back to article Handing over emails in an Irish server to the FBI will spark a global free-for-all, warns Microsoft

Microsoft has warned a US appeals court that forcing it to hand over emails stored on a server in Ireland would demolish internet user privacy worldwide in a “global free-for-all”. At the heart of the matter is a row over whether the Redmond giant should cough up messages held in an Irish data center – messages belonging to …

  1. Destroy All Monsters Silver badge
    Big Brother

    DAT EXCEPTIONALISM!

    Same attitude as for FATCA and AIR PASSENGER REPORTING really. It's all owned by US!

    The counter from the US government's lawyers was that withholding the data would let criminals and fraudsters evade American prosecutors by sending their data offshore.

    America has less than total jurisdiction over the globe! What did the Empire of Bases buy then? Can't something be done??

    1. Tomato42 Silver badge
      Childcatcher

      Re: DAT EXCEPTIONALISM!

      https://en.wikipedia.org/wiki/List_of_treaties_unsigned_or_unratified_by_the_United_States

      that's all

      few excerpts:

      Convention on Consent to Marriage, Minimum Age for Marriage and Registration of Marriages

      Convention on the Non-Applicability of Statutory Limitations to War Crimes and Crimes Against Humanity

      Convention on the Rights of the Child

      icon because the above

    2. Anonymous Coward
      Anonymous Coward

      Re: DAT EXCEPTIONALISM!

      America has less than total jurisdiction over the globe! What did the Empire of Bases buy then? Can't something be done??

      You're missing the point. US law governs companies in US jurisdiction, If Microsoft et al do not want to be subject to US law, they should move out of the US or seek ways to get it changed. After all, they do spend enough money on lobbying, which is the only correct route to change US law. That US law considers a company HQ having enough leverage to demand data from another location or subsidiary is not an illogical position to take, and it's not like this has not been known for years in Silicon Valley boardrooms, or Brussels would not be as full with lobbyists trying to damage EU privacy laws to the point that legitimises the US legal deficiencies.

      What MS and friends are trying to say in court is that US law only applies if it doesn't inconvenience them, and that's not a precedent that should be allowed because if THEY manage there is no reason why other laws cannot be "adjusted" in a similar way.

      1. nexsphil

        Re: DAT EXCEPTIONALISM!

        > US law governs companies in US jurisdiction

        The problem is that this, the basis of your argument, is a foundationless assertion. US law may govern companies in US jurisdiction, but that doesn't automatically extend into other national jurisdictions, regardless of how US law is interpreted. Because US law isn't relevant outside of the US.

        Hard to grasp, I know, but *officially*, the US ruling cabal doesn't own the world yet.

      2. Doctor Syntax Silver badge

        Re: DAT EXCEPTIONALISM!

        "US law governs companies in US jurisdiction, If Microsoft et al do not want to be subject to US law, they should move out of the US"

        Sigh. I've said this here a couple of times. Looks like I'll have to say it again.

        All they have to do is arrange for a franchisee to operate the business outside the US. They can then go to the US court & truthfully say they have no access, it has to be done through the franchisee which operates under the law of the country where the franchisee is located.

        It's not like US business don't have lawyers capable of setting up franchises( for tax purposes).

        You're also missing the point that it's not Microsoft et al who want to be not subject to US law. It's their non-US customers. Why should we be so subject?

        1. Alan Brown Silver badge

          Re: DAT EXCEPTIONALISM!

          "All they have to do is arrange for a franchisee to operate the business outside the US."

          They have.

          Microsoft EU is a wholly owned subsidiary of Microsoft (mumble), based outside the USA, but with Microsoft USA being the only shareholder.

          Other companies have similar arrangements.

          The truely facepalming part about all this is that given the type of case, a search warrant filed in Dublin would have been granted extremely quickly.

          1. Doctor Syntax Silver badge

            Re: DAT EXCEPTIONALISM!

            "Microsoft EU is a wholly owned subsidiary of Microsoft (mumble), based outside the USA, but with Microsoft USA being the only shareholder."

