back to article Oi, force Microsoft to cough up emails on Irish servers to the Feds, US states urge Supremes

Microsoft should not be able to “shield evidence” held on Irish servers from US prosecutors, a group of 35 US state attorneys general has argued. The group – which represents Vermont, New Jersey, Illinois, Florida among other states – submitted an amicus brief to the US Supreme Court backing the US Department of Justice’s …

  1. LDS Silver badge

    Change "email" with "money"...

    ... and you see the same should apply to money stored offshore.

    Now, why they are so obsessed with this email, and not with the stash of money - which are no longer physical, just data stored in some databases... - stored and laundered abroad?

    1. Andy Tunnah

      Re: Change "email" with "money"...

      >Change "email" with "money"...

      ... and you see the same should apply to money stored offshore.

      Doesn't work. It's more like if a US bank had overseas branches. The US courts should still be allowed to compel the company to reveal account info. They're not physically asking for the money to be moved, they're asking to see the balance.

      I could understand if the crim used a different provider, one that wasn't a US-based company. But it's generally understood that even though you're using a worldwide accessible service, you're accessing the "local" version.

      Don't get me wrong, I'm all for the courts being in Microsoft's favour. It's just, rationally, I find it hard to support

      1. Doctor Syntax Silver badge

        Re: Change "email" with "money"...

        "Don't get me wrong, I'm all for the courts being in Microsoft's favour. It's just, rationally, I find it hard to support"

        Rationally it's not at all hard to support. There's an established procedure for this, one which involves going to the Irish courts. They should have used it. There's no indication that they tried. Supporting due process of law vs taking short cuts isn't at all irrational.

        1. JEDIDIAH
          Thumb Down

          Re: Change "email" with "money"...

          No. The data is in control of a US company. Changing it from data to money really doesn't change a thing. They are trying to play a shell game in order to hide from the courts. The courts should not have any of it.

          If a foreign corporation was doing this kind of thing in the US in order to hide from their own courts, I would have no problem with it going the other way.

          This situation is nothing like hiding money in the Cayman Islands.

          1. Cheesemouse

            Re: Change "email" with "money"...

            You will find that Cayman has one of the most transparent and well regulated financial regimes in the world. The journalism and politics of envy are always quick to rail against tax neutral territories but if you really want to find laundering, corruption and the hidden billions of despots and crooked regimes look no further that...yes you've guessed it... London! Right on the doorstep of the journos and SJW's that bleat so much about offshore. The irony would make Alanis blush. It's almost as bad as rain on your wedding day

      2. Anonymous Coward
        Anonymous Coward

        Re: Change "email" with "money"...

        "The US courts should still be allowed to compel the company to reveal account info. They're not physically asking for the money to be moved"

        But they are not asking for "the balance". They are asking for everything. And as the information itself is what is of value here, so it is like they are remotely emptying your account as the best analogy! And more importantly on EU territory, EU law trumps US law, and personal data is legally protected in the EU.

    2. big_D Silver badge

      Re: Change "email" with "money"...

      And maybe the state attorneys should actually study the law, before opening their mouths.

      It is their own incompetence that has led to this problem. There have been legal mechanisms in place for decades to get access to this data, without them having to act like xenophobic idiots and which, if there was any reasonable case, would have gotten them the information years ago, without all this stupidity.

      1. LDS Silver badge

        "It is their own incompetence that has led to this problem."

        Actually, it's exactly they want to set a precedent, or obtain a Supreme Court ruling. I guess those emails are now wholly irrelevant to the case. They want to extend their reach, so they don't have to bother with those pesky foreign jurisdictions. Just, they didn't dare with something - like money - which would have seen them shut down instantly.

      2. RonWheeler

        Re: Change "email" with "money"...

        'And maybe the state attorneys should actually study the law, before opening their mouths.'

        Go IT boy - teach them clueless top legal bods law stuff.

        1. This post has been deleted by its author

    3. Bronek Kozicki Silver badge

      Re: Change "email" with "money"...

      Hm, money stored offshore? As long as the bank does any business at all in the US, all such money owned by US individuals have to be reported to US authorities.

  2. Anonymous Coward
    Anonymous Coward

    US Attorneys and international law

    US and international law - always a sight to behold. Law usually loses.

    1. Anonymous Coward
      Anonymous Coward

      Re: US Attorneys and international law

      I think it's more accurate to state that justice always loses :(

    2. Ian Michael Gumby Silver badge
      Boffin

      Re: US Attorneys and international law

      The law is very interesting.

