back to article Thought your data was safe outside America after the Microsoft ruling? Think again

The US Department of Justice will be happy campers this weekend. A court in Pennsylvania has ruled that Google must obey domestic search warrants for data stored overseas. In other words, Google has to hand over to the FBI suspects' email regardless of where it is held. The ad giant had previously refused to comply with two …

  1. Oh Homer
    Alien

    America's increasing isolation

    Once US law compels multinationals to violate other nations' laws, I think it's pretty much inevitable that America will become ostracised (both digitally and in many other ways too) from the rest of the world, probably sooner rather than later, especially with the current Idiot-in-Chief at the helm.

    But then isolation is pretty much the whole point of nationalism, which sadly may come as a bit of a surprise to the supposed businessman driving it, as he will no doubt soon discover.

    1. Anonymous Coward
      Anonymous Coward

      Re: America's increasing isolation

      There is no "once". American law already compels them.

      1. Doctor Syntax Silver badge

        Re: America's increasing isolation

        "American law"

        AIUI the Microsoft case is still wending its way to the Supremes. If Google have any sense they'll appeal this one as far as they can. Until decisions are reached there American law on the point is still unresolved.

        But there's good reason to avoid relying on any US-based business to hold information securely, just in case. There's also good reason for multinationals to consider whether the US is a fit jurisdiction in which to base their operations.

    2. Anonymous Coward
      Anonymous Coward

      Re: America's increasing isolation

      It's all Trump's fault!!! Oh, wait, this action was started under Obama's administration, wasn't it?

      1. Mephistro Silver badge

        Re: America's increasing isolation (@ AC)

        "...this action was started under Obama's administration..."

        If by "this action" you mean this particular ruling, then you're right. But the laws invoked in this case and the Patriot Act where put in place during Dubya's mandate and before, so, where is your point?

        1. Anonymous Coward
          Anonymous Coward

          Re: America's increasing isolation (@ AC)

          But the laws invoked in this case and the Patriot Act where put in place during Dubya's mandate and before, so, where is your point?

          As much as I would like to lay this one at Bush's feet, this case would have come to the same conclusion even years before the PATRIOT Act because it's about the reach of what is laughingly referred to as US "justice". The problem is that a US company has control over its subsidiaries. The thinking is that if you own it, you control it. If you control it, you can make it happen, and that's really all the Court needs to know to come to a verdict. To US Courts it's pretty much irrelevant if by acting as ordered you break a law in another country, as long as that does not break a US law it's not their problem.

          In other words, under NO circumstances should you ever host something important with a US company or its subsidiaries because you put it in reach of a regime that has displayed an increasingly hostile stance to privacy and the protection of Intellectual Property of aliens (that's "foreigners" for anyone not in the US).

          This has another fun side effect: it is pretty certain to switch off the life support for the badly ailing Privacy Shield excuse. If you're interested in privacy, the next few months are going to get very entertaining - it is, for instance, the only route to legalise the use of Gmail for business for any organisation located in the EU, and that's a LOT of business. I don't know what would happen after Brexit, but it would remove that last shred of doubt that the (IMHO idiotic) use of Gmail by Cabinet Office and the Digital division of HMRC is illegal, and it would put those nice data grabbing exercises by Google off the NHS pretty much on the skids too.

          All that from one ruling? Well, no, but to me it both confirms a long held opinion and sets a precedent that has the potential to indeed turn *very* ugly as it establishes a neat argument for "EU First" (as a reaction to "America first") when it comes to purchasing online services.

          In effect, you have just seen the start of the first trade conflict between the EU and the US, and the UK will have to make a choice soon too: your rights, or the rights of US companies to steal more data. Given May's history at the Home Office as well as the need to score some "wins" for Brexit I suspect that such a choice will fall out in favour of the US. Best plan ahead.

          1. Alan Brown Silver badge

            Re: America's increasing isolation (@ AC)

            "It establishes a neat argument for "EU First" (as a reaction to "America first") when it comes to purchasing online services."

            It's interesting that the Chocolate factory is fighting this.

            One of the reasons $orkplace _didn't_ go with them when mail was farmed out (over everyone's objections) was that Google told us that if they were served with this kind of court order they'd have to comply.

            Google also couldn't guarantee that data wouldn't be taken outside the EU (this was long before safe harbour was shown to be so much hot air, but our lawyers had already come to that conclusion)

            MS did give an assurance on both counts. Unlike Google, MS EU is (on paper) totally independent from MS USA and licenses the name, etc. MS went to a fair bit of effort to try and ensure protection of EU personal data against judicial overreach from the outset, unlike Google.

            NB: Not long after mail was switched over, MS did admit that a PATRIOT Act order would overrride everything and they'd have to hand over data. These cases are not PATRIOT-related though.