            That's not the same as having a wholly separately owned franchise operation. If they really want a clear legal air-gap then they need a company with wholly non-US shareholders running a franchise under Irish law (or whatever the country of residence is) with the terms of the contract excluding any ability of any part of US to demand customer information.

      3. Gordon 10 Silver badge
        FAIL

        Re: DAT EXCEPTIONALISM!

        Why do the biggest bags of FAIL always come from AC's?

        What MS and friends are trying to say in court is that US law only applies if it doesn't inconvenience them, and that's not a precedent that should be allowed because if THEY manage there is no reason why other laws cannot be "adjusted" in a similar way.

        No. What MS are saying is that their US parent cannot order their Irish subsidiary/franchise/JV to break European law. Or rather they can order it to which the Irish guys are perfectly within their rights to refuse as their duty is to the Irish legal entity and Irish/EU law - NOT US law.

        Contrast this with the US banking regulations such as Volcker where the US has compelled Banking entities in other countries to comply by threatening their US arms. Which is similar in tactics to the MS case but at least has the legitimacy of going through Congress. Unlike the cowboys in the MS case who are trying to get a judge to rule to create a data grabbing precedent WITHOUT going through congress and WITHOUT using the existing International treaties that were put in place to deal with this exact situation.

        TL;DR - this is an attempted end run around existing agreements coz some entitled bureaucrats think they shouldn't apply to Uncle Sam. Alternative view : The Justice Dept and State Dept. infighting using MS as piggy in the middle.

        1. Doctor Syntax Silver badge

          Re: DAT EXCEPTIONALISM!

          " this is an attempted end run around existing agreements coz some entitled bureaucrats think they shouldn't apply to Uncle Sam"

          It could indeed be ignorance, arrogance or indolence that caused them not to choose the proper procedure. However, having thought about it some more I wonder if it's a fishing expedition and they don't have an adequate a priori case to present to the Irish. Or maybe they're a lot of secretive sods who can't bring themselves to present the case that they do have because somebody else.

      4. Morrolan

        Re: DAT EXCEPTIONALISM!

        Yes, but Microsoft's in Ireland too.

        Suppose a court in Ireland issues an order for Microsoft to not release those emails. (Which is entirely conceivable.) What's Microsoft to do then? Whichever way it goes, it's disobeying one court system or another.

        This is the whole reason we have jurisdiction, so that courts don't bump heads in this way.

    3. LarchOye

      Re: DAT EXCEPTIONALISM!

      They say "Criminals and Fraudsters" huh...

      Just like wiretaps are track "Terrorists", right?

      Look at all the terrorists they're catching, right!??

      And since when has there ever been drugs trafficked via email anyways? [I'm still trying to figure out how to do it]

  2. Locky

    Office365...

    And how the US legal system killed off M$'s strategy for the next 5 years.

    Coming to a El Reg article near you soon

    1. Anonymous Coward
      Anonymous Coward

      Re: Office365...

      And how the US legal system killed off M$'s strategy for the next 5 years.

      The harsh reality is that it was many years ago that the US legal system killed off the ability for the whole of Silicon Valley to sell abroad, they just managed to keep it quiet until now. Now the public is waking up to it the likes of Microsoft and Google try to pretend they didn't know all along, but you should ask them for how long they have been having problems with European companies that are large enough to employ their own legal team.

      They have known for YEARS that they have a serious problem. They just hoped their customers would never care enough if they found out, but mainly thanks to Snowden that isn't working anymore.

      All this wailing is a sideshow - they have known for years.

  3. g e

    "by sending their data offshore"

    Well it certainly seems to work with money for American criminals companies

    1. LDS Silver badge

      Re: "by sending their data offshore"

      Exactly, and I've never seen an authority intimating banks to handle data hold by their offshore branches. Maybe because some influential "lawmaker" happen to store money there as well?

