk that the originating or destination computer is compromised, possibly by a government agency but more likely by a criminal organisation.
Subsidiaries are a core part of international business and one important part of this is that a subsidiary is a legally distinct entity. This means, amongst other things, that it must adhere to the local laws and regulations and also that its board must act in the best interests of the subsidiary, even if these are at odds with the best interests of the parent company.
In this case, if I am understanding it correctly, the data is stored and managed by the local subsidiary, and not directly by MS in the US.
I am no legal mind but it seems as though such a ruling would contradict the basic, legal principle of a subsidiary and thus undermine much of international business.
I mean, look at it from the other side - a subsidiary can engage in practices are legal in that country but might be illegal in the parent company's country. The parent is safe. This is why manufacturing companies can happily use CFCs and engage in all manner of ecologically unsound processes in their factories in developing nations but their US operations are not fined prosecuted.
If the local subsidiary of MS is refusing to provide access to the data, this may well be against the US laws, but they are not bound by those laws and, as a separate legal entity, Microsoft's US operations are not liable for that.
Happy to be corrected, but that is my understanding of the situation.
Nope, you got the argument in a nutshell. And that's the argument the judge is throwing out.
To wit: the judge's argument is basically "it doesn't matter who owns the data, only who has access to that data. Microsoft US can access that data and so it must access that data if a US court says so, and no international warrant is required."
The repercussions of that surviving to set precedent are massive.
I don't think that bit is correct, is it Trevor?
The judge is saying the MS control the data. Regardless of where it is located.
This is the same - but the opposite way around - as the EU A29 group asking the question of Google et al; "What about when people visit google.com and can still see the results the EU citizen has asked you to remove?"
I'm not sure anyone has seen any answers to those questions (more time was given, I think)? But this is the same issue (both ways). Companies operate globally but are incorporated (even if at group level) somewhere.
So both of these rows are about the political governance of globally trading companies (who hold data - and make money / pay taxes - across national borders).
I've put a in a couple of posts on the EU stuff - This will get very, very messy.
Since the 90s if not before, the web has been a system - way of life - built (not quite exclusively) on American investment; boat loads of investment. Everywhere else let a few US universities - and businesses spawned from them - get paid to set it all up ... No wonder everyone is now in the mess they are in.
Oh ... But there'll be no use for the Internet, if everyone stops wanting to share.
"Since the 90s if not before, the web has been a system - way of life - built (not quite exclusively) on American investment; boat loads of investment. Everywhere else let a few US universities - and businesses spawned from them - get paid to set it all up ... No wonder everyone is now in the mess they are in."
I doubt whether what you say is even true of the English-speaking internet. Also, unless we are restricting ourselves to the protocols rather than the hardware they run on, much of both the telecoms infrastructure and the devices that now hang off it have actually been manufactured outside the US and bought by people outside the US. The internet is more than just Intel, Google and Microsoft. Perhaps even US judges will come to realise this one day.
Dan, you're exactly right and as Trevor says that's the argument the judge has thrown out.
The logical response from any country robust enough to ignore US political pressure is one of two:
1) Mirror the US laws requiring access to global data from any company incorporated on their soil and dare local subsidiaries of US companies to ignore them with the threat of heavy fines and jail terms for local executives. The US would definitely throw a fit.
2) Refer to or create the kind of laws you mention which make it explicitly illegal for locally hosted data to be handled to the US without local judicial process. Dare US companies to ignore them, etc. etc.
I don't know if it's only recently that I've noticed or whether it's becoming a regular thing but relatively obscure judges in local US courts are making decisions which go far beyond a sensible remit and have global ramifications. Whatever the rights and wrongs the idea that a US judge many rungs below the Supreme Court could force Argentina into default against the wishes of most of its creditors is absurd.
UK libel laws are a similar tale. The assertion of global reach by local lawmakers really isn't going to work well for anyone.
"Whatever the rights and wrongs the idea that a US judge many rungs below the Supreme Court could force Argentina into default against the wishes of most of its creditors is absurd."
From elsewhere on the web:
"Judge Griesa has jurisdiction over the case because in the 1990s Argentina agreed in some of its bond contracts to litigate any issues in New York courts."
It's only absurd because Argentina allowed it to be absurd. They agreed to these terms because they wanted the money - they got greedy and now it's coing back to bite them in the ass.
In fairness to the Judge, she has given her ruling on how the law should be interpreted, but she has not required Microsoft to follow her ruling before her judgement can be appealed.
I imagine the ruling would also have been appealed if she had ruled the other way - clearly whichever law-enforcement agency asked for the warrant wants to have this power, rather than use what they call the "cumbersome" procedures that were put in place precisely to allow this type of cross-border criminal investigation to proceed.