            1. Doctor Syntax Silver badge

              Re: America's increasing isolation (@ AC)

              "this was long before safe harbour was shown to be so much hot air, but our lawyers had already come to that conclusion"

              I hope they didn't bill you too much for that. A couple of seconds' worth would be about right.

              1. Alan Brown Silver badge

                Re: America's increasing isolation (@ AC)

                "I hope they didn't bill you too much for that."

                The estimated bill for moving to MS's "free" mail system is around 5 million quid. I'm surprised the Public Accounts Committee hasn't poked its nose in.

            2. Anonymous Coward
              Anonymous Coward

              Re: America's increasing isolation (@ AC)

              MS did give an assurance on both counts. Unlike Google, MS EU is (on paper) totally independent from MS USA and licenses the name, etc. MS went to a fair bit of effort to try and ensure protection of EU personal data against judicial overreach from the outset, unlike Google.

              Well, no, that's the impression Microsoft is trying to give, but I've demonstrated a few weeks ago that that is at least partially a fabrication. Their so-called "EU only" services also use US based infrastructure, and I demonstrated this using a government level service, well beyond any anti-terror excuse they could use at consumer level.

              If your business requires privacy, trusting Microsoft without doing your own audit is a mistake. Given that the fines are going up for privacy breaches this could become a rather costly mistake.

              1. Anonymous Coward
                Anonymous Coward

                Re: America's increasing isolation (@ AC)

                MS have an International Cloud Service and a German Cloud Service.

                Which one were you testing?

                The German Cloud has no US infrastructure and is not operated by MS, is operated by German 3rd Party.

                No come back, Patriot act or not.

                1. Alan Brown Silver badge

                  Re: America's increasing isolation (@ AC)

                  "MS have an International Cloud Service and a German Cloud Service."

                  In the case of MS email (Outlook/office365), all EU servers are based in Ireland.

                  If anyone can show evidence of email being hosted outside the EU then feathers will fly.

              2. Alan Brown Silver badge

                Re: America's increasing isolation (@ AC)

                "I've demonstrated a few weeks ago that that is at least partially a fabrication. Their so-called "EU only" services also use US based infrastructure, and I demonstrated this using a government level service, well beyond any anti-terror excuse they could use at consumer level."

                If you can provide proof of this, I know some people who would be _very_ interested in seeing it.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: America's increasing isolation (@ AC)

                  If you can provide proof of this, I know some people who would be _very_ interested in seeing it.

                  Well, yes, I had to triple check this because I didn't believe it either but the evidence seems pretty solid to me.

                  I assure personal and corporate privacy in context of multiple jurisdictions for a living, so it's not my first rodeo on this topic, nor are the problems news to me. That said, Microsoft and Google are not the only providers who may cause compliance problems. I have found a few other companies whose "EU only" statement needs some clarity - at first glance all appears to be OK but if you start digging you discover questions that need answers. "Oops, we did it again" is IMHO no longer acceptable..

                  @Alan Brown - if you were to ping your contact details to the Reg Newsroom they'll pass it on - they know who I am (not by default - I told them) :).

          2. Dave 15

            Re: America's increasing isolation (@ AC)

            What about the clouds...

            Yup, mostly run by American companies and of course not just your emails but ALL your corporate data, your designs, your documentation, your code, your everything is available to the Americans... and I wouldn't put it past their government to share it to make sure you are outbid in that contract or you find competition has stolen a march on you...

        2. Anonymous Coward
          Anonymous Coward

          Re: America's increasing isolation (@ Mephistro)

          My point, is that Trump is not the one destroying civil liberties in the US, that started a long time back.

          And where were all these protestors when the Law was enacted? Obama was quite happy to keep laws such as this in place. Indeed, just before leaving office Obama expanded the ability of the NSA to share data.

          Where were the protestors demanding Obama's head on a pike at that?

          1. This post has been deleted by its author

          2. Anonymous Coward
            Anonymous Coward

            Re: America's increasing isolation (@ Mephistro)

            Plus what happens if the Russians start getting more aggressive and no one else in Europe wants to pony up to defend itself?

            1. Dave 15

              Re: America's increasing isolation (@ Mephistro)

              Perhaps we are looking in the wrong direction. The Royal Navy did at one time make sure that America was on its list of potential enemies. And they should be. They ripped off the UK in two world wars last century (see the war diaries of David Lloyd George for ww1, look at the amount we paid in gold, then overseas bases, companies (like Courtaulds) and finally in massive debt for the kit we needed to keep America 'free'). Compare to the Russians who expended millions of their people in both wars and didn't charge us for it (true we did send them some supplies... )

              Then look at the aggressive posture, sure Russia might have taken Crimea... and no one stood up to that so who knows what next. But the Americans have taken half of the gulf and oil producing areas, and are meddling in others. The Americans have over 50% of ALL the worlds naval forces... thats for defence???

          3. ecofeco Silver badge

            Re: America's increasing isolation (@ Mephistro)

            Where were the protestors demanding Obama's head on a pike at that?

