back to article If Europe is against US's Irish email grab, it must pipe up now

The European Commission is running out of time to wade into the battle between US prosecutors and Microsoft over servers in Ireland. Uncle Sam's lawyers want the American company to hand over emails stored in the Emerald Isle, and everyone but the EC is piling in with their 2p. Before Christmas, the Irish authorities filed an …

  1. Anonymous Coward
    Anonymous Coward

    Sloppy corporate structure. Sloppy security. Sloppy access rights

    Had Microsoft put a little bit of thought into the legal implications of its corporate structure:

    - A subsidiary company would own the server farm in Ireland

    - No one in the US would have access to the data, except for support purposes

    - The people who do have access to the data, in Ireland, would be bound by Irish data protection laws

    - The US prosecutors would have no option but to go through the Irish authorities?

    Why should the US authorities go through Ireland* when they can effectively threaten Microsoft employees in the US until they get what they want (and they WILL get what they want, such is the power held by a US federal prosecutor).

    * Well, other than it being fundamentally the right thing to do.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sloppy corporate structure. Sloppy security. Sloppy access rights

      Microsoft does operate through a subsidiary in Ireland; however any subsidiary is still ultimately under Microsoft's corporate control, and so susceptible to this kind of order. Presumably Microsoft et al would have to come up with some kind of technical rather than managerial scheme whereby only the subsidiary could access the data; eg only the subsidiary held the encryption keys, under the control of Irish citizens.

      1. Doctor Syntax Silver badge

        Re: Sloppy corporate structure. Sloppy security. Sloppy access rights

        "Presumably Microsoft et al would have to come up with some kind of technical rather than managerial scheme"

        As I've suggested before, a franchise scheme should work. An Irish owned and staffed company would have the franchise to run MS-branded email services for European subscribers with all servers located in European countries under European legislation licensing the IP from MS. I doubt that setting that up would be beyond the abilities of MS lawyers and if necessary I'm sure they could take a little advice from their opposite numbers at Starbucks.

    2. Apdsmith

      Re: Sloppy corporate structure. Sloppy security. Sloppy access rights

      Hi AC,

      Umm, nope, it is owned by a subsidiary. Unless Microsoft just gives away it's European operation entirely, though, it's still under MS control, which is the point that district judge is making. It does seem weird to me that a district judge is abrogating treaties, I did not think that this was in their remit.

      I'm pretty sure no-one in the US has access. But, as the district judge has realised, they can give orders to the people that do, even if they are under European data protection laws, the judge doesn't care. He's ordered MS US to get the data from MS IE and, presumably, if MS US does not comply it will be sanctioned - it's up to MS US to either find a way to comply or get the order struck down somehow, and I think they do deserve some credit (I don't know how much) for actually fighting it rather than rolling over.

      I'm really not sure why they didn't use the existing option. Was this perceived as an easier option? Is someone trying to make a point? Do they actually _want_ to reduce American competitiveness abroad (Yeah, sure, I'll put all of my precious data on a US-owned cloud now, what could possibly go wrong!)?

      Ad

      1. Doctor Syntax Silver badge

        Re: Sloppy corporate structure. Sloppy security. Sloppy access rights

        "I'm pretty sure no-one in the US has access. But, as the district judge has realised, they can give orders to the people that do, even if they are under European data protection laws"

        If nobody in the US had access I don't think there'd be a problem: Judge orders MS/US to pass on the orders. MS/US passes on the orders. MS/IE says "Got the orders. Sorry, can't follow them, local legislation forbids.". MS/US tells judge they passed on the orders but they were countermanded outside their (MS/US's) remit.

      2. Doctor Syntax Silver badge

        Re: Sloppy corporate structure. Sloppy security. Sloppy access rights

        "It does seem weird to me that a district judge is abrogating treaties, I did not think that this was in their remit."

        I seem to remember reading somewhere that there is something very odd about the way the US handles treaties. Something along the lines that individual states aren't bound by the treaties the Federal Gov't makes.