Here's the Irish Times report on the case (before Preska issued her ruling):
Then we'll get you in a headlock and you have to look really trapped but still fighting, the crowd should be on your side at that point.
Will it hurt?
It has to look as it hurts of the crowd won't buy it, slap the canvas a few times with your lawyers.
Then you'll surprise us with a quick move and we'll go face down for a while, let the crowd enjoy that for about a week.
Then I pick up the paycheck?
Not right then but soon. You have to be seen to win the bout against a much bigger opponent but really the crowd secretly knows we let you win, it's all part of the game, keeping the status quo, then you leave the ring to chanting, shower and pay-check for being part of the team, OK?
Do I do promotional stuff?
Probably best not eh.
Oops meant for another forum sorry
What if the US would all of a sudden uphold the law of the UN Security Council and started to attack Israel for bombing the Gaza strip and innocent citizens.
That would certainly correct a morbid image loads of people have about the US, including about spying on data that really should be off-limits to the US, even for national security reasons. And if it there legally should be reason to believe that the data should be made available to the US legalese, than international law and order should be enough to request foreign help in such matters. Pretty much like Interpol: I have a criminal who is currently in your country. Please catch him for me. As opposed to: "I have a criminal who is currently in your country, and because I'm the US President, I will send people of my country to your country to commit a crime in your country, but because they are combatants of the US, these people cannot be detained by your country, because if you do, you commit a war crime..." (I'm writing this, dear NSA, as a piece of fiction. I do not express my own views here, merely state what a ficitve character who plays the role of US President in my upcoming book might say to a faraway Government.)
Google, Amazon, Apple, and others may not (at present) have had a similar warrant delivered to them and would be without standing in a court. It is not impossible that one or more of them has filed an Amicus brief, however; the article did not say one way or the other.
Surely the contract with the customers states which country's legal system has juridiction? When I read these things, the licence agreements for MS software stated that the contract was under US legal jurisdiction. If so then the US courts can order MS to divulge the information. If not then US courst have no jurisdiction.
I suspect that I am being more than a teensy-weensy little bit naive here. But the reason the Feds do not want to ask the Irish for a look, is that it woud be so much easier in the future not to have to ask any foreign government for permission to look at data stored in their terrirory. Just wait until they try that with the Russian Facebook account data ... (or anything else which now by Russian law must be held on servers in Russia).
If you do a Traceroute on your HSBC InterNet banking account you will discover the traffic flows across US Government-friendly AT&T cables and thence to the HSBC facilities. Of course, we all know that a simple Letter will let the FBI share your secrets - no judge needed.
So of you want to limit US access to your privates SUPPORT YOUR LOCAL BANK and NOT the WORLD'S 'LOCAL' BANK.
"If you do a Traceroute on your HSBC InterNet banking account you will discover the traffic flows across US Government-friendly AT&T cables and thence to the HSBC facilities".
Ah, serendipity! Thanks for explaining so clearly why HSBC has suddenly discovered that giving bank accounts to Muslims "falls outside its risk appetite".
Welcome to Obama's America. She has one thing right, it's all about control with the Democrats. Control of your healthcare (1/6 of the US economy), control over your salt intake in New York. Recall the quote by Congressman John Dingell in 2010 about "controlling the people" (Google it) That's their mindset.
What do you think those five enormous buildings out in Arizona are for? The Obama regime admits they are keeping a record of every email, every word you type on chat rooms, on Twitter, and every email sent. And their justification is, "We aren't looking at them (wink wink) we're just keeping a copy in case, you know, sometime in the future we have to look through them to find out who the terrorists are".
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety ~ Benjamin Franklin
and for their next trick, the US courts will decide they have jurisdiction over anything done on computers running software from a US company.
If the court was in any way sensible and interested in being taking seriously, it would say that it has the right to view emails in other countries to prevent crime and it would balance that right with the responsibility to prevent those crimes. Rights and responsibilities go together. Instead, the court orders us to take it seriously even though no-one has ever heard of, let alone approved the appointment of, the judge in question.
Companies, courts and customers all need to step back and take a hard look at their assumptions.
First, and foremost, I personally try to avoid use of "the Cloud" like the plague. More on that in a subsequent post.
The global information network and Cloud storage and the computational power available to individuals are unprecedented in human history. Existing legal precedents. . . while critically important as a point of departure . . . are not going to serve us well.
An argument can be made that to function effectively both operationally and as a business model, the 'net and cloud storage need to be agnostic services, where the technology itself (network protocols, load-sharing, and memory allocation) "controls" how the content is routed and where it gets stored.