            Oh pretty much everywhere.

            https://www.google.com/search?q=protests+for+obama+nsa&newwindow=1&safe=off&biw=1366&bih=575&source=lnms&tbm=isch&sa=X&ved=0ahUKEwjC-_H7w_rRAhWEMyYKHR5fALsQ_AUIBygC

    3. alain williams Silver badge

      Re: America's increasing isolation

      Once US law compels multinationals to violate other nations' laws, I think it's pretty much inevitable that America will become ostracised (both digitally and in many other ways too) from the rest of the world,

      I would love to agree with you. However who cares ? :

      * corporations: don't give two hoots about (their customers') privacy. If using infrastructure in the USA saves them 0.5% costs they will do so. They will give lip service to privacy, just another corporate lie.

      * governments: most of them want access to all your data and will strike private deals with the USA. A few push back, England is not one of those.

      * individuals: most look at me puzzled or think "there goes Alain again" when I talk about privacy and turn to look at their facebook page.

      * el-reg (& similar) readers: but we are in a minority.

      Sigh :-(

      1. Doctor Syntax Silver badge

        Re: America's increasing isolation

        "corporations: don't give two hoots about (their customers') privacy. If using infrastructure in the USA saves them 0.5% costs they will do so. They will give lip service to privacy, just another corporate lie."

        A few cases brought under GDPR once it comes into force and they'll give more than two hoots. They'll give some substantial fines.

        1. Anonymous Coward
          Anonymous Coward

          Re: America's increasing isolation

          A few cases brought under GDPR once it comes into force and they'll give more than two hoots. They'll give some substantial fines.

          I can't see that myself. I think you'll find there's plenty of cop outs in the name of security and the war on paedodruggyterroristfurreigners. And even if Germany (in particular) don't like it, are the German government really going to say "boo" to America? I think not. Particularly when they're busy hiding behind the NATO shield, whilst spending proportionately far less on defence than the US, UK or Poland.

          The Mighty Orange is of course wound up about that issue of European freeloaders, so there will be pressure....but even so, any European government will eventually pony up its citizens data if asked, although I doubt that the Yanks will even bother to do that.

          1. Anonymous Coward
            Anonymous Coward

            Re: America's increasing isolation

            I can't see that myself. I think you'll find there's plenty of cop outs in the name of security and the war on paedodruggyterroristfurreigners. And even if Germany (in particular) don't like it, are the German government really going to say "boo" to America? I think not. Particularly when they're busy hiding behind the NATO shield, whilst spending proportionately far less on defence than the US, UK or Poland.

            They don't have to. In some parts of Europe they still have some degree of democracy at work, and rights are becoming more and more an issue that voters care about, especially in the light of increasing idiocy. Privacy is simply part of the package of Human Rights they all signed up to, but I would agree that it needs more pressure to become an issue for people. They've done a fine job weaning people off privacy with social media, but that doesn't mean we should give up.

            That would play exactly into their cards.

            1. Bogle

              Re: America's increasing isolation

              Sounds like a good time to shout out the fine work done for privacy rights in the UK by the Open Rights Group [https://www.openrightsgroup.org/support-org]. Go give them some support (if you care).

          2. Doctor Syntax Silver badge

            Re: America's increasing isolation

            "And even if Germany (in particular) don't like it, are the German government really going to say "boo" to America?"

            So? It'd go up to the ECJ in that case. Actually Germany are quite sensitive about this. Stasi for one thing & Merkel's phone for another.

        2. BillG Silver badge
          WTF?

          Other Countries?

          In the U.K., doesn't the "Regulation of Investigatory Powers Act of 2000" give the government the right to size data without the warrants the USA requires?

          1. Alan Brown Silver badge

            Re: Other Countries?

            Let me know when a UK RIPA order can be used outside the borders of the UK and NI.

      2. Oh Homer
        Big Brother

        Re: "Who cares?"

        An increasing proportion of the populace.

        While it's true that consumers are largely clueless (and worse, apathetic), as I've pointed out before elsewhere it's also the case that as a regime becomes more oppressive, its populace is forced to react. There's a wealth of historical data that demonstrates this very clearly.

        Once ordinary people in former allied nations understand that the US is essentially a hostile combatant, and they actually begin to feel the heat from that aggression, they will refuse to have any dealings with it. Specifically this means that US based service providers will be boycotted, not only as a matter of conscientious objection, but as a practical matter of personal safety.

        This is very different than, say, boycotting Israeli products due to their policy of genocide and illegal occupation. As a UK citizen I feel great sympathy for the plight of the (largely adolescent) Palestinians, but I don't particularly fear Mossad spying on me and subsequently extraditing me to Israel for torture and summary execution.

        With the headline revelations made by Assange, Snowden and friends, the general population is now acutely aware of exactly who the threat is, and the specific implication this has if their privacy is violated. That's something that's increasingly hard to ignore, even among formerly clueless, apathetic consumers.