        1. Anonymous Coward
          Anonymous Coward

          Re: Sloppy corporate structure. Sloppy security. Sloppy access rights

          I seem to remember reading somewhere that there is something very odd about the way the US handles treaties.

          You mean like the way it doesn't feel they apply to them at all?

        2. tesmith47

          Re: Sloppy corporate structure. Sloppy security. Sloppy access rights

          actually it is more like fu k you we "mericans" can fkn do anything we want, we got guns!!!! LOL

        3. tom dial Silver badge

          Re: Sloppy corporate structure. Sloppy security. Sloppy access rights

          Whether individual states are bound by treaties is not at issue here. Judge Loretta Preska, who issued the warrant on Microsoft is a federal district judge, issuing warrants based on federal law and court rules. However, a quote from the US Constitution is informative (Article VI, Sction 2):

          "This Constitution, and the Laws of the United States which shall be made in Pursuance thereof; and all Treaties made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Ting in the Constitution or Laws of any State to the Contrary notwithstanding."

          It appears that treaties are quite binding upon individual states although, again, that has nothing to do with the case under discussion.

    3. Anonymous Coward
      Anonymous Coward

      Re: Sloppy corporate structure. Sloppy security. Sloppy access rights

      Had Microsoft put a little bit of thought into the legal implications of its corporate structure:

      - A subsidiary company would own the server farm in Ireland

      - No one in the US would have access to the data, except for support purposes

      Nope. You've already lost the plot at the first point. As long as you have a HQ in the US you cannot escape the demand because you have the control. If you just left a subsidiary in the US you'd be in a better position to claim a lack of control, but then you'd have the issue that the US may start playing other games to gain leverage, like threatening to close your subsidiary.

      The simple bottom line is that you CANNOT have a US based HQ if you have any need to protect personal information, and if you have a subsidiary there you have to be prepared to lose it.

      This is also why the EU stays out of this - it is entirely outside their control. The only thing they can do is bring it up during trade negotiations, but the EU cannot plausibly require the US to respect EU sovereignty if it does not respect the same for the US - even if that leads to the Irish sub breaking the law as a consequence. The EU has no grip on the Irish sub because there is no legal process running in Europe to access that data. Annoying, but those are the facts.

      If US companies would like to fix the clusterf*ck of laws they have in their country which make this possible they are welcome to go home and talk to the people in Washington they sponsored so hard to make it this way instead of trying to get the EU to clean up the mess they made themselves.

    4. veti Silver badge

      Re: Sloppy corporate structure. Sloppy security. Sloppy access rights

      - No one in the US would have access to the data, except for support purposes

      Well, that's a honking big loophole right there. If you have access to the data "for support purposes" - you have access, and you're subject to whatever the authorities tell you to do with it.

    5. Master Rod

      Re: Sloppy corporate structure. Sloppy security. Sloppy access rights

      What do you mean, the right thing to do? Is the American prosecutor sovereign over all countries doing business with American companies? Someone is full of shit here.

      Master Rod

  2. Snorlax Silver badge
    Facepalm

    Sovereignty?

    Ireland, in its brief, decided to flex its muscles, reminding the New York court that: “Ireland is an internationally recognised sovereign nation state. The United States recognises and maintains diplomatic relations with Ireland.”

    Ummm, I thought we all knew at this stage that the US doesn't care about the sovereignty of other countries... Looks like somebody didn't get the memo.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sovereignty?

      Does the US even know about other countries?

      1. Anonymous Coward
        Anonymous Coward

        Re: Sovereignty?

        "Does the US even know about other countries?"

        Of course they do. Those places are where you go to drop bombs on terrorists, or to fund and arm terrorists.

  3. MJI Silver badge

    All Ireland has to do

    Is threaten to arrest and prosecute an executive if it happens, even set up an international arrest warrant for them.

    Then if it does happen they MUST carry this out, fines or jail, enough that it does not happen again.

    That village idiot judge also needs debarring.