      Microsoft can't claim that because the servers are overseas therefore the court order isn't valid.

      It is.

      Note: We're not talking about an Irish citizen who lives in Ireland and the US courts wants his data. That would be a completely different issue. The question here is how do you handle jurisdiction of data.

      To make this simpler... You have a criminal act in NY committed by a US citizen and resident of the state of NY, yet the data sits on a server in California. The defense could argue that because the server was in a different state that they didn't have jurisdiction.

      Now, that doesn't sound right, now does it?

      Move the server to Toronto...

      The point is that because the data is accessible from the jurisdiction where the crime was committed, it should be admissible. That the location of the server is irrelevant.

      1. Anonymous Coward
        Anonymous Coward

        Re: US Attorneys and international law

        Microsoft can't claim that because the servers are overseas therefore the court order isn't valid.

        It is

        for US Microsoft staff, but not for Ireland Microsoft staff.

        If Ireland staff or government decided to cut power to the server there, nothing US do will restart the server. They will still have to wait until Ireland staff / government restart the server before getting any data.

        US is not in full control of Ireland, therefore US law doesn't apply there unless there's an Ireland US agreement. End of story.

      2. strum Silver badge

        Re: US Attorneys and international law

        >The point is that because the data is accessible from the jurisdiction where the crime was committed

        So, if the sherrif has a long enough stick, he can retrieve the evidence from Mexico?

  3. NoneSuch Silver badge
    FAIL

    US law is in effect everywhere.

    Your nations laws end at your countries border. Yet the Americans see nothing wrong with that arrangement.

    1. Chris Fox

      UK not much better (in the quality of its arguments)

      The UK takes a view similar to that advocated by the US DoJ in this case, under the UK's RIPA, DRIPA and IPA laws, which are taken to apply to companies operating in the UK, even if they are based elsewhere, and hold data elsewhere. Their arguments ignore some of the complexities of independent, extra-territorial subsidiaries (in a way that seems at odds with the tax-avoidance-friendly interpretation of the nature of "independent" corporate entities) and the interplay of the IPA with EU data protection rules (which mean that any entity storing data of EU citizens already has to comply with various obligations, which also include specific exemptions for law enforcement). Perhaps they wish to gloss over these subtleties and nuances in order to curry favourable treatment from the US DoJ when attempting to access data held in the US, just as the parliamentary "debates" about other aspects of the IPA effectively glossed over and ignored key aspects of critical ECJ rulings.

      1. big_D Silver badge

        Re: UK not much better (in the quality of its arguments)

        But, in this case, we are talking about Irish servers, owned by an Irish company on Irish soil, which just happens to be owned by an American company.

        Microsoft can't legally hand over the data to the US without an Irish or EU warrant under EU and Irish law, regardless of what the US supreme court decides.

        1. SVV Silver badge

          Re: UK not much better (in the quality of its arguments)

          The article clearly states that MS can access the data from within the US. In which case, why can't they legally access it and hand it over after a legally binding US notice to do so is served to them in the US?

          I have no interest pro or anti any of the parties in this case, but surely where the information is accessible from, and by whom, is just as important as where it's physically stored? Otherwise, all reasonable law enforcement in the digital realm could quickly become impossible (and before you start cheering that prospect, just consider the case where you're the victim of some massive privacy or financial theft that could be solved if that was the guiding principle.....)

          1. Doctor Syntax Silver badge

            Re: UK not much better (in the quality of its arguments)

            "The article clearly states that MS can access the data from within the US"

            Where do you see this in the article?

            Do you mean this: The prosectors argued Microsoft is an American corporation and therefore should obey an order from an American judge; where the data sought existed was immaterial – it could be accessed from Redmond's US offices.?

            Or this: “The court reached this conclusion even though Microsoft could easily access the stored data from its United States offices,” the group said, echoing a key argument in the DoJ’s case against Microsoft.?

            In the first case note that this is an argument by the prosecution and in the other the group referred to is the not entirely disinterested group of state attorneys general in it's a claim in an amicus brief.

            Neither of these constitutes evidence. Neither is clearly stating fact.

