back to article US govt can't stop Microsoft taking its Irish email seizure fight to the Supreme Court

The US government has lost a legal appeal to have a critical case against Microsoft reheard, paving the way for a Supreme Court challenge. In an even split of 4-4 judges, the Second Circuit Court of Appeals, based in New York, denied [PDF] the request for a full rehearing of the case in which Microsoft has refused to hand over …

  1. Oh Homer
    Childcatcher

    So basically...

    The US government is saying that globalisation is a threat to national security.

    Speaking as the regime that has its financial, political and military tentacles wrapped around the entire planet, maybe it should consider practising what it preaches.

    1. Youngone Silver badge

      Re: So basically...

      The really interesting point will be when (if) the Supreme Court rules in favour of Uncle Sam, and those pesky Irish legislate to prevent Microsoft Ireland from delivering the emails anyway.

      I'm not sure what would happen in that case. MS would in contempt somewhere no matter what they did I suppose.

      1. big_D Silver badge

        Re: So basically...

        The problem is, if they don't hand over the information, the US board could end up in prison, if they do hand over the data, the Irish board will end up in prison.

        The data is held on servers owned by an Irish entity, on Irish soil, falling under Irish law. The Irish entity just happens to be owned by an American entity. But they have to follow Irish law.

        There have been processes in place for decades for the application for legal support for foreign jurisdictions in such cases. If the US Justice had followed those processes, they would have had the information by now and saved the tax payers (and Microsoft customers) millions of dollars in the process.

        1. Anonymous Coward
          Anonymous Coward

          Re: So basically...

          There have been processes in place for decades for the application for legal support for foreign jurisdictions in such cases. If the US Justice had followed those processes, they would have had the information by now and saved the tax payers (and Microsoft customers) millions of dollars in the process.

          Ah, but that's the whole point: the DoJ is attempting to establish precedent that they can swerve around that need to involve those pesky foreigners by using US ownership as leverage (it's not the first time they've done this, but it's the first time they've been publicly told to piss off). If they win this, the next step will be to declare all US passport holders subject to US law and have them supply data from their foreign employers..

          That said, Microsoft isn't the shiny beacon of freedom it tries to spin this case into, it merely doesn't want to lose all its EU customers. That said, they have already screwed up - I have hard evidence that one of their alleged "EU only" services uses US based facilities* so it's more marketing than fact.

          * Worse is that I detected this problem in an EU government..

          1. Dr. Mouse Silver badge

            Re: So basically...

            the DoJ is attempting to establish precedent that they can swerve around that need to involve those pesky foreigners by using US ownership as leverage

            While true, a decision in their favour could easily be enough to declare "Privacy Shield" (or whatever it's called today) invalid. It could basically end up meaning no company is compliant with EU data protection laws if one of it's parent companies is American. That would really throw a spanner in the works!

            I'll get the popcorn!

            1. Anonymous Coward
              Anonymous Coward

              Re: So basically...

              While true, a decision in their favour could easily be enough to declare "Privacy Shield" (or whatever it's called today) invalid. It could basically end up meaning no company is compliant with EU data protection laws if one of it's parent companies is American. That would really throw a spanner in the works!

              The reality is that that is already the case (sorry, I don't have my logon handy :) ). Privacy Shield doesn't actually address the key issues, it is merely a new fresh political sticking plaster to prevent a trade war after the slightly tattered one called "Safe Habo(u)r" got yanked off the problem by one Mr Snowden.

              The legal chasm between the EU and US approach to privacy still exists and I have not seen much in the way of genuine attempts to address that - I expect even less to change under new management.

              Now for the fun part: Privacy Shield is a temporary agreement - that US ToDo list carries a "fix before" date. It'll be interesting to watch the countdown.

              1. Doctor Syntax Silver badge

                Re: So basically...

                "Now for the fun part: Privacy Shield is a temporary agreement"

                Irrespective of that, it's likely to fail in court anyway.

          2. Alan Brown Silver badge

            Re: So basically...

            "I have hard evidence that one of their alleged "EU only" services uses US based facilities* so it's more marketing than fact."

            I (and many others) would like to see that. Certain contracts are predicated on the servers being EU only and a breach of contract would be taken extremely seriously.

            1. Anonymous Coward
              Anonymous Coward

              Re: So basically...

              I (and many others) would like to see that. Certain contracts are predicated on the servers being EU only and a breach of contract would be taken extremely seriously.

              I confirmed that quite recently. I double checked a few days ago with someone else who started to test the "EU" services because they would have had a major compliance issue if they had used it - thankfully someone pointed them my way.