    1. billse10

      Re: All Ireland has to do

      have an upvote, although I disagree with you in one respect: "That village idiot judge also needs debarring."

      I disagree in that I feel the village idiot judge should be on an arrest warrant as well.

    2. MrXavia

      Re: All Ireland has to do

      No, issue an arrest warrant for the judge.... Since they would be the one ultimately responsible for violating the law....

      1. Anonymous Coward
        FAIL

        Re: All Ireland has to do

        That would be a disaster. You'd have judges in various countries issuing arrest warrants for eachother, because in France it's illegal to issue a death sentence, so you can slam some judge in the U.S. for doing that. But in the U.S., unpasteurized milk products are largely illegal, so you can issue a warrant for some French judge who in some way ruled in favor of a company who sold some unpasteurized product that gave someone food poisoning. Meanwhile, in Saudi Arabia, there's a judge who will issue arrest warrants for any other judge around the world who issues decisions that protect defendant's rights to "disrespect the prophet".

        The U.S. judge is overreaching, but lets not use this as an excuse to start some kind of unworkable judicial tit-for-tat.

  4. ruscook

    Why doesn't Ireland, pass a law making it unlawful for subsidiaries, or any company operating in it's jurisdiction to pass on information to another gov't without the Irish Gov'ts consent.

    That would put the ball back in the US gov'ts court to follow the MLAT protocol.

    1. Ken 16 Silver badge

      It's already illegal for them to pass on personal sensitive data without the permission of the data owner or a warrant from an Irish court (or direction from the Minister of Justice, reviewed by a judge).

      1. ruscook

        Surely Micrsoft has pointed out to the judge that he is demanding they break the law of the country where the data is stored. I thought it was illegal for ANY arm of the gov't to require a person (corporate fiction or otherwise) to knowingly break the law.

  5. Anonymous Coward
    Anonymous Coward

    to 1st poster

    your post illustrates exactly the poor understanding (some) EU citizens have of the US setup.

    ANY company with a presence in the US is deemed a US company. And as such is subject to the power of the US feds.

    That's it really. No amount of circular documentation with company setups can change that.

    If you use a company that has a US presence, then it will be subject to handing over whatever data Uncle Sam wants. And if they use the PATRIOT Act to do it, you won't even know. Safe harbour ? Safe bollocks more like.

    1. Anonymous Coward
      Anonymous Coward

      Re: to 1st poster

      try the reply button, keeps your post next to the one your talking about.....

    2. Gordon 10
      FAIL

      Re: to 1st poster

      I call bollocks to you on that one AC. Its not that simple. Otherwise the US Tax man would be seizing all the profits Apple and Co. are storing oversea's.

      You would have been far more correct to say there are a complex web of legislation and treaties whose interpretation in different legal and govermental remits can sometimes result in the appearance that the Patriot act trumps everything. Don't get me wrong its a steaming pile of dog crap that needs to be repealed - but the reality is far more nuanced than you are shrieking about.

  6. Ken Hagan Gold badge

    Is the EU an interested party?

    The sovereignty in question is Irish and the Irish government has already replied (if only to rather snarkily remind everyone that they needn't have done). So maybe the EU doesn't reckon that it has anything more to contribute. Or maybe it is replying through diplomatic channels and saying "Look guys, we know you can't tell the judge what to say, but you *really* don't want to push this one much further.".

    1. veti Silver badge

      Re: Is the EU an interested party?

      I would guess it's the other way round, and the US is probably leaning heavily on the EU to keep its mouth shut on the whole debacle.

      "That's a nice economic recovery you've (finally) got going there. Be a shame if someone suddenly sold all their Euro bonds..."

  7. Anonymous Coward
    Anonymous Coward

    Mogherini still has to understand where she is...

    She was made Italian Foreign Minister just because she helped Renzi to become first head of his party, then President of the Council. In exchange Renzi made its party praetorians ministers. Then, following the old "promoveatur ut amoveatur" way of doing things, thought it was a good idea to send her to the EC, where almost nobody wanted someone with no previous real experience in diplomacy at that level. Unluckily, she now sits there, but she really has no idea about what she should really do unless told to, and anyway, she doesn't really care of such matter, it's not something that could help her strengthen her position within Italian politics - which is the only real thing that matters to any Italian politician.