            "I have no interest pro or anti any of the parties in this case, but surely where the information is accessible from, and by whom, is just as important as where it's physically stored? Otherwise, all reasonable law enforcement in the digital realm could quickly become impossible"

            How many times does it have to be pointed out that if the authorities have a case to justify a warrant there is an existing process whereby they present it to a court in Ireland in whose jurisdiction the data resides? So reasonable law enforcement is not impossible. The fact that they have not done so gives rise to grave suspicions that something else lies behind it - anything from initial ignorance of the due process backed up by pig-headedness or a severe case of willy-waving to embarking of a fishing trip with no case at all. It doesn't need any interest in the outcome of the underlying case to be deeply concerned about due process in accessing it. Due process of law should be of interest to us all.

          2. Ken Hagan Gold badge

            Re: UK not much better (in the quality of its arguments)

            The ease with which one can perform an action has no bearing on whether that action is actually legal.

            I find it quite shocking that this is actually presented as an argument on the prosecution side. I can only assume they came up with better arguments when they were law students, otherwise it is hard to see how they ever got qualified in the first place.

          3. Ken Hagan Gold badge

            Re: UK not much better (in the quality of its arguments)

            "surely where the information is accessible from, and by whom, is just as important as where it's physically stored?"

            Not really, unless you want to make it legally impossible for *any* company to operate outside of the country where its head office is located.

            One of the reasons why companies have subsidiaries abroad is to make the operations of those subsidiaries subject to the laws of those countries, thereby making it easier and safer (and in some cases, just plain legal) for customers in those countries to do business with those subsidiaries. I would argue that the practice ought to be more widespread and that all sales to consumers in country X ought to be conducted through a subsidiary in country X and taxed according to the laws of country X.

          4. Anonymous Coward
            Anonymous Coward

            Re: UK not much better (in the quality of its arguments)

            "why can't they legally access it and hand it over after a legally binding US notice to do so is served to them in the US?"

            Because it would be illegal under EU law. And the penalties for Microsoft in the EU are WAY higher than likely for ignoring a US judgement precisely to trump such an attempt to sidestep EU rules.

            1. ecofeco Silver badge

              Re: UK not much better (in the quality of its arguments)

              Because it would be illegal under EU law. And the penalties for Microsoft in the EU are WAY higher than likely for ignoring a US judgement precisely to trump such an attempt to sidestep EU rules.

              Exactly

          5. Anonymous Coward
            Anonymous Coward

            Re: UK not much better (in the quality of its arguments)

            "Microsoft" cannot access anything. Microsoft is a company. And I doubt they're sharing admin accounts accross subsidiaries.

          6. Anonymous Coward
            Anonymous Coward

            Re: UK not much better (in the quality of its arguments)

            "The article clearly states that MS can access the data from within the US. "

            It doesn't say that at all. It says that the DOJ are presuming that they can.

            Microsoft run a Windows Active Directory type security model which is quite capable of denying access to data even to administrators. This is one of the many advantages of that model over say *Nix where you have no concept of denying root access to a file system. This is likely why for instance Google just roll over for these type of requests and comply.

            Microsoft have publically stated that their security model has the capability of requiring a local data custodian to approve access requests to local data from other territories. So it is possible that if such a request broke Irish law as seems probable then Microsoft USA physically could not provide the data.

          7. Ken 16 Silver badge
            Thumb Up

            MS Azure Region China North

            OK, so Microsoft (CN) Azure employees working out of the North China Region can technically access and migrate data from another Azure region, say South Central US or US DoD East...and they receive a legal court order from the Chinese government to do so. Just because that breaches US law is that a reason for them to ignore the court order? Surely where the information is accessible from and by whom is just as important as where it's stored physically?

        2. Loud Speaker

          Re: UK not much better (in the quality of its arguments)

          Irish soil, which just happens to be owned by an American company

          It looks clear enough to me: America owns Ireland. fight over.

          1. Anonymous Coward
            Anonymous Coward

            Re: UK not much better (in the quality of its arguments)

            "It looks clear enough to me: America owns Ireland. fight over."

            China technically owns much of America via it's bond holdings. I don't see that making much impact to legal issues in the US!

        3. Chris Fox

          Re: UK not much better (in the quality of its arguments)

          "But, in this case, we are talking about Irish servers, owned by an Irish company on Irish soil, which just happens to be owned by an American company."

          Right, though I'm not sure why you say "but"; my observation was that the UK governement's view on extra-terratorial jurisdiction prima facie supports the US DoJ's position in this case. In fact it seems even broader/more extreme: according to UK government's reasoning the US DoJ should still legally be able to require data to be handed over even if Microsoft itself were registered in Ireland, Iceland or Switzerland etc., (regardless, it seems, of the views or laws of the countries in which the data were held, or the companies were registered).