              It is, by the way, not the only US company to pretend to run on "EU only" servers either.

              Do not trust - verify. And don't let yourself get snowed with alternative facts either.

            2. This post has been deleted by its author

        2. Doctor Syntax Silver badge

          Re: So basically...

          "There have been processes in place for decades for the application for legal support for foreign jurisdictions in such cases. If the US Justice had followed those processes, they would have had the information by now"

          In theory that's right. What I suspect is that either they didn't have a prima facie case to present to the Irish court or they didn't want to disclose the evidence they have in making that case.

        3. John Brown (no body) Silver badge

          Re: So basically...

          "If the US Justice had followed those processes, they would have had the information by now and saved the tax payers (and Microsoft customers) millions of dollars in the process."

          They are well aware of the legal and already existing process. But someone seems to have a strong need to test alternate methods.

    2. Ian Michael Gumby Silver badge
      Black Helicopters

      @Oh Homer ... Re: So basically...

      Actually it is. And its true for any other Western Government.

      But in reality, I think that this case the US will fail. While Microsoft is a US based company, the data is on non-US citizens and the data is stored outside of the US. So there's no legal right for the US to gain access to this data as long as its never accessed from within the US.

      And its a potential threat. There was at one time a practice where an account would be set up and bad actors would edit a draft document instead of actually sending it. (I intentionally forgot the specifics.) The point is that if the bad actors are sitting in France and Turkey and the data is sitting in Ireland, neither the French, US, or pretty much most of the western world would have a legal right to get the data. It may become gray in France, Turkey and Ireland, but you get the idea.

      IANAL and I don't know the UK Laws or the EU's laws. But in this case... the US Government will have to get very creative and Microsoft will most likely prevail.

      1. Anonymous Coward
        Anonymous Coward

        Re: @Oh Homer ... So basically...

        Or a bunch of guys in bullet-proof vests storm into MSFT's corner office and another brown-skinned chap ends up in Guantanamo as an unspecified threat to national security

      2. Steve Davies 3 Silver badge

        Re: @Oh Homer ... So basically...

        How to get these pesky emails under US Jurisdiction?

        Simples really, the new El Presidente will issue an Executive Order telling the likes of MS, Google etc to bring all their DC's home. More servers in the USA means more jobs for Merkins.

        Once that is done all your data is theirs and there is SFA that you can do about it.

        So beware all you MS and Gmail users.

        I expect that it might also apply to Office 365 hosted servcies as well.

        1. Anonymous Coward
          Anonymous Coward

          Re: @Oh Homer ... So basically...

          Simples really, the new El Presidente will issue an Executive Order telling the likes of MS, Google etc to bring all their DC's home. More servers in the USA means more jobs for Merkins.

          Nah, he's a property developer. He'll just declare all the world to be "US" (also saves the kids having to learn all those weird foreign names) and appropriate it all. A bit like China and Russia, but with more implausible excuses.

        2. big_D Silver badge

          Re: @Oh Homer ... So basically...

          I expect that it might also apply to Office 365 hosted servcies as wel

          That is why MS are opening co-op centres like the new one in Germany. It is run for MS by DT (Deutsche Telekom) and MS don't have any administrative or physical access to the site. DT host the servers that provide Azure and Office 365 services for Germany (and Europe).

          If MS gets a court order, they can legitimately say, that they have no access to the data and that the USJD must go and talk to a German court to get their hands on the data.

          1. Anonymous Blowhard

            Re: @Oh Homer ... So basically...

            "That is why MS are opening co-op centres like the new one in Germany. It is run for MS by DT (Deutsche Telekom) and MS don't have any administrative or physical access to the site."

            Just shows what can be done when Microsoft use their lawyers' powers for good...

      3. Anonymous Blowhard

        Re: @Oh Homer ... So basically...

        "The point is that if the bad actors are sitting in France and Turkey and the data is sitting in Ireland, neither the French, US, or pretty much most of the western world would have a legal right to get the data."

        I'd sooner that the law protects me and the "bad actors", rather than neither of us.

        "There was at one time a practice where an account would be set up and bad actors would edit a draft document instead of actually sending it."

        Since when is "editing a document" a terrorist threat? What next, shoot-to-kill for people in possession of word processors?

        All this "national security" bollocks is just an easy way for politicians to play to the crowds and say "We're doing something! Now do as you're told, in case terrorismz."

      4. Doctor Syntax Silver badge

        Re: @Oh Homer ... So basically...

        "So there's no legal right for the US to gain access to this data as long as its never accessed from within the US."