        1. Anonymous Coward
          Anonymous Coward

          @Oh Homer

          "Once ordinary people in former allied nations understand that the US is essentially a hostile combatant, and they actually begin to feel the heat from that aggression, they will refuse to have any dealings with it."

          So basically most people in Europe who kept up with the happenings in the Middle East. For example: right now everyone agrees that Islamic State (IS) is a big threat to security, also given their recent spree's of violence within capital cities.

          However, what often bothers me is that no one seems willing to address the exact origins of IS. Because that was a direct cause of the power vacuum occurring due to the removal of Saddam Hussein. A person who, ironically enough, got into power through massive support from the US in the first place. Many experts, including those from the US, warned the Bush administration about this massive risk but no.... Hussein had to go, and all under a false flag operation too no less.

          And as a result we now have IS to deal with. Not only a massive threat to the population (no one ever stops to think about them!) but also the surrounding countries as well as Europe as a whole.

          So yeah, I'd like to think that Europe should realize this thing very well by now. And it also never stops to amaze me why Europa has never ever protested against the US meddling in their own backyard. Because it's easy: the whole Iraq / Iran thing happened far away from the US, so they had nothing to worry about. But all surrounding countries and Europe as a whole suffered from it.

          As can be clearly seen by the terrorist attacks from IS. Which basically all started when the US had to invade Iraq despite nearly every expert around warning against it.

          People now worry about what Trump might do to the country and all, but I can't help wonder if he really can do any worse than Bush has done.

          1. Alan Brown Silver badge

            Re: @Oh Homer

            "Because that was a direct cause of the power vacuum occurring due to the removal of Saddam Hussein"

            It goes back a lot further than that - still mostly the USA's fault, though the French and British caused the initial problems to start festering in the way they carved up the former Ottoman empire.

            In the French case, they did it deliberately, to keep everyone fighting amongst themselves and in the British case through bureaucratic incompetence (Ignoring T.E.Lawrence's recommendations and simply putting straight lines on maps) coupled with self interest (oil access and promising large tracts of land to the French in the first place).

            Ever since the end of WW2 and the start of the second(*) Cold War the USA has responded to mideast issues (especially anything which affected business interests there) in a way which didn't solve the problem at hand and usually made things worse. I'm minded of the tale of an old lady who swallowed a fly and how that eventually ended up. The only question is when the horse shows up.

            (*) The First Cold War was between the USA and Japan before WW2 - which is the root source of all those yellow peril propaganda movies from that period.

            1. John Brown (no body) Silver badge

              Re: @Oh Homer

              "The only question is when the horse shows up."

              Does an ass count?

          2. Oh Homer
            Headmaster

            Re: @Oh Homer "happenings in the Middle East"

            Well certainly America's meddling in the Middle East (that used to be our job BTW), and its subsequent if unintentional (although entirely predictable to anyone with an IQ greater than that of a cabbage) creation of the Islamic State, is a significant contributory factor to America's "hostile combatant" status, in that it's a sort of Agent Provocateur for the shitstorm we Euro-peons now have to suffer.

            But actually I was referring more directly to the fact that America is spying on British citizens, profiling us and generally treating us like the enemy, so it's rather hard not to reciprocate, unless you're a political lackey sympathetic to the American empire's hegemonic ambitions, and generally speaking most Brits are not. In fact even a few British politicians are not, or at least they publicly feign outrage at Donald Dump's Nazi agenda, which to be honest probably doesn't mean very much, given that the whole lot of them are pathological liars, pro-Brexit, and somewhere to the right of Attila the Hun.

            As for the "happenings in the Middle East" and who or what is the greatest threat, at least in the UK, here's the thing: I personally have never been attacked by a Muslim terrorist, or even a slightly miffed Muslim, or any sort of Arab, or even any sort of terrorist, and that's despite me living and working all over the world, including at one point right in the middle of a fucking combat zone, in the Doha desert, one mile from the Iraq border, whilst frantically waving my arms and screaming "Come on you bastards!" in my best John Cleese accent.

            On the other hand, I know as a matter of documented fact (thanks Eddie) that I, and probably everyone else in the UK, have been violated by the US government. That's more than a threat, it's an absolute certainty.

            So like I said, hostile combatant.

      3. Nigel Campbell

        Re: America's increasing isolation

        The assertion about not giving two hoots about customers' privacy isn't true if it becomes a due diligence issue for the customers. Google and Microsoft - along with various other players - are trying to sell much more lucrative cloud hosting services such as Azure. If USGOV manages to establish a precedent that they can compel data to be handed over without having to make a case to the government of the country where it's domiciled, it causes two major problems to anybody providing any international hosting services.

        * First, any entity with an INFOSEC policy has to consider the implications of having commercially sensitive data picked up in overly broad search warrants. This makes U.S. domiciled companies very unattractive to any entity that has any INFOSEC policy.

        * Secondly, this type of warrant puts companies providing such services in contravention of the laws of other countries. A significant part of microsoft's defence is that it is impossible to comply with warrants of this nature without being in contravention of the laws of the country the data is domiciled in.

        Exposure to the overly broad U.S. search and seizure policies is already causing infrastructure vendors such as Cisco to lose significant market share as it is now considered a significant risk that Cisco hardware may be backdoored. If these precedents are set in the U.S. then any U.S, domiciled company providing hosted services will bring the same operational risk.

        However, the major risk for multinational companies trading in the U.S. is that it becomes impossible to do business in both the U.S. and any jurisdiction that has data protection laws, as U.S. law could compel them to do things that would be criminal offences in the domicile the data is held in. This would effectively balkanise the market for hosting services to U.S. and non-U.S. companies; Google and Microsoft would lose a lot of money and just about all of their market influence.

  2. Gene Cash Silver badge
    Unhappy

    WOW

    Never thought I'd see the day where Microsoft fought for user privacy and Google just rolled over and took it. Dang. They're not appealing? At all? Seriously?

    1. Mark 85 Silver badge

      Re: WOW

      It ain't over until it's over. They haven't appealed yet.

      The big difference seems to be who's email. In MS's case, it's a non-US citizen and apparently that email has stayed in the Ireland DC. They (MS) most likely don't want to irritate other governments and be banished. In Google's case, it's a US citizen and apparently the emails were in the US once....

      Moral: Don't move the damn emails or data from country to country.....

      1. P. Lee Silver badge

        Re: WOW

        >Moral: Don't move the damn emails or data from country to country.....

        Moral: Store your data on kit which is under your control.

        FTFY

        1. Charles 9 Silver badge

          Re: WOW

          "Store your data on kit which is under your control."

          Unless you build your own kit from scratch including the chips, there's now way to ensure your data is really under your control. Just ONE is enough to break everything wider than open.

          Now who own their own personal chip foundry, eh?

      2. Tom 7 Silver badge

        Re: WOW and apparently the emails were in the US once....

        I'd imagine pretty much all email will now be routed via the US. Not necessarily by the service providers.

      3. Phil W

        Re: WOW

        "In Google's case, it's a US citizen and apparently the emails were in the US once....

        Moral: Don't move the damn emails or data from country to country....."

        Who the item belongs to and where it has previously been located are beside the point.

        If it was physical evidence, located in a shipping container that was once in the US but has now been shipped to Ireland would it be ok for the US to simply issue a warrant to have it moved back?

        Or would you expect them, more properly, to liaise with law enforcement in the country where the shipping container is located (especially when they have pre-existing agreements in place expressly for this purpose) and obtain the evidence through this legally established channel?

    2. Oh Homer
      Big Brother

      Re: "Google just rolled over"

      Actually that's the least surprising part of this, given that Google has publicly stated on many occasions that its users have no reasonable expectation of privacy. Indeed Eric Schmidt has made it crystal clear that he has nothing but contempt for privacy, parroting that old chestnut about "nothing to hide", while breathlessly exalting that fact that privacy is essentially dead (although he tries to whitewash this by drawing a weak distinction between privacy and anonymity).

    3. Anonymous Coward
      Anonymous Coward

      Re: WOW

      "Never thought I'd see the day where Microsoft fought for user privacy and Google just rolled over and took it."

      Windows phone 7.5 (old model): Each and every aspect which could intrude on my privacy had to be turned on. The start of using the thing was all opt-in, dozens of questions: "May Microsoft use data from keyboard entry?", "May Microsoft use data from speech entry?", etc, etc. If I had ignored it then this would be turned off.

      Android phone (from a friend): We compared and he did not get any questions at all. In fact: all he had was opt-out stuff. Everything was turned on and left for him to turn off.

      So yeah, I'm not so surprised here.

      1. Alumoi

        Re: WOW

        Are you sure about that?

        Android phones comes with Google spying turned on by defaul 'for your convenience'. Sammy's crapware is also spying by default.

    4. a_yank_lurker Silver badge

      Re: WOW

      This is a district court which may get slapped around by the appeals court. A cursory read is the judge tried to avoid the implications of the Slurp ruling. I think this court is under the same appeals court that ruled Slurp did not have to turn over the emails.

      1. Alan Brown Silver badge

        Re: WOW

        "I think this court is under the same appeals court that ruled Slurp did not have to turn over the emails."

        A fundamental difference between the cases is that MS went out of its way to ensure that mail delivered to an EU mailbox STAYED in the EU at all times.

        Google flitted things around between datacentres worldwide, including inside the USA - which means that the USA has jurisdiction under most interpretations.