          Of course I am not saying that the UK government or US DoJ are right here (and my earlier comment alluldes to some sleight-of-hand in the UK government's amicus brief), just that the US DoJ is not unique in its attitude to extra-terratorial jurisdiction: other "civilised" countries make similar, or stronger, claims.

  4. ma1010 Silver badge
    Flame

    Yeah, but common sense, too...

    If a criminal in the US sends messages to his crime partner in the US planning a crime in the US, but EmailHostCo has their server in another country and could easily retrieve those emails at one of their facilities in the US, why in the hell should the police have to involve the government of another country just because the emails are located on some server there? As long as police are getting a warrant from a real court that has jurisdiction over where the emails originated or terminated, why should it be necessary to involve some other country? It dosn't make make any sense to me, and certainly makes it easier for criminals.

    Of course, I'd like to see ANY access by police to email servers controlled and require an order from an actual regular court whose actions could be reviewed, as opposed to some secret court with no responsibility to anyone, like we currently have in the US.

    This whole situation highlights the serious need for more and better international agreements regulating this sort of thing. Right now it's practically the Wild West as far as international computer crime goes. And if the U.S. even tries to police criminals who attack U.S. computer systems or (in this case) even commit crimes in the U.S. but there's some kind of foreign computer involvement, in come the lawyers, and it all goes pear-shaped when it should have been fairly straightforward. The EU, USA, Russia and China (for starters) should get together and sort this out. Possibly there should be an international "computer crime court" or something like that which can issue warrants good in all countries, something like an EU warrant. SOMETHING better than we have now, at any rate.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yeah, but common sense, too...

      "why in the hell should the police have to involve the government of another country just because the emails are located on some server there?"

      Well in the case of the EU it would be because personal data stored in the EU is protected under the GDPR regulations, and companies that break the rules by say moving that data outside of the EU without specific informed consent can be fined up to 10% of global turnover. Per incident! And or responsible executives imprisoned. It was designed to be exceeding painful for any company that breaks EU law partly to defeat exactly this sort of extra territorial over extension of local law.

      1. Lysenko

        Re: Yeah, but common sense, too...

        Well in the case of the EU it would be because personal data stored in the EU is protected under the GDPR regulations,

        Not quite. GDPR applies to the personal data of EU citizens or resident immigrants. It does not cover foreign nationals or transient visitors so emails belonging to an American citizen/resident stored in Ireland are outside the scope of GDPR.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yeah, but common sense, too...

          Not quite. GDPR as it stands also applies to personal data stored in the EU about natural persons residing outside the EU. There is talk of dropping that to remain competitive, but no decision yet.

          1. Lysenko

            Re: Yeah, but common sense, too...

            Not quite. GDPR as it stands also applies to personal data stored in the EU about natural persons residing outside the EU.

            Under a plain reading of Recital 14, yes however that is subject to the provisions of Art. 2 S2(a) which provides limitations and Art. 3 S1 which is ambiguous in terms of the interpretation of the word "establishment" due to the second clause of the sentence. This sort of thing will take case law to clarify so, as things stand, one can only be certain that GDPR protects the personal data of persons resident within or citizens of the EU in the context of activities taking place within the jurisdiction of the ECJ (Art. 2).

      2. Doctor Syntax Silver badge

        Re: Yeah, but common sense, too...

        "Well in the case of the EU it would be because personal data stored in the EU is protected under the GDPR regulations"

        Not quite yet. GDPR doesn't apply until May 2018. But GDPR only tightens up on an existing directive.

    2. veti Silver badge

      Re: Yeah, but common sense, too...

      The trouble is that the data in question is protected by Irish and EU law. What the feds demand will, if it happens, be interpreted in Ireland as a criminal hack, and the individuals and companies implicated will then be in much the same uncomfortable position as Laurie Love.

      Indeed, it does raise the rather delicious prospect of Ireland demanding the extradition of USSC justices as accessories to the crime. Who would hear *that* case, I wonder?

      1. Snorlax Silver badge

        Re: Yeah, but common sense, too...

        @veti:"What the feds demand will, if it happens, be interpreted in Ireland as a criminal hack, "

        Irish law relating to hacking is pretty much nonexistent; unauthorised access to a computer comes under the Criminal Damage 1991, and the penalties are pretty light.

        There is a cybercrime bill in the pipeline I think, but if or when that gets implemented is anybody's guess.