        As bid_D points out, there are procedures, at least if the US has any standing in the case. For whatever reasons they didn't use them.

  2. Anonymous Coward
    Anonymous Coward

    bad news for Jacobs?

    "To Jacobs' eyes, "If I can access my emails from my phone, then in an important sense my emails are in my pocket." "

    Ok. His phone can also be used to access the Internet. Therefore, if there is any illegal stuff out there on that Internet, then he, by his own logic, "in an important sense, has it in his pocket." and he can be arrested & charged.

    1. Anonymous Coward
      Anonymous Coward

      Re: bad news for Jacobs?

      He just showed how clueless he is. And the key is "*my* emails" not "someone's emails" or "all emails". Emails of people outside US have never been in his pocket, or any pocket in the US. The fact that MS could technically access emails stored abroad, doesn't mean it legally can - MS doesn't "own" those emails, and cannot violate someone's rights without a valid warrant - and an US warrant is not valid abroad: would he have liked if Gardai asked his US-stored emails from MS Ireland?

      But I'm quite sure this bright judge will have a place into Trump's plans to make the Supreme Court great again... US is risking to build so many walls one day it will discover it became East Germany, and the wall is needed to block citizen trying to escape...

      1. Youngone Silver badge

        Re: bad news for Jacobs?

        The US already has walls to prevent people escaping.

        You can go if you want, but you'll have to keep paying US tax, unless you cough up $2,500 to renounce your citizenship.

        Weirdos.

        1. Dave 15

          Re: bad news for Jacobs?

          Technically I believe if you have EVER paid US tax you have to keep at least filing the returns... although to be honest they have never actually chased after me for not doing so.

          Of course what amused me most as a Brit over there was that I had to pay their tax but had no vote!

          1. Anonymous Coward
            Anonymous Coward

            Re: bad news for Jacobs?

            Technically I believe if you have EVER paid US tax you have to keep at least filing the returns... although to be honest they have never actually chased after me for not doing so.

            You better talk to a tax adviser than to make sure you're not sitting on a time bomb. The IRS likes to let things stew for a bit as they can fine you more - a sort of interest based tax fine plan.

            Of course what amused me most as a Brit over there was that I had to pay their tax but had no vote!

            That discrepancy actually exists in most countries, although I vaguely recall that the EU was trying to come up with an alternative concept.

            1. Doctor Syntax Silver badge

              Re: bad news for Jacobs?

              "That discrepancy actually exists in most countries"

              However one of the bases of the colonials declaring independence was that this should not happen.

          2. DougS Silver badge

            @Dave 15

            Well sure, but you voluntarily came to the US knowing that. Pre-independence, those born in the US were subjects of the King, but had no voice in the government. It isn't like people from the US came to Britain and then complained about paying taxes and not having a vote.

          3. This post has been deleted by its author

  3. All names Taken
    Facepalm

    Read the small print?

    Maybe it is just a blast of nonsense or even supercilious nonsense. After all we seem to be in the era uf superheroes and superbaddies but I stray from the path.

    The emails will not be handed over to FBI ownership because they can read them when they want anyway? What use is ownership in IT terms?

    I mean do I own - however transiently - the information in this computers cache that was created elsewhere and probably under IP ownership?

    And what about my t'internet tele's little box that can show all manners of grossingly IP'ed (Hmmm IP'ad?) stuff in cache - maybe even multiple caches?

    Course I don't

  4. Gene Cash Silver badge

    Government lawyers pointed out that users have no choice about where their data resides

    F*ck yeah we do... and we choose providers based on that. Microsoft knows this, which is why it didn't just roll over in the first place.

    On the other hand, SCOTUS is hamstrung because my senators can't be arsed to pick another judge. I've taken note of that, and I will certainly be voting against them, just like I voted against Hillary.

    1. RudderLessIT

      "and we choose providers based on that" So, you are saying that you made an account in Hotmail, or Yahoo, or whatever, based on where their datacentre is held? Really?

      "just like I voted against Hillary" - says it all, really.

      1. Anonymous Coward
        Anonymous Coward

        No, but you can choose Protonmail knowing fully that it's held in Switzerland.

        1. An nonymous Cowerd

          Crypto AG is/was in Switzerland

          https://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html

          1. Anonymous Coward
            Anonymous Coward

            Re: Crypto AG is/was in Switzerland

            That was, however, the last time anyone in Switzerland trusted anything the US has had its fingers in - that happens to be one of the issues with ProtonMail (it had MIT involvement).