  4. LarchOye

    OH YAY, THE WAR ON DRUGS IS RUINING INTERNET PRIVACY AND COULD DESTROY THE GLOBAL INTERNET

    Just when you thought the "War on Drugs" had just about created/caused as much horror and strife as it possibly could...

  5. Your alien overlord - fear me

    Surely by now, all Irish crims with business in the US will have deleted their emails off the Microsoft mail servers hosted in Ireland and moved their emails to another mail provider?

    1. Peter Gathercole Silver badge

      One word

      Backups.

      1. Steve Davies 3 Silver badge

        Re: One word

        If they keep their lawyers arguing long enough then the Statute of Limitations on any crimes identified in these backups may well mean that the US can do nothing about it.

        Sometimes I wish we have a similar thing here. Then we read about another 'Z' list former celeb getting arrested for nasty acts committed a long time ago and start to think again.

        1. Anonymous Coward
          Anonymous Coward

          Re: One word

          "Then we read about another 'Z' list former celeb getting arrested for nasty acts committed a long time ago and start to think again."

          There have been several celebrities accused, even arrested and prosecuted, and then it all petered out as the allegations would not stand up in court.

          It usually comes down to people disputing the details of remembered events many years earlier. The prosecution are often relying on several people making a similar allegation. Unfortunately there have been several cases where the police have trawled for people to come forward with allegations against specific people - while emphasising the substantial financial awards if the accused is convicted.

          People's memories of past events are notoriously poor - especially if confirmation bias happens.

          There should be a statute of limitations - possibly 10 years after someone reaches the age of majority.

          What does need investigating is the cover-ups by people in authority who deliberately blocked cases at a much earlier time where there was palpable evidence.

          1. Roo
            Windows

            Re: One word

            "What does need investigating is the cover-ups by people in authority who deliberately blocked cases at a much earlier time where there was palpable evidence."

            It does need to happen, but I doubt it will. We are only finding out about the stuff because the accused or the folks blocking investigation are dead or unfit to stand trial.

            Hell the police can tamper with evidence, committing a criminal offence in the process, without any form of punishment or prosecution happening. They really aren't fit for purpose anymore and they should be fired.

      2. Ken 16 Silver badge

        Re: One word

        Yes, at the time of the case, MS backed up their Irish data to the US (AFAIK) but they've (also AFAIK) added a new EU location and no longer do that for the majority of Irish hosted services (there are some outliers).

        On the other hand, Irish resident has data on storage in a private location in Ireland owned/leased by a subsidiary of a US company, ignoring whether it's electronic, should the US be able to seize it without reference to Irish law? Let's say it was his medical records, on paper, in a filing cabinet of the HR dept. of a multinational and the US Govt. thought they might prove use of illegal drugs, would they send the FBI in to grab them (against Irish law)?

      3. Doctor Syntax Silver badge

        Re: One word

        Maybe there's a reasonable time limit to hold backups. If the data is stale so is the backup.

    2. Ken 16 Silver badge
      Trollface

      can't be done

      Ireland pwns all the data (centres).

  6. Adam 1

    Go Microsoft!

    How ridiculous. We aren't talking about data held in some failed state, nor some international drugs supporting pariah state. Ianal and all that, but I am pretty sure that faxing over some appropriately signed paperwork to their peers in Ireland will see a warrant issued and data collected.

    The only beneficiaries of the swings and roundabouts process they are currently following is Microsoft, who for relatively little money get written up across the world as privacy warriors standing up against the man whilst simultaneously slurping all that win 10 keystrokes. But hey, even a stopped clock is right twice a day. go Microsoft.

    1. LDS Silver badge

      "faxing over some appropriately signed paperwork to their peers in Ireland will see a warrant issued and data collected."

      Exactly. What is astonishing in this case is the arrogance of some FBI people and some judges who would like to bypass foreign state sovereignity - even of allies. Very childish behaviour - "I want it and want it now!!", and contempt for the real investigation as well - looks more an attempt to set a precedent.