        Somebody in Dublin needs to call the US ambassador in for tea, biscuits and a bollocking but yeah, probably not going to happen.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yeah, but common sense, too...

          Somebody in Dublin needs to call the US ambassador in for tea, biscuits and a bollocking but yeah, probably not going to happen.

          Not the problem here. If USA pulls this one, watch the data protection regime between USA and Eu unravel in an afternoon. It will not even need a Schrem to use this as a precedent that USA does not give a flying f*** about any Eu Data protection law. That is something we all know, but an obvious precedent to be presented to the ECJ has been missing so far. These idiots are hell bent to create one. Well, fine, let them do it. All of the American high tech companies will be moving HQ offshore shortly thereafter making USA a subsidiary.

          So it will not be the US ambassador called for tea and scones (what biscuits in Ireland?). It will be all valley companies having a kind word with whatever congresscritter they purchased last.

          1. Snorlax Silver badge

            Re: Yeah, but common sense, too...

            @AC:”what biscuits in Ireland?”

            Custard Cream or Chocolate Digestive

        2. Anonymous Coward
          Anonymous Coward

          Re: Yeah, but common sense, too...

          "Irish law relating to hacking is pretty much nonexistent;"

          But irish law implementing the EU Data Protection Directive and the General Data Protection Regulations also exist and are much more onerous in terms of penalties!

          1. Snorlax Silver badge

            Re: Yeah, but common sense, too...

            @AC: I think you're a bit confused. GDPR doesn't come into effect til 2018, and anyway data protection law has nothing to do with the criminal act of breaking into to a computer.

      2. T. F. M. Reader Silver badge

        Re: Yeah, but common sense, too...

        @veti: "The trouble is that the data in question is protected by Irish and EU law."

        Not only that, but, as far as I understand, MSFT specifically and intentionally segregate data storage by geography, at least partly to comply with the various data protection laws, and that is written into the TOS. It is not, "Oh, yes, we could download the stuff from our Redmond office... Oh, sh!te, we didn't think of the legal aspects..." It was made legally inaccessible from other jurisdictions by design and with a lot of forethought.

        There was another case involving Google that was covered by El Reg, and there the judge decided that it was different from the MSFT case because there was no geographical separation by design. It made sense to me at the time.

    3. Doctor Syntax Silver badge

      Re: Yeah, but common sense, too...

      " why in the hell should the police have to involve the government of another country just because the emails are located on some server there?"

      They don't have to so why are they doing it?

      There's no need to involve the government of another country. All they have to do is involve the courts of that country by following existing agreed procedures. So why do they try to go barging in heavy handed in a way that gets governments involved in defending their sovereignty?

      "This whole situation highlights the serious need for more and better international agreements regulating this sort of thing."

      ROFLMAO. The international agreements of which you write already exist. This entire episode is the result of the authorities in this case choosing not to use them.

      All they have to do, assuming they have a case, is to present that case to the relevant court and get a warrant. Microsoft Ireland would be bound to abide by that warrant. The Irish government would not be involved. (Technically, I suppose, it would have already been involved in negotiating with the US the relevant treaty which the US authorities are now ignoring.)

      So why are they getting themselves in this position. Is it that they don't have a case? Do they have a case but can't be bothered to get off their arses and present it to the relevant court? Are they trying to establish a precedent whereby they can go to a complaisant US court for fishing expeditions when they really don't have a case and know they'd be laughed out of an Irish court? Did the read the word 'foreign' and think they'd have to present the case in a non-English language? If it's that I can assure them that they speak excellent English in Ireland. Do they just fancy throwing their weight about internationally to bully smaller countries, given they're not doing very well with Russia or the Norks?

      If they get their way with this things will not go very well with a large swathe of the US tech industry in the future. The Privacy Figleaf can be expected to shrivel up and die and it will be very difficult to persuade anyone in the EU to have another shot at replacing it. Any US business that depends on the Figleaf this will find EU business drying up. Other markets might follow. You might find yourself reminiscing about the halcyon days when the US had an international tech industry.

      1. Adrian 4 Silver badge

        Re: Yeah, but common sense, too...

        "There's no need to involve the government of another country. All they have to do is involve the courts of that country by following existing agreed procedures. So why do they try to go barging in heavy handed in a way that gets governments involved in defending their sovereignty?"

        Because the courts have a perfectly good argument as to why they shouldn't provide access. Governments, on the other hand - at least, the UK - can easily be leaned on and in fact have an interest in changing the law so they can get at the data their own laws put off-limits.

      2. ecofeco Silver badge

        Re: Yeah, but common sense, too...

        ROFLMAO. The international agreements of which you write already exist. This entire episode is the result of the authorities in this case choosing not to use them.

        I am amazed at how many people are not understanding this!

    4. Roland6 Silver badge

      Re: Yeah, but common sense, too...

      The EU, USA, Russia and China (for starters) should get together and sort this out.

      Err? they have, hence why people keep referring to other existing mechanisms the US could have used to legally access the data.

      I suspect the question that you and others in the US should be asked is: Why, if the pre-existing agreements aren't up to the job, the US has not taken the initiative and convened a meeting involving at least the EU, to review the existing arrangements and propose changes...

  5. ratfox Silver badge
    Black Helicopters

    Looks like a market opportunity...

    for mail servers owned and operated by companies outside the US.

    1. h4rm0ny

      Re: Looks like a market opportunity...

      Data havens will be the new tax havens.

      If they aren't already.

      1. Roland6 Silver badge

        Re: Looks like a market opportunity...

        >Data havens will be the new tax havens.

        Bruce Sterling "Islands in the Net", 1988 ...

    2. Anonymous Coward
      Anonymous Coward

      Re: Looks like a market opportunity...

      for mail servers owned and operated by companies outside the US.

      As this case shows, it's not as easy as just planting some servers abroad and set up a sales office in Switzerland (I'm looking at you, Silent Circle). There is a whole host of other things you need to take care of.

      That said, it's not impossible, but it (a) takes time to do it right (b) requires you to be very, very thorough and (c) you can't do this for free. Anyone who offers a service like this for free is either cutting corners, making their money with something they shouldn't or or will charge you through the nose later. It takes a lot of effort to do it right.

  6. a_yank_lurker Silver badge

    Feral Criminality

    The Ferals are taking lounging in the doughnut shop to an extreme. If this was a money laundering or drug case they would get off their asses and get the locals involved. So the question is why can't they do it in this case.

    1. Richard 12 Silver badge

      Re: Feral Criminality

      The only logical conclusions are:

      A) The data they want would be illegal for them to access via the legal route of asking the Gardai for it.

      B) They want to utterly destroy all US-based digital businesses for all time, handing this entire sector to EU and China.

      1. Lysenko

        Re: Feral Criminality

        C) They resent the implication that American law and Judicial fiat lack universal jurisdiction and feel the need to reiterate that the "sovereignty" of other countries is a privilege granted by the USA rather than a fundamental right and therefore exists only so long and as far as the USA condescends to permit it.

        1. ecofeco Silver badge

          Re: Feral Criminality

          D) All of the above.

          Not even joking.

    2. Velv Silver badge
      Headmaster

      Re: Feral Criminality

      If this was a money laundering or drug case they would get off their asses and get the locals involved

      My understanding is that this is a drug case (“narcotics trafficking” to use the reported words). If I remember correctly the accused was outside the US (in Ireland), shipping substances into the US.

  7. Doctor Syntax Silver badge

    "Because of such storage policies, and due to technological change and the global nature of the communications environment, the U.K. does not believe that the geographic storage location of data should be the determining factor for whether or not a nation may gain access to such communications."

    Does HMG really believe that if the Feds won this one that the US would reciprocate and grant access to US servers on the basis of a warrant in a UK court? What numpty wasted taxpayers money coming up with this one?

    1. M Mouse

      re HMG

      "Does HMG really believe that if the Feds won this one that the US would reciprocate"

      There's been little or no proof of it happening in the past, and I believe the "traffic" (of "wanted" bodies) has usually, if not exclusively, been towards the US, even if the evidence seems relatively flimsy... and over there, the penalties sometimes seem extreme (do they have a preferred order of states in which to try cases to provide for maximum penalties being applied? It certainly seems possible that if they can get a stiffer sentence, they go for it!)

      1. John H Woods

        Stiffer Penalties

        Not to mention the wholesale abuse of plea bargaining

        1. Graybyrd
          Windows

          Re: Stiffer Penalties

          Plea bargaining is only one part of the process, in particular a 'relief' measure to more quickly flush the volume of prosecutions through an over-whelmed judicial system. An earlier question, "... and over there, the penalties sometimes seem extreme (do they have a preferred order of states in which to try cases to provide for maximum penalties being applied? It certainly seems possible that if they can get a stiffer sentence, they go for it!)" is equally applicable to the dysfunctional US justice system. It's well known that US prosecutors 'shotgun' the charges to overwhelm defense efforts. A defendant can face a dozen or three separate charges rising from prosecutorial interpretation of the offense. Each charge must be faced by the defense, and considered by the jury. Thus a jury may find you innocent of 23 various charges, but the 24th charge returned as 'guilty' (i.e., felonious mopery during commission of an unlawful act) will send you off to prison, labeled for life as a convicted felon.

          As for prosecutors 'court shopping', that is also very common. It's almost routine that a federal charge incurred in WA state may be tried in an eastern court, say... New Jersey. This is conveniently rather inconvenient for defense witnesses to attend and participate, and adds a crushing burden to defense expenses. Also... New Jersey judicial authorities would have little affinity or understanding for WA state offenders. Just sayin... 3,000 miles of geography can be a handy thumb on the scales of justice.

    2. Doctor Syntax Silver badge

      "What numpty wasted taxpayers money coming up with this one?"

      On reflection this could be much more than a waste of money. It could cost British business dear. When, post-Brexit, the UK is looking for adequacy under GDPR this cavalier attitude could be held against us.

      1. Dan 55 Silver badge

        I think David Davis statement last Sunday and the subsequent reaction by the EU showed gov.uk that people outside the UK can actually read, listen, and view media from inside the UK.

        Yet that statement was submitted on Wednesday so they still haven't really got their head round that fact.

        1. Wensleydale Cheese

          "I think David Davis statement last Sunday and the subsequent reaction by the EU showed gov.uk that people outside the UK can actually read, listen, and view media from inside the UK.

          You only need to look at the newspapers or watch the telly in mainland Europe to see that they report on UK events far more widely than the UK media does on European events. The general population shows more interest too.

    3. Sanguma

      What numpty wasted taxpayers money coming up with this one?

      There's apparently a Numpty Breeders Club situated somewhere on the west bank of the Thames, deeply hidden inside London. It's very exclusive. For some reason it's only a Breeders club; they don't do any showing, which is why we don't get fliers in the letterbox inviting us to the Annual Numpty Breeders Show.

      Pity. They might actually make some money this time, if they did.

    4. Potemkine! Silver badge

      Does HMG really believe that if the Feds won this one that the US would reciprocate and grant access to US servers on the basis of a warrant in a UK court?

      I doubt it does, but UK's government knows it has not to infuriate the US to have a chance to negotiate a trade deal to try to compensate Brexit... and it wouldn't be the first time UK's gov' acts as an US poodle

  8. Edward Clarke

    I'm sort of confused here... If you need the damned emails, why don't you just ASK FOR THE BLOODY THINGS from the Irish government? It sounds like they would be perfectly willing to turn them over.

    1. M Mouse
      Thumb Down

      sort of confused... No. VERY confused.

      "from the Irish government?"

      No, I think you mean ask "in an Irish Court" (and give sufficient evidence for the warrant to be issued).

      The Irish Government likely doesn't have the messages, nor care, unless we are about to see a US "we can grab WTF we want" (which seems to be a fairly standard approach for law enforcement and other security-related matters). I think the "screw you" attitude has been extended much further in recent years and President Trump might be at the front of that parade now...

      1. Snorlax Silver badge
        FAIL

        Re: sort of confused... No. VERY confused.

        There are three branches of government - executive, legislative and judicial.

        The MLAT request is made by the foreign country to the Department of Justice, i.e the executive branch

        So the person you found fault with is actually correct, and you aren’t.

        1. Bronek Kozicki Silver badge

          Re: sort of confused... No. VERY confused.

          I do not know about Irish laws, but there is a possibility that executive branch is prohibited from making such a decision, and has to pass it to courts instead.

          1. Snorlax Silver badge

            Re: sort of confused... No. VERY confused.

            @Bronek Kozicki: There is a pdf on the Irish Department of Justice website which explains the procedure in plain English.

            It is a well-established procedure and there is no reason why it shouldn't be used by the US, other than the fact that they want to be dicks about the whole affair.

  9. Doctor Syntax Silver badge

    The next step?

    The EU should test the US's attitude on the reciprocal of this. Start a tax investigation into Trump's EU property and apply for a warrant in an EU court to get his tax returns.

    1. Anonymous Coward
      Anonymous Coward

      Re: The next step?

      "and apply for a warrant in an EU court to get his tax returns."

      Would not be a problem - Trump banks with Deutsche Bank!

  10. Wolfclaw

    If the DOJ win, will American companies hand over data to say a court in China, North Korea, Iran that may end up with an American citizen locked up for a long time, sometimes on very dodgy evidence. You need an international agreement on data access for legal procedures, you don't sign up, you don't get access!

  11. Anonymous Coward
    Anonymous Coward

    It's always amusing when lawmakers are hindered by their own laws.

    Like David Davis, they appear to think they're just a statement of intent rather than to be taken seriously.

    1. ecofeco Silver badge

      Re: It's always amusing when lawmakers are hindered by their own laws.

      They do indeed think its just a statement of intent.

      That they only have to pay lip service to. The rest of us get the hammer.

  12. Will Godfrey Silver badge
    Unhappy

    Temper Tantrum

    Send them to bed without supper.

    It is a bunch of 2 year olds we're talking about... isn't it?

  13. scrubber

    Feck off you fecking feckers.

  14. Grease Monkey

    Regardless of the legal arguments one has to wonder how much money has been wasted on this case rather than just applying for a warrant in an Irish court.

    Of course the reason that they didn't choose the cheaper course of action is that they want a precedent to be set. However this could be a dangerous precedent. It could be harmful to US business interests abroad.

    1. Anonymous Coward
      Anonymous Coward

      "It could be harmful to US business interests abroad."

      We can only hope...

  15. Adam Foxton

    Surely the ability to access the files is irrelevant, it should be about the ability to access the files /legally/. Just because I'm an employee of a company doesn't mean I can look at any file (e.g. network admins being capable of accessing HR files but not being permitted to do so).

    Microsoft US (one company) accessing Microsoft Ireland (another company)'s computer network specifically for the purposes of bringing customer data out of the EU- and then specifically so as to avoid having to follow established (and not that onerous for legitimate needs) EU procedures- would surely be illegal.

    Indeed, should the very existence of this case not mean that Microsoft Ireland has to restrict access to their US counterparts? This is a blatant attempt to gain unauthorised entry to a computer system, and allowing this would make MS-Ireland criminals in their local jurisdictions as they would be exposing /all/ of their customer's data to the US. It should be treated as any other outside entity attempting to gain access.

    Even if some theoretical weakness remained in the system, "You should exploit this weakness, and also you're not allowed to fix this weakness" is a seriously different argument to "the file is there and easily accessible, go get it"

  16. Anonymous Coward
    Anonymous Coward

    The Cloud...

    Other peoples computers the US can get their grubby hands on whereever they are.

  17. JimC

    It should be about where the user was, not the server, it seems to me.

    Storage ought to be irrelevant I think, what should matter is where the user was situated when the emails were created. If you're in the US when you type that email you are subject to US law, and US law should apply to handing that email over to the US government. But if you are in Ireland when you type the email you are under Irish Law, and Irish law should prevail.

    Of course the big cos are going to say this is difficult to manage, but the lawmakers would probably say tough.

    1. IamStillIan

      Re: It should be about where the user was, not the server, it seems to me.

      It's more than difficut to manage. In infeasibly problematic without effectively a new interational agreement on it and a huge wodge of policy everyone has to find ways to implement.

      There are issues around how to record such information, confidence in such information, burden of proof.

      Then there are ambiguities around things made in multiple juristrictions (collaborative authoring), out of duristiction (international waters), the list goes on and on.

  18. Sherminator
    Facepalm

    Follow due process

    Irrespective which party ends up as the actual winner of that argument, the fact remains that the law has to be followed.

    Is it me, or is law enforcement in the US beginning to follow the Hollywood narrative?

    Tough moody cops and lawyers hell bent at getting the bad guy, despite the irony of breaking the law to bring the law to the bad guy......etc.etc??

    1. Cheesemouse

      Re: Follow due process

      The DA's given you 24 hours to bust his ass. You guys better get him downtown or I will be having both your badges and your guns, Now get out of my office! (to himself.. you crazy guys)

  19. EnviableOne Bronze badge

    depends on where the user took-out their agreement with microsoft.

    If they took it out in the US, then the user agrreement is with Microsoft Inc. based in redmond WA, therfore where they chose to store the data is of no consequence, it is within the remit of the US court.

    If the user took out the agreement outside the US, they contracted with microsoft International which is an Irish company headquartered in dublin, and the data is subject to eu law and the juristiciton of irish and eu courts.

    in the first case MS have no leg to stand on, in the second, DoJ have none.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019