            The irony is that with all the marketing from the US to make Switzerland look bad so that everyone forgot about what actually caused the whole world's economy to be screwed up (being the US, more specifically Wall Street) it hardened the attitude of the Swiss against the US.

            The result is that the Swiss are now very rigorously and precisely applying the law, and what a ponderous, mighty and certainly unwieldy and slow mechanism that can be.

            Swiss laws are generally written so well that you can crank the handle very quickly in case of emergencies (the benefit of a small country and having 3 languages to write law in, none of which is English) which is why they never needed any due process backdoors to speed things up. Not that that would have made it past the public vote which is part & parcel of a true direct democracy, but they're quite sensible until you piss them off - at which point you'll find just how maddeningly complex they can make it.

            I think Mr Trump is not doing well in that context.

  5. PacketPusher
    Megaphone

    Get them from the account holder

    It seems to me that they should just get the account holder to give them the mail. If he/she is in the US, they should be able to force him/her to login and give them access. If the police had a search warrant for my house, they can force me to open the door. How is this different?

    1. Remy Redert

      Re: Get them from the account holder

      Well, there's this funny thing in the US called the constitution and one of the things it specifies is that people cannot be forced to incriminate themselves. This has already been tested and found to apply to passwords and PIN codes.

      I don't know if it's also been tested wrt usernames, but it seems likely that those would fall under the fifth amendment as well. So the US government cannot force a suspect to give up login details in order to retrieve e-mails.

      Now, IANAL, but obvious law is obvious. If the user and company both reside in the same jurisdiction, then that jurisdiction's laws (and thus court orders) should apply, regardless of where the data is stored. If the user and company reside in different companies, the laws in the user's jurisdiction apply to him, but court orders will need to be obtained in the country the company operates in.

      Physical location of the data is as stated irrelevant in this manner, provided that this is internationally agreed and enforced. Of course it'll never happen because it means the US won't be allowed to spy on everybody any more.

  6. Pen-y-gors Silver badge

    So, if MS lose...

    then, as the article notes, this opens the floodgates for reciprocal claims, e.g. a court in Iceland is asked to grant a warrant to seize the US tax records of a US citizen (possibly, I bet he was born in Germany really) who is being investigated for financial crimes in Iceland? Would the US Govt agree?

  7. John Smith 19 Gold badge
    WTF?

    Supreme Court's "strong presumption against extraterritoriality."

    Really?

    Because the USG attitude seems to be US Law is supreme, everywhere"

    1. Anonymous Coward
      Anonymous Coward

      Re: Supreme Court's "strong presumption against extraterritoriality."

      So maybe Kim Dotcom has a chance? Despite being a fugitive and all, from the US, despite never having visited there....

      1. LDS Silver badge

        Re: Supreme Court's "strong presumption against extraterritoriality."

        No, if US used correctly the treaties with NZ.

        What is in question here is if a US company has to hand to a US law enforcing agency data of a foreign national which are stored abroad albeit on its servers - without US bothering to activate the procedures needed for an international investigation - just because. If US had asked an Irish court to seize the information, MS would have not objected.

        Being abroad doesn't mean you cannot be investigated and prosecuted - but there are treaties for that. The TelexFree guy who hid $20M in a mattress can be safely enough in Brasil - or Snowden in Russia - but in other countries under the correct request you may still be arrested and extradited.

        Ask the CIA agent who is waiting to be extradited to Italy for the illegal kidnapping of a suspect terrorist... and of course in this case US is trying to assert a US agent can't be incriminated for crimes committed abroad - LOL!

  8. JeffyPoooh Silver badge
    Pint

    N jurisdictions, where N is large...

    "...bypass domestic laws by simply storing their data on servers in other jurisdictions."

    Smear the data across 100 different jurisdictions. Find an algorithm that ensures that the data is essentially unreadable without accessing all of those 100. Conceptual proof of feasibility: encrypt the data 100 times in sequence, storing as you go. Need every step to decrypt. Feasible. Can do better, obviously.

    The next step would be data or key storage in space, a server in orbit. Presumably out of reach of any Earthbound jurisdiction. Implies a distributed ground network, for the same reason.

    I strongly suspect that "Privacy" is ultimately going to win this contest. In spite of the long history of cracking open supposedly secure systems.

    1. RudderLessIT

      Re: N jurisdictions, where N is large...

      It's not a case of privacy. It's a case of sovereignty.

    2. allthecoolshortnamesweretaken

      Re: N jurisdictions, where N is large...

      My grasp of space law* is fuzzy at best, but IIRC, Earth orbit won't do; the servers would need to be at least on the Moon.

      * Yes, space law. Look it up. There even are space lawyers.