    2. Old Handle
      Big Brother

      Do the words "Parallel Construction" mean anything to you? Perhaps a foreign court wouldn't be quite as willing to accept that they totally got their lead from a trivial traffic stop (or whatever the internet equivalent is).

  7. Doctor_Wibble
    WTF?

    Yay Microsoft!

    Wait, what?

  8. Velv Silver badge
    Big Brother

    "The battle dates back to 2013, but only came to light in May 2014 when a gag order on the case was lifted."

    The fact the authorities felt the need to hide the case from the public automatically screams that it was subversive and against the public interest.

    1. Doctor Syntax Silver badge

      "The fact the authorities felt the need to hide the case from the public automatically screams that it was subversive and against the public interest."

      Maybe but maybe they didn't want to alert their target. If so it didn't work out for them.

  9. RogerT

    What if this case was the other way around

    I bet the Yanks would be screaming if an Irish court tried the same with an Irish Company to obtain a Yank's emails in a Yankie data centre.

    1. LDS Silver badge

      Re: What if this case was the other way around

      Just like they do whatever they can to avoid US citizens to be taken to trial abroad for crimes committed abroad - even in truly democratic countries - but whenever it's the other way round they want to try foreign citizens for crimes commited in the US.

  10. Alan Mackenzie
    WTF?

    What I don't understand is .....

    .... why the Irish legal system has not got involved. The data are stored within the Jurisdiction of Ireland, and Irish data protection laws apply to it, not USAmerican ones.

    So why hasn't somebody taken out an injunction against the surrender of data in an Irish court?

    Also, why haven't the USA legal officers simply gone through the usual channels (whatever they are) and made a request to the Irish authorities for the data?

    I think there's a lot we don't know about this case.

    1. Anonymous Coward
      Anonymous Coward

      Re: What I don't understand is .....

      My gut feeling on this is that it's a cover, they already have access, we know this, this is just an attempt to give people a false sense of security when using the internet and American companies.

      Microsoft will win this and then people will trust American companies with their data fully again, the gagging order makes this even more plausible, why lift it? The only gain from lifting it is to make people assume a false sense of data security and make Microsoft look like a company looking out for it's users.

      If Microsoft don't win then I'll eat my tin foil hat and post a video.

      1. Anonymous Coward
        Anonymous Coward

        Re: What I don't understand is .....

        If Microsoft don't win then I'll eat my tin foil hat and post a video.

        I'd start finding some cutlery then. From a legal perspective, MS cannot be allowed to win as it creates a dangerous precedent, also for law enforcement - it would, for instance, than have allowed Enron to hide its information in a data centre abroad.

        The only way that MS does not have to comply with the order is if the law itself changes, and that will not happen either because I cannot see the US government give up its reach that quickly. So, you may hope for Microsoft (and others), but what MS et al are asking is something that is so fundamental to US law that I don't think they can win this. They're asking to be exempt from a framework that took decades to get into this state, it's not going to be cleaned up in a couple of months just because it inconveniences Microsoft.

        1. Rabbit80

          Re: What I don't understand is .....

          "I'd start finding some cutlery then. From a legal perspective, MS cannot be allowed to win as it creates a dangerous precedent, also for law enforcement - it would, for instance, than have allowed Enron to hide its information in a data centre abroad."

          Not necessarily. The data in question doesn't actually belong to Microsoft, it belongs to an EU citizen that's resident in an EU country and protected by EU privacy laws. In your Enron example, the data would still have belonged to Enron no matter where it was located.

        2. Anonymous Coward
          Anonymous Coward

          Re: What I don't understand is .....

          Seriously though think of the implications and the lost revenues of American companies. Think about the revenues already lost. We live in a capitalist society where politicians are funded by business.

          Microsoft can and will win this, there isn't really any other option. It may bork US law but if they have access anyway, the information can be used and if the perp is committing crimes by using the data they'll use the police to catch them by other means anyway. e.g. You're a drug dealer as in this case - intercept shipment as you know the when, where and how.