  8. 100113.1537

    Let's get this straight.

    A US judge granted a warrant for emails of a suspected drug dealer. This is not a data grab or some underhanded spying, but a search warrant for electronic data limited to a specific individual. The warrant was used to request the data from Microsoft - presumable as the email account was held with them.

    Microsoft must have then refused to provide the information and their defense was that the data was held in Ireland. At which point the US judge then said 'doesn't matter because you are a US company' and now lots of US companies are saying this will damage their business.

    Now, forgive me for being somewhat dense here, but are they saying that their business relies on hiding information from a legitimately granted and served search warrant? I know everyone just loves to jump up and down about illegal data grabs by whatever security service is the flavour of the month, but that is not what is going on here.

    1. Chloe Cresswell Silver badge

      > Now, forgive me for being somewhat dense here, but are they saying that their business relies on

      > hiding information from a legitimately granted and served search warrant?

      No, they are saying their business relies on complying with the laws where the servers are based.

      If the court had gone though the "normal" channels as outlined in the article, they would have basicly asked the Irish legal system to obtain this data, and therefore would have complied with the local and normal international law.

      The judge is basicily saying "the server is in Ireland, you are US based, you own the servers via a subsidiary, therefore laws in Ireland don't apply to this data in Ireland".

    2. Lyle Dietz

      You are dense

      Providing the information that this US court has requested involves someone in Ireland breaking Irish law.

      Breaking the law is illegal.

      Therefore this is an illegal data grab.

      In addition, this isn't a valid search warrant. You can't search an Irish property with a US warrant. Well, you could, but someone could break your legs for your troubles and probably walk off scot free.

      The other US companies are right to be scared. If I hold sensitive data on a service provided by an Australian subsidiary of a US company, and these shenanigans are allowed, than the US can seize my data at any time they wish without consulting an Australian court.

      Naturally this isn't something I like the sound of; therefore I will not put my data at risk in this manner. Now, I might be a small drop in a large ocean, but these US companies are already looking at losing their foreign markets because of the NSA actions, and this is another nail in that coffin.

  9. tesmith47

    oh yeah, we have a reason to invade and bomb Ireland now!!! they are harboring potential drug dealers and probably terrorist too!!! I mean if it is a good enough reason to kidnap and imprison president Noreiga from Nigaugura then it damn well is good enough for those Irish!!!! LOL

    i know this will never happen, the Irish are considered "White" now

  10. Master Rod

    Ah hell, now you gone and done it. Here I thought we were the world's policeman, and savior. That's messed up. I'm confused.

    Master Rod

  11. Uffish

    Very odd

    So a US judge is knowingly directing US Micrsoft to instruct someone in Ireland to commit an act (or to permit an act) that is illegal in Ireland.

    My guess is that this one will run and run.

  12. crayon

    "Something along the lines that individual states aren't bound by the treaties the Federal Gov't makes."

    Federal government aren't bound by those treaties either.

    "and imprison president Noreiga from Nigaugura"

    actually the dude was from Panama, and he was imprisoned because he stopped cooperating with the CIA's drug smuggling operations.

    The US' motto is "all your sovereignty are belong to us".

  13. tom dial Silver badge

    The issue is not quite so simple as many posters seem to think. Orin Kerr, an actual lawyer and law professor with real knowledge of Fourth Amendment law and the Stored Communications Act, has written about this case several times in the Washington Post. The articles refer to others with different viewpoints.

    http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/07/07/what-legal-protections-apply-to-e-mail-stored-outside-the-u-s/

    http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/07/25/more-on-privacy-rights-in-e-mail-stored-outside-u-s/

    http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/07/30/verizon-responds-to-my-posts-on-the-foreign-e-mail-case/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like