back to article Microsoft legal eagle explains why the Irish Warrant Fight covers your back

Microsoft thinks its litigation against the US government to protect your data is far more important than the Schrems case. And that was pretty big. What’s it all about? The so-called “Irish warrant” case challenges Uncle Sam in areas it isn’t used to feeling any discomfort – and it encompasses far more data. So let’s hear the …

  1. Anonymous Coward
    Anonymous Coward

    Oh, the irony

    Just that.

  2. 2460 Something

    Pleasantly surprised by Microsoft on this one. Although, in many respects, it is just a marketing play to say 'You can trust us'. At least this time it is working in the favour of the end-user.

    1. Christian Berger

      The question is... much they are actually doing and how much that actually helps. I mean Microsoft can fight cooperating with secret services as much as they want to, but it's of no use to me if their systems are already back doored. After all it's moderately simple to tap fibres and encryption on a 10 Gigabit level is not trivial.

  3. Anonymous Coward
    Anonymous Coward

    Dear MS

    Trying to placate the multitudes of users you have roundly pissed off with your incessant W10 tactics isn't going to cut much mustard in the "we value your privacy" argument.

    1. Roland6 Silver badge

      Re: Dear MS

      It is in your interest to placate the multitudes of users of your products; you'll be needing them to pay the legal bills.

    2. veti Silver badge

      Re: Dear MS

      That's... not really related, is it?

      Microsoft is a good company to be carrying this fight, they have deep pockets and good connections, and they are - as mentioned in TFA - no longer as cosily in bed with the US .gov as Google. (Not even gonna comment on Amazon.) I'm happy to applaud them on this, even while I fight off Windows 10 on my machines.

  4. Anonymous Coward
    Anonymous Coward

    We need end to end encryption, and fast

    Look, Microsoft argues this and that, and all of this is irrelevant. USA already has laws to grab all data and if it didn't it will adjust its laws to obtain the maximum amount of data it can from Microsoft. Prior to Snowden this was *everything*, do you think they'd settle for less now?

    So the whole worlds data will belong to the USA.

    But Microsoft is *everywhere* and other countries have put the same laws in place, UK has been grabbing mass data in secret and China is the latest to add the law to force companies to hand over their keys. So Microsoft will be required to hand over the keys to any data it holds and has access to, to any territory it operates in.

    If UK didn't restrict itself to spying on Brits, do you think China will only spy on Chinese using these laws? Why would you think that? Wishful thinking?

    Do you think Microsoft is American so it will only spy for Americans? Does it also pay its full whack of US taxes, while eating apple pie, and singing the star spangled banner? No?

    So Microsoft can't be allowed to hold those keys, we need solid end to end encryption and we need it fast. That idiot May revealed the mass surveillance in November, so time is pressing!

    And don't let 'idiot' ban end to end encryption either. If UK can't end to end encrypt (because the UK forces companies to hand over unencrypted copies, meaning they have to hold a key), and other countries CAN end to end encrypt, it follows our secrets will be handed to them, and theirs won't be handed to us.

    So this legal fight is a show, a meaningless show.

    Solid, technical protections for private data are needed *NOW* urgently!

    1. Velv
      Black Helicopters

      Re: We need end to end encryption, and fast

      Define "end to end encryption". Because I guarantee if you ask 100 experts you'll get 100 varied answers.

      There are existing applications provide a form of end to end encryption to varying degrees. There are even some standards for those individual communications. But today, they are not integrated, and are not pervasive and unified across platforms and applications. And call me cynical, they won't be quickly.

      So sadly, for now, we need the likes of Microsoft to take this type of stand. It may only delay legislation but it does buy us the time to get the right types of secured unified communications in place properly.

      1. Paul Hovnanian Silver badge

        Re: We need end to end encryption, and fast

        "Define 'end to end encryption'."

        It's defined and agreed upon by the people sitting at the two ends. Everyone in the middle just sees a binary blob go by. And that's all they need to see.

      2. Anonymous Coward

        Re: We need end to end encryption, and fast

        "Define "end to end encryption". Because I guarantee if you ask 100 experts you'll get 100 varied answers."

        No. You'll get various renditions of just two answers.

        1) Independent/academic experts: "One end to the other"

        2) Government (*INCLUDING* the quasi-independent standards bodies) experts: " 'Ere mate, you'll be wanting this hideous opaque kludge wot I've loving fashioned from clods of Swiss cheese and old rusty colanders and certified especially for you. Crypto is hard."

  5. Destroy All Monsters Silver badge

    These DOJ guys really come with dim-light arguments...

    Sounds like a random "Smoking Mushroom" argument all over again.

  6. allthecoolshortnamesweretaken

    The access without warrant after 180 days thing is news to me.

    1. choleric

      That little gem has been public for a while (a few years) but I can't remember exactly when it first hit the headlines. It's essentially about the distinction between "mail" and a "database record".