          How is the data held on Microsoft's server going to help them anyway, I mean what drug dealer would use hotmail to facilitate deals? Secondly, for this to have the US government taking MS to court then the perps they are after must be high value targets, why in the land of free would a bonafide Los Pollo's Manager be using hotmail or other Microsoft services to conduct business? They probably don't even use mobile phones....

        3. Doctor Syntax Silver badge

          Re: What I don't understand is .....

          "from a legal perspective, MS cannot be allowed to win as it creates a dangerous precedent,"

          The precedent it would set would be that law enforcement would have to follow the due process which exists for this very purpose. There is an existing method for requesting this information & the authorities chose to ignore it.

          Exactly what is wrong with a precedent that obliges the authorities to follow due process? This year we celebrated the 800th anniversary of the introduction of that concept into English and hence into US law. The US claims that Magna Carta is a valued part of its heritage. The prosecution in this case should be ashamed of themselves.

    2. Anonymous Coward
      Anonymous Coward

      Re: What I don't understand is .....

      " What I don't understand is why the Irish legal system has not got involved." -- Alan Mackenzie

      The amicus brief, referenced and linked in the article, is the total extent to which they can be involved: they are not a party to the case. That is, in effect, the whole point: the US are asking MS to hand over data in a foreign jurisdiction without cooperating with that jurisdiction. To my mind that's a bit like the UK government insisting that UK companies with US presence should give their US workers British employment rights, on the basis that the HQ is in the UK. Ok, that's a bit of a simplification, but I think it's not far off the spot on the outrageous-o-meter.

      1. Ken 16 Silver badge

        Re: What I don't understand is .....

        Although I suppose the Irish government could place an injunction preventing MS from providing the data, meaning that if they did, their Irish employees are criminals and if they didn't their US ones are. Given where their revenues are generated (for tax purposes), they should be more afraid of their Irish operation being penalised.

      2. John Brown (no body) Silver badge

        Re: What I don't understand is .....

        "The amicus brief, referenced and linked in the article, is the total extent to which they can be involved: they are not a party to the case. "

        Yep, that about sums it up. Since the data has not been moved/copied to the US, no Irish laws have been broken. If MS cave and attempt to move that personal data to the US outside the scope of any existing data protection agreements/treaties etc, then MS will immediately be up before an Irish beak for breaking said Irish laws.

  11. julian_n

    Switzerland?

    If this is upheld, no European company with financial data it wants kept out of US jurisdiction can safely use the likes of Amazon, Azure etc ever again.

    The only winners will be Swisscom - who have launched their Swiss-based cloud to counter just this problem.

  12. TimeMaster T

    This is easy

    "... demolish internet user privacy worldwide.. "

    This from the company that brought you the X-Box One, telemetry in Windows 7, 8 and 10 and a OS with a less than stellar record in regard to overall security.

  13. Bladeforce

    No difference

    ...between Windows 10 and the data slurping EULA and the US government. After all Microsoft have a EULA that allows them to slurp any data they want, anywhere and now the US government want it too. Walled gardens or more to the pointproprietary companies are just evil

  14. Dadmin

    F**king Blithering Idiots

    What did the nincompoops at the FBI/NSA/CIA/ASS/HOLES do before the common availability of the Internet to help them spy on everyone in the name of "security" and "whatnot"? Thumbs up their asses? Let's face facts; this is where we are all heading; 1) give up all your data to the "the universe is suddenly our jurisdiction" NSA, or 2) encrypt the shit out of EVERYTHING, especially unnecessary things and let Johnny FBI chew on that crap for a few decades before they try the same stupid bullshit again; "please give us backdoors to everything because we can't pay for real knowledgable people because we're creeps and assholes and generally head's up bums over here."

    Hack my government please! They aren't very bright, and they are mostly evil anyway.

  15. Bear
    Joke

    MS taking legals to another level

    I understand that the Dead Hand in law is a very powerful thing. But M$ have taken it one step further - using a dead lawyer...

  16. Anonymous Coward
    Anonymous Coward

    Don't trust Ireland since it sold its soul politically and morally.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020