Microsoft legal eagle explains why the Irish Warrant Fight covers your back Microsoft thinks its litigation against the US government to protect your data is far more important than the Schrems case. And that was pretty big. What’s it all about? The so-called “Irish warrant” case challenges Uncle Sam in areas it isn’t used to feeling any discomfort – and it encompasses far more data. So let’s hear the …
...how much they are actually doing and how much that actually helps. I mean Microsoft can fight cooperating with secret services as much as they want to, but it's of no use to me if their systems are already back doored. After all it's moderately simple to tap fibres and encryption on a 10 Gigabit level is not trivial.
That's... not really related, is it?
Microsoft is a good company to be carrying this fight, they have deep pockets and good connections, and they are - as mentioned in TFA - no longer as cosily in bed with the US .gov as Google. (Not even gonna comment on Amazon.) I'm happy to applaud them on this, even while I fight off Windows 10 on my machines.
Look, Microsoft argues this and that, and all of this is irrelevant. USA already has laws to grab all data and if it didn't it will adjust its laws to obtain the maximum amount of data it can from Microsoft. Prior to Snowden this was *everything*, do you think they'd settle for less now?
So the whole worlds data will belong to the USA.
But Microsoft is *everywhere* and other countries have put the same laws in place, UK has been grabbing mass data in secret and China is the latest to add the law to force companies to hand over their keys. So Microsoft will be required to hand over the keys to any data it holds and has access to, to any territory it operates in.
If UK didn't restrict itself to spying on Brits, do you think China will only spy on Chinese using these laws? Why would you think that? Wishful thinking?
Do you think Microsoft is American so it will only spy for Americans? Does it also pay its full whack of US taxes, while eating apple pie, and singing the star spangled banner? No?
So Microsoft can't be allowed to hold those keys, we need solid end to end encryption and we need it fast. That idiot May revealed the mass surveillance in November, so time is pressing!
And don't let 'idiot' ban end to end encryption either. If UK can't end to end encrypt (because the UK forces companies to hand over unencrypted copies, meaning they have to hold a key), and other countries CAN end to end encrypt, it follows our secrets will be handed to them, and theirs won't be handed to us.
So this legal fight is a show, a meaningless show.
Solid, technical protections for private data are needed *NOW* urgently!
Define "end to end encryption". Because I guarantee if you ask 100 experts you'll get 100 varied answers.
There are existing applications provide a form of end to end encryption to varying degrees. There are even some standards for those individual communications. But today, they are not integrated, and are not pervasive and unified across platforms and applications. And call me cynical, they won't be quickly.
So sadly, for now, we need the likes of Microsoft to take this type of stand. It may only delay legislation but it does buy us the time to get the right types of secured unified communications in place properly.
"Define "end to end encryption". Because I guarantee if you ask 100 experts you'll get 100 varied answers."
No. You'll get various renditions of just two answers.
1) Independent/academic experts: "One end to the other"
2) Government (*INCLUDING* the quasi-independent standards bodies) experts: " 'Ere mate, you'll be wanting this hideous opaque kludge wot I've loving fashioned from clods of Swiss cheese and old rusty colanders and certified especially for you. Crypto is hard."
'It's essentially about the distinction between "mail" and a "database record"'
Not quite. It's about the distinction between a company's records and something the company is holding on someone else's behalf.
It seems to be a very dangerous path to follow. If it's upheld in law that a record that's held on someone else's behalf is part of the companies records then it effectively destroys the business of any trustee business and a good deal of the business of any safe deposit business because both of them are holding other people's records which they should not be treating as their own.
Consider how this could go wrong. A trustee is holding records, say share certificates, on behalf of clients. The trustee company goes into