Responsibility for and ownership and control of the content of information and communications belong to the originator. In theory this is the case. However, the business practices of the big IT companies themselves undermine that argument.
A handful of IT companies enjoy virtual monopoly position. This lets them demand (extort may not be too strong a term) that users relinquish a wide range rights normally retained by originators.
I read "Privacy" statements carefully. I am generally appalled at the terms and conditions. Then I accept them because what other choice do I have? Also, to the extent that the revenue derived from what companies like Google and Microsoft do with my information reduces my cost, I benefit. There is, in fact, a quid-pro-quo.
The problem is that the resulting control over the use of the content undermines the companies' argument that they are simply providing computing and communications services. The fact that they extract a certain level of knowledge and control of content makes the demand for access by governmental authorities technically plausible.
Plausible, but an unparalleled catastrophe for individual rights and freedoms, and left unchecked, for the viability of the IT industry as it now exists. That is why companies, courts, and customers alike need to think this through more carefully.
By analogy consider a large self-storage facility. What those who govern are demanding is the right to rifle through every ones' storage units based on a suspicion that there may be a bit of contraband in one of them. What those who govern demand, the courts will ultimately give them.
Which for some reason brings to mind an absolutely hilarious bit some years back by a British group. If memory serves the name of the group was "Beyond the Fringe". The bit was entitled "Judges and Miners," and the premise was two miners arguing about which group were more intelligent.
Over the past 30 years I have observed a slow, inexorable change in the fundamental nature of "personal computing." Back in the day, just starting out in business, I assembled my own computers, and wrote a word processing program (WordStar being, to my mind exorbitantly expensive, and unwieldy).
Over the years users traded the ability to do their own thing for enhanced capabilities. What I have now was unimaginable "back in the day." But the result was a de facto loss of transparency about what was going on inside the box, and an attendant inability to control it. Still, the programs and data remained on the users computer.
With the development of LAN technology, it became practical for organizations to consolidate first data, and subsequently data and applications. However, the industry still supported the large number of individual users using stand alone computers.
For the moment, we still have some residual ability to store and process data locally. The large IT companies are moving to change that. For example, it is so much easier to patch programs than to design them right in the first place. No internet access, no patches.
The evident of goal of Cloud computing is to reduce all personal computing to what I now have on my I-Pad--An interface with some basic functions and a limited amount of local data storage. Users will be forced to rely on "the Cloud" for everything else, including applications programs. Does being done with malice aforethought? I couldn't hazard a guess. In the end it doesn't matter. The damage will be done.
The threat this poses to privacy has been thrashed about at length in the register. That is more than enough reason to pause and think before docilely leaping off this cliff. However, there are also technical issues with respect to reliability of large data centers and bandwidth. The information is on the net, mostly in the scientific and technical journals that are not readily accessible to the average user. (I have the technical background, and most of them leave me scratching my head.).
Technical solutions to these issues exist. But whether they are going to be affordable to the individual who just needs what amounts to a stand-alone capability is very doubtful.
Finally, looking through the glass darkly: In the US at least, those who govern have already taken giant steps toward requiring that individuals be connected to the internet to do business with their government. Technically it is a small step from there to mandating the use of "the Cloud" and putting legal limits on stand alone personal computing capabilities. It is a step that I fear those who govern are all too eager to take.
I know that the House Rules discourage inclusion of personal information. Hopefully the following won't bend that rule to badly. My assessment of the threat is based on half a century working in and around the USG. I rose high enough professionally to sit in the banquet hall with the kings and nobles. I was amongst them, but not one of them. I was the court fool, if you will, able to observe, unobserved except when they demanded entertainment. What I observed is that the kings and nobles are human. They are capable of the best and worst that humanity has to offer.
Just another extension of the perennial problem with the USA, for some arrogant, patronising reason they think they own the planet. They may well own the 51st State, the UK because all politicians with the exception of Harold Wilson refused to allow the UK to be drawn into the Vietnam war. The UK will just roll over as usual as UK politicians have rubber spines and will crawl on broken glass to do Washingtons bidding. Just another one of the reasons I am leaving this defunct slave of the US and moving to a more civilised Europe, as the stench of hypocracy on anything from foreign policy and bailing out corrupt banks has become unbearable.
I refused to allow my company to be conned into using the cloud, as I could see what was going to happen down the road over 5 years ago. Then along came an honest warrior who blew the lid on the US and UK spying scandal, more power to his elbow, he effectively re-enforced my opinion of how low consecutive US administrations had sunk to and we should all thank him for that.
Biting the hand that feeds IT © 1998–2019