        The other fundamental difference is the difference in company structure. MS EU is a standalone company not under MS USA control, whilst Google EU isn't. (Franchising vs Subsidiary)

      2. Adam 52 Silver badge

        Re: WOW

        "I think this court is under the same appeals court that ruled Slurp did not have to turn over the emails"

        It's not; Pennsylvania is on the third circuit, New York on the second so the precedent isn't binding.

  3. David 14

    The multiple faces of the USA

    So here is another story about the US courts extending outside of the physical and virtual borders of US control and attempting to extend their laws... while this instance is AT LEAST related to a US citizen, past ruling have not been.

    Yet, just today, in Canadian media, there were discussions around a potential re-negotiation of the "North American Free Trade Agreement (NAFTA)" between Canada, the USA, and Mexico. One of the noted objections in the current trade environment by US companies is that Canadian government entities refuse to allow data to be stored in the USA. The US note on this is that there is a foolish (my words, their meaning) fear of lack of security of the data.... yet here we are again.

    Personally, as an IT professional, I discuss this with customers (public and private entities) and will likely discuss the foreign ownership of hosting companies as well... if a US-based company has Canada data centers, the current environment does NOT protect Canadian data if the US is attempting to force disclosure.

    I wonder how the US government would react if Amazon were to release all US data on court request to Canadian authorities seeing as Amazon has a data center in Canada and moves data from USA and Canada regularly.

    1. Anonymous Coward
      Anonymous Coward

      Re: The multiple faces of the USA

      "I wonder how the US government would react if Amazon were to release all US data on court request to Canadian authorities seeing as Amazon has a data center in Canada and moves data from USA and Canada regularly."

      Simple: then there'd be hell to pay. When EU citizens travel to the US then the US reserves the right to go over everything they have, they even demand access to financial records.

      So at one time the EU considered doing the opposite as well. All for the sake of security and setting a standard. Yeah... and all of a sudden there was massive resistance because what the EU had in mind was a blatant and disrespectful intrusion of privacy.

      For the very same thing.

      And this is why I refuse to go to the US. Out of principle. And no: that has nothing to do with Trump (which is a popular thing to do) but the same applied to Obama, Clinton and Bush. All different presidents and they all couldn't care less about the privacy of others.

      1. allthecoolshortnamesweretaken

        Re: The multiple faces of the USA

        Yup. When it comes to data privacy, orange is the new black, so to speak.

        1. Anonymous Coward
          Anonymous Coward

          Re: The multiple faces of the USA

          Please don't use the word orange, he's very sensitive. It's not a handy trait in a politician, is it ...

          1. Alan Brown Silver badge

            Re: The multiple faces of the USA

            > Please don't use the word orange, he's very sensitive.

            His press attache is said to be extremely sensitive to being called Sean Sphincter.

            You should avoid that too.

          2. Anonymous Coward
            Anonymous Coward

            Re: The multiple faces of the USA

            Please don't use the word orange, he's very sensitive. It's not a handy trait in a politician, is it ..

            Please don't use the word "hand", he's very sensitive about this too.

        2. John Brown (no body) Silver badge
          Pint

          Re: The multiple faces of the USA

          "orange is the new black, so to speak."

          Have one of these on me ----------->

      2. Lokuban

        Re: The multiple faces of the USA

        The fundamental problem is structural: Commerce is willing to subvert its customers' interests to achieve its business goals, so no certainty of privacy there; individuals' views on privacy vary widely, with few willing to invest the resources necessary to preserve it, and even fewer having the ability to do so, making DIY privacy unattainable; and governments have generally taken the position that privacy should not restrict their efforts to safeguard their subset of individuals, so any privacy protection on offer will be uncertain.

        There are no credible others outside these groups.

  4. John Smith 19 Gold badge
    WTF?

    And while THE PATRIOT stands it always will.

    IIRC the MS thing was a non US citizen not in the US and (I think) it was a MS subsidiary in Ireland.

    Bottom line. You can't trust a US company, or it's subsidiaries, to keep your data (business or personal) private from the USG, and the USG does not need a reason to ask for it.

    "Privacy is dead" says the creepy Eric Smidt.

    He would. It's in his interests that people think that already, so Google can keep pushing further toward making it so. Creepy is clearly a student of Lenin and "pushing in the bayonet" till it meets steel.

    1. Nick Kew Silver badge

      Re: And while THE PATRIOT stands it always will.

      Nothing wrong with the Google line here.

      What would be very wrong would be to promise privacy and then do the opposite. Or to use weasel words to appear to promise privacy, but leave themselves nasty loopholes. Or perhaps just fudge and evade the issue.

      In this instance, they maintained their user's privacy until a court order told them to do otherwise. Much like mumsnet in another recent story.

      I wouldn't rely on privacy from any provider. Regardless of Good Intentions, they could be bullied by courts, penetrated by spooks, or infiltrated by rogue sysops.

    2. Anonymous Coward
      Anonymous Coward

      Re: And while THE PATRIOT stands it always will.

      I'm wondering what happens when someone trying to get into the USA says,

      "I do not have any Social Media accounts, I never have and never will."

      What will the HDS do when their searching for incriminating data on social media (without a warrant btw) can't even start?

      Perhaps the whole system will blow up in their faces.

      That was a nice dream wasn't it.... Shame really.

      1. Anonymous Coward
        Anonymous Coward

        Re: And while THE PATRIOT stands it always will.

        They COULD consider him a terrorist courier and deny him entry.

    3. Anonymous Coward
      Anonymous Coward

      Re: And while THE PATRIOT stands it always will.

      Strikes me that you can't trust any non-US company, or its subsidiaries if there is any possibility of it being bought up by a US company.

  5. Anonymous Coward
    Anonymous Coward

    Use gmail, that's what you get.

    There are plenty of non-US email providers.

  6. Mephistro Silver badge
    FAIL

    Is it a bird? is it a plane?

    No! It's the Privacy ShieldFigleaf flying away in the distance!

    "Also, unlike the Microsoft case, the search warrant was served against a US citizen, not a foreigner."

    This -again- highlights a fundamental difference between EU Law and USA Law: in the EU people are protected by laws regardless of their origin or place of residence, while American Law seems to consider foreigners as untermenschen without a full set of rights. This has been happening for decades and the new POTUS and his quite peculiar worldview will only make things worse.

    1. Nick Kew Silver badge

      Re: Is it a bird? is it a plane?

      I think the new POTUS is a red herring here. It's not him but the preceding generation he's so rude about that brought Patriot and Snooper's Charter. Some things will get worse, but I don't think the particular issue of online privacy will be one of them.

      One straw in the wind: he's already at war with the US courts. If you want to extend PATRIOT into something even more sinister, the last thing you want to do is alienate your henchmen tasked with enforcing it.

      Unless you go the full totalitarian, and run a private security state separate from the law.

      1. John Smith 19 Gold badge
        Mushroom

        "Unless you go the full totalitarian, and run a private security state"

        That is not the nuclear option.

        That would be the 1 clause act suspending The Senate and Congress and instituting direct rule from the Oval Office.

        IOW "Thank you for your service but if you're not in the Cabinet you're not needed. Please vacate the building in the next hour. "

        But no one would be megalomanical enough to do that in the 21st century in the most powerful country on the planet, right?

        1. Doctor Syntax Silver badge

          Re: "Unless you go the full totalitarian, and run a private security state"

          "That would be the 1 clause act suspending The Senate and Congress and instituting direct rule from the Oval Office."

          My understanding of the US constitution is fairly restricted but an Act would indicate Congress & Senate, rather as it would indicate Hoc & Lords in the UK. So do you think they'd suspend themselves?

          An Executive Order might attempt this but AIUI there are then mechanisms in place to declare the President unfit.

          In the event of the excrement entering the aircon in this fashion who'd have to implement such rival orders & who would they side with?

          1. Charles 9 Silver badge

            Re: "Unless you go the full totalitarian, and run a private security state"

            As I understand it, the Constitution is still just a document: Ink on a page, literally. Someone with enough cojones and enough backing could just push that document aside and rule autocratically. That's what a lot of coups are about.

            1. Doctor Syntax Silver badge

              Re: "Unless you go the full totalitarian, and run a private security state"

              "Someone with enough cojones"

              The usual rejoinder on this side of the pond is "You and whose army?". That, in effect, is the question I posed. In the event of a face-off who would be responsible for enforcing or opposing and on which side would they come down.

              1. Charles 9 Silver badge

                Re: "Unless you go the full totalitarian, and run a private security state"

                Which would usually then be replied with, "The one whose families face the consequences if they don't do what I say." There are usually other ways to do it as well. Plus as always there's the matter of nukes. No one's had the cojones to actively use them, particularly on their own people, but if Saddam could willing use chemical weapons in his own borders, what's to say?

        2. Mark 85 Silver badge

          Re: "Unless you go the full totalitarian, and run a private security state"

          I'm not sure about the current brood on military senior officers, but every person in the US military takes the oath to "defend and protect the Constitution"... not to blindly follow the President or protect/defend him personally. I daresay that if any of the old breed of military are in charge anywhere, such a thing would result in forcefully evicting the resident of the White House.

          There was a rumor that we came close to this in the not too distant past but I'm pretty sure it was wishful thinking on the part of those telling the tale.

      2. Brent Beach

        Re: Is it a bird? is it a plane?

        "at war with the US courts"

        You do know who appoints judges? Already appointed judges can try, but they age out of the system. The US congress has control and has been Republican for most of the last 2 decades.

        Expecting justice from US courts! Welcome to the Emerald City.

    2. peter_dtm

      @Mephistro

      don't forget the converse

      US also considers its citizens to be under USA jurisdiction regardless where they are in the world; and based on apparently being a US citizen because one of your parents were; even if you never took up the right to claim US nationality - at least theat is waht the US taxman appears to be able to enforce

  7. Strahd Ivarius
    WTF?

    So if I understand the issue

    Every country has the right to ask access to any Google Mail account (especially the ones belonging to US officials) since the data may have transited in the past by this country?

    Interesting notion...

    1. Anonymous Coward
      Anonymous Coward

      Re: So if I understand the issue

      Let's have some fun with @reallyorangeone twitter account then ....

  8. DougS Silver badge

    I don't see this as a problem

    This was a legally executed search warrant on a US citizen, for data held by a US company. The subject was accused of fraud that occurred within the US, against a US citizen, and the court order stated that information related to the crime would be found in the data (presumably emails) Just because the data happened to be held outside the US without the user's knowledge shouldn't mean it is immune to discovery. If the court upheld such a result, Google could make themselves immune to search warrants by holding data on US citizens/users offshore.

    This isn't anything like the Microsoft case, where the US authorities were trying to subpoena information related to a non-citizen non-resident. Nor was it like the Apple case, since Google is not being asked to break into its own systems or hack its own software to allow breaking a user's encryption.

    There is absolutely no reason why people who live outside the US should be concerned with this ruling. It affects you about as much as the UK law forcing one to reveal passwords affects me.

    1. Doctor Syntax Silver badge

      Re: I don't see this as a problem

      "There is absolutely no reason why people who live outside the US should be concerned with this ruling."

      From a quick look at the article the precedent set might be somewhat wider than you think. Consider "Just because the data happened to be held outside the US without the user's knowledge shouldn't mean it is immune to discovery." Looking at this from a European perspective one can easily see some lawyer arguing to extend this to "just because the data happened to be held in the US without the user's knowledge shouldn't mean it is immune to discovery" and then another extending "happened to" to "could".

      "It affects you about as much as the UK law forcing one to reveal passwords affects me."

      If you were to come to the UK that law would affect you but at least it would be a deliberate action on your part. My data could be sent to the US without my permission or even knowledge, simply by doing business with a UK company which happens to use some US cloud-based services and once there it is not safe; redress is not good enough.

      1. DougS Silver badge

        Re: I don't see this as a problem

        This order concerns a US citizen and US company, with offshore data. The precedent would be limited to such cases or similar. It could not apply to a non US citizen and non US company. That's not to say that they couldn't get at your data, but THIS particular case will have no bearing whatsoever on whether they'll be able to.

        1. Doctor Syntax Silver badge

          Re: I don't see this as a problem

          "This order concerns a US citizen and US company, with offshore data. The precedent would be limited to such cases or similar."

          If I understand the article correctly a part of the argument rests on Google moving data about between jurisdictions for their own convenience. I can very easily see a lawyer arguing that the precedent applies whatever the nationality of the data subject and getting away with it. That's similar, thin end of the wedge etc.

    2. Version 1.0 Silver badge

      Re: I don't see this as a problem

      This is only a problem if you somehow believe that using a third-part service like Gmail or Outlook is "secure" in any way. The fact is, once you send your data outside your network, unless you encrypt it, it's not secure. If you encrypt it then it may be secure but I wouldn't bet on it.

      At the end of the day, these laws are only going to catch the low-hanging fruit, it's easy to work around all of them with a little care or a lot of paranoia.

  9. Anonymous Coward
    Anonymous Coward

    The Cloud...

    Other peoples computers you have no control over, with no privacy or security of your data

  10. JeffyPoooh Silver badge
    Pint

    Email is like a postcard

    Some commentards above have suggested keeping emails only on kit under one's control.

    Internal emails perhaps...

    1. Charles 9 Silver badge

      Re: Email is like a postcard

      But what happens when you have to communicate OUTSIDE your domain? Then all bets are off regardless of the method.

      1. Doctor Syntax Silver badge

        Re: Email is like a postcard

        "But what happens when you have to communicate OUTSIDE your domain?"

        Not using a US-based multinational is a starting point.

        1. John Brown (no body) Silver badge

          Re: Email is like a postcard

          "Not using a US-based multinational is a starting point."

          Fair enough. At least for the sender. How do you know where the destination of the email is hosted?

          1. Charles 9 Silver badge

            Re: Email is like a postcard

            Plus, what if your multinational isn't based in the US but DOES have a branch in it? Or what if your recipient simply is unavoidably American? Plus for all the US-dissing that's en vogue right now, what's to say any other country isn't doing the same thing, only on the sly? After all, laws are just ink on a page.

    2. Alan Brown Silver badge

      Re: Email is like a postcard

      Encrypt your mail - even on the server.

      At that point you have to encrypt everything including laundry lists, because otherwise the fact that something's encrypted screams "oooh, I'm secret, look at meeee"

      (For added shits and giggles, ONLY encrypt your laundry lists)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019