    3. John Robson Silver badge

      Re: N jurisdictions, where N is large...

      Pretty sure that this is a solved problem - you can shard the data into m pieces, any n of which would allow you to reconstitute the data...

      Don't MS do this for their P2P downloads?

      1. Dave 15

        Re: N jurisdictions, where N is large...

        It depends on the data.

        If the data is check summed in the right way you can put it together with missing parts...this is done with military comms.

        If the data has no checksum and is missing data you can guess the missing data in many situations (such as if it is just text) and comparing the output of the guess with known patterns of letter or word use can be fairly sure you have reassembled something believably close.

        Of course the smaller amount of available data compared to the number of shreds the harder this is. It could be made harder if there was a way of making the shreds random sizes, adding in random extra data and so on in a way that reassembly could still be done if only you knew the secret...

  9. 0laf Silver badge

    As I recall...

    This whole argument is about how the US Gov went about seeking access to the wanted data and not really about the access itself.

    The data would be made available to the USG if they used the already established process of an international warrant. But they didn't want to to do that they wanted MS to supply directly.

    1. Snorlax

      Re: As I recall...

      At last, someone who actually understands the problem here.

      1. Doctor Syntax Silver badge

        Re: As I recall...

        "At last, someone who actually understands the problem here."

        Quite a few of us do and have done all along. Some of us have also anticipated arrangements similar to those MS have put in place with DT in Germany.

  10. John Smith 19 Gold badge
    Unhappy

    IOW The US wanted to apply THE PATRIOT Act to a subsidary of a US biz on foreign soil

    Surprise. The Irish took exception.

    Not sure about the UK though.

  11. Slx

    If they wanted to apply for a warrant in Ireland through the Irish police and courts there's nothing stopping them and they have not done that.

    Instead, they want to legally establish in their own courts that they have universal jurisdiction.

    It's actually patronising in the extreme - so they seriously think Ireland is utterly incapable of handling a legal case or do they just think that they've a case that's so weak or might not stand up in an Irish court?

    1. Snorlax

      @Six

      "It's actually patronising in the extreme - so they seriously think Ireland is utterly incapable of handling a legal case or do they just think that they've a case that's so weak or might not stand up in an Irish court?"

      An Irish court would say "There's an established procedure in place for this kind of thing - MLAT. Use it!"

      1. Doctor Syntax Silver badge

        Re: @Six

        An Irish court would say "There's an established procedure in place for this kind of thing - MLAT. Use it!"

        Yes. That's would be the case going through the Irish court. It's courts all the way down.

    2. genghis_uk

      I don't think the USG is concerned about Ireland and their abilities. They want the ability to go to a US company and demand access to foreign data without informing the foreign powers that they are doing it.

      As others have said, they could get this data easily if they used the process but by setting a precedence they can effectively spy on anyone who has data stored on servers owned by US companies.

      Add Microsoft, Google, Apple and Amazon together and you get a lot of data stored outside of the US.

      1. Doctor Syntax Silver badge

        "Add Microsoft, Google, Apple and Amazon together and you get a lot of data stored outside of the US."

        If the US win this then there'd still be a lot of data stored outside the US but Microsoft, Google, Apple & Amazon wouldn't be involved except with set-ups like the MS/DT arrangement in Germany.

    3. Doctor Syntax Silver badge

      " or do they just think that they've a case that's so weak or might not stand up in an Irish court?"

      Very likely.

  12. Des Ward

    Bit moot, Outlook for iOS stores the emails in the US

    All of this is a bit moot, when Outlook for iOS and Android caches your emails in the US. Look at https://www.acompli.com/privacy-policy/

    Which states:

    Finally, we may access, disclose and preserve your personal information, including your private content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to...

    Game over until they move the storage to the EU. They have been very quiet on this one, and I've been asking on twitter.

  13. Old Handle

    Regarding the fear that this will let criminals store their data where no government can reach, it's worth remembering that if this involves a serious crime Uncle Sam certainly has the option of presenting the evidence to an Irish court and getting a warrant issued there. This leads me to believe that either the government is more interested in the precedent than the case itself, or the reason they want these emails is incredibly trivial if not outright bogus.

  14. All names Taken
    Paris Hilton

    Hmmm second thoughts?

    Maybe if legal ownership is important it means that U S grub mint authorised reading of emails has uncovered something of interest that lies outside the authorisation conditions?

    If so acting on those unauthorised authorised observations, if you know what I mean 'arry, requires grub mint ownership due to the diverse nature of the observations?

    Just wondrin thats all

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019