      1. Doctor Syntax Silver badge

        'It's essentially about the distinction between "mail" and a "database record"'

        Not quite. It's about the distinction between a company's records and something the company is holding on someone else's behalf.

        It seems to be a very dangerous path to follow. If it's upheld in law that a record that's held on someone else's behalf is part of the companies records then it effectively destroys the business of any trustee business and a good deal of the business of any safe deposit business because both of them are holding other people's records which they should not be treating as their own.

        Consider how this could go wrong. A trustee is holding records, say share certificates, on behalf of clients. The trustee company goes into administration or liquidation. What should happen is that the certificates are returned to the clients as they're the owners. If they can be treated as records of the trustee the administrator or liquidator could then take charge of them in the same way as they could take any other records and deal with them as they please and either use them as collateral to borrow against or sell them.

        I see no objection in the US demanding any of Microsoft's records wherever they might be held. It's simply that email or any other data of Microsoft's customers shouldn't be included in that.

        One has to wonder why the US doesn't use the MLAT. Didn't the official concerned know it existed, was too lazy to use it or just decided to throw his weight around? Or wasn't there sufficient prima facie evidence to ask for a warrant in an Irish court? Or did they have sufficient evidence but were just being too secretive to present it?

        1. Vimes

          @doctor syntax

          One has to wonder why the US doesn't use the MLAT.

          If memory serves the words used at the time by those in charge of the case was that the process involved in using the MLAT was 'too slow and cumbersome'.

          1. h4rm0ny

            Re: @doctor syntax

            >>"using the MLAT was 'too slow and cumbersome'."

            Due process is always slow and cumbersome compared to just doing whatever the Hell you want without consent.

            1. Vimes

              Re: @doctor syntax

              From what I hear going through the MLAT process can sometimes take up to a year. I still wouldn't support the idea of ignoring the MLAT in any sort of routine way, but that sort of delay would certainly show why they're keen to avoid it.

              Of course some might suggest the best solution is to reform the processes used when making requests that involve using MLATs, but nobody seems to be interested in that.

    2. Velv

      In the good old days of downloading to a local store and removing from the central store this might have been measurable and enforceable.

      Where we continue to store online as well as local, we might have a problem.

      Does the clock stop permanently after the first access to each item?

      Do we need to actively access the online version at least once every 180 days?

  7. Vimes

    Wait a minute...

    He's trying to give the impression that they can't access files ('They’re not ours. We don’t have access to them') but at the same time appear to support MLATs?

    For MLATs to have any meaning Microsoft would have to be both able and - in some cases at least - willing to access that data he claims they never touch in order to comply with any request made under the auspices of said MLAT.

    1. Roland6 Silver badge

      Re: Wait a minute...

      I would tend to agree and didn't MegaUpload try a similar defense to “These are the private communications of our customers. They’re not ours. We don’t have access to them. We don’t want access to them,” and lost in part because there was evidence that they did have some access to their customers data and used it for business purposes...

      1. Destroy All Monsters Silver badge

        Re: Wait a minute...

        They are as much "business records" as the letters you sent via postal services are "business records" of FedEx. Yes, FedEx can intercept them lawfully if a US court order is given and we are on the US HEIMLAND!, but otherwise, the US can go fuck itself.

        1. tom dial Silver badge

          Re: Wait a minute...

          The part of the law in question (18 USC 2703 (b)) seems to have nothing to do with business records and everything to do with the communications of the users of computing services. In short, it is about the data. A different section (c) addresses metadata.

          It also has nothing to do with interception of data in transit, but with data at rest in commercial facilities.

  8. Quortney Fortensplibe
    Thumb Up

    I've Said it Before and I'll Say it Again

    I have no love for Microsoft whatsoever. But, in this instance I say, fair play to them.

    "...Michael Olmsted .... said he thought it was hypocritical that the Irish government supported the warrant..."

    Though not a surprise to anyone. If you think the UK's sycophantic and supine attitude to the US is nauseating, don't ever travel to Ireland. Their puke-making adoration of all things American positively makes the Brits look like they're playing hard to get.

    1. Youngone Silver badge

      Re: I've Said it Before and I'll Say it Again

      If you think the Irish are sycophantic lackeys, you should see the New Zealand Prime Minister.

      He owns a holiday place in Hawaii, so gets a round of golf with Barak every now and then.

      This earns the US whatever they want. Key's not only a whore, he's a cheap one.

    2. Kurt Meyer

      Re: I've Said it Before and I'll Say it Again

      I must say I have not seen much evidence of a "sycophantic and supine attitude to the US" in Englishmen of my acquaintance. Perhaps it's a phenomenon that exists only at Number 10?

      On the other hand, an attitude of condescension, ranging from smug to sneering, towards "Johnny Foreigner" in general, and Americans in particular, seems so common in the English as to be part of their genetic code. I find this to be much less prevalent among the Scots and the Welsh.

      The Irish? The Irishmen I know approve of some things about the USA, and disapprove of others. Admire some and do not admire others. Certainly not "puke-making adoration of all things American". Are you sure they weren't just taking the mickey? There are few better ways to wind a fellow up than to praise that which he holds in contempt.

      1. dogged

        Re: I've Said it Before and I'll Say it Again

        @Kurt - I think the OP referred to government attitudes, not individual attitudes.

  9. Richard 12 Silver badge

    So Russia can demand Amazon Russia hand over the CIA

    Same thing, right?

  10. Rol

    I'm confused

    So, the bad boys of IT are now the good guys and the world's police are criminals hiding behind some rabid legislation and only ISIS can offer a secure home for your emails, but that'll get you imprisoned, so some hacking group might jump in and save the day, but the worlds police are after them as well, and the journalists that would normally be reporting on these horrors to the masses are too busy intercepting your conversations for lurid and salacious headlines to bother.

    Please tell me there's another planet out there near Pluto where everyone is looking on and laughing their lungs up at "Earth, The Final Daze"

    1. Crazy Operations Guy

      Re: I'm confused

      We really need to build an A, B, and C ark, except we'd leave the B ark on earth and let the politicians and other useless cruft to argue over scraps of a dying planet while we build a new one correctly from the ground-up.

    2. cbars

      Re: I'm confused

      I'm sad mate.

      I've been thinking of writing a short book about how computers and the internet works, for my niece. I think I've just finished it:

      Don't bother. Get into sport or politics: get money, power and zero stress or accountability.

    3. Doctor Syntax Silver badge

      Re: I'm confused

      Why be confused. It's not news, it's been going on since before the W10 data grab and there's no conflict in Microsoft's position.

      They want to build a cloud business because they see value in it and if this succeeds it will be an obstacle to that so they're fighting it.

      They see a value in having W10 slurp data so they're doing that. This does run a similar risk of putting off customers but they probably reckon that by making it increasingly hard for users to avoid W10 they'll get away with it.

      In each case they're doing what they think will profit them. You didn't think one case involved altruism did you?

      1. Kurt Meyer
        Thumb Up

        Re: I'm confused

        "In each case they're doing what they think will profit them. You didn't think one case involved altruism did you?"

        @Doctor Syntax - Thank you for stating this in such a clear and concise manner. Perhaps those posters fluttering on about "The irony" will begin to understand that Microsoft (and almost every other corporation for that matter), are in the business of making money, in any way they can.

  11. Christian Berger

    Why don't they make an actual step forward...

    ... for example by including PGP/GPG by default in Outlook, and have it work in an opportunistic encryption mode. Simply have it generate a key on installation, sign every outgoing mail by default, attach the public key of outgoing mail by default and store every incoming public key. If you have the public key of your peer, simply use it for encryption by default.

    Just make Outlook act reasonably by default and we'd have a big step forward. Once one of the big actors start doing so, the whole ecosystem will shift.

    1. h4rm0ny

      Re: Why don't they make an actual step forward...

      Because the majority of Outlook users would scream blue murder the first time they went to a new PC / laptop / phone and found that all their emails were lost to them.

      Don't get me wrong - I'm very in favour of encrypted emails being the default if we can figure out how to make it error-proof. But Outlook already supports encrypted emails out of the box. You can also get a GPG plug-in for it. Talking about turning it on by default though, is a whole other can of worms. It's fine if you're Enterprise and you have an IT team taking care of certificate management for you. But in this case, they can already configure it to on. If you're suddenly throwing it at home users - there are difficult issues to solve with that.

      1. Christian Berger

        Re: Why don't they make an actual step forward...

        Uhm... you do realize that, particularly since Outlook parses and reformats e-mail anyhow (it's not like they are using Maildir or something), they can easily just decrypt any received mail the first time you open it.

        Yes, you can get GPG plug-ins, but that's not the point. Encryption must be as simple as possible to use, adding extra, completely unnecessary steps like installing plug-ins is hot helpful.

  12. BobChip
    Big Brother

    Double standards?

    While I am no fan of Microsoft - I don't use their products - I do applaud their decision to fight. It does not matter whether they are acting out of commercial self-interest or not - a win for MS would benefit all of us. (Until of course the US Government rewrites the rules to restore what they would like to see as their global hegemony, that is.)

    But it seems to me that there are two sets of standards being applied here. Microsoft are saying "By design we tell customers it is yours, we’re not going to access your data." In other words, if we hold your data on one of our servers it will be treated as private and will be secure. We won't look. On the other hand, if your data is held on YOUR local PC, which just happens to be running one of our operating systems, our EULA reserves to us the right to gather the same data for our own purposes.

    That's moral consistency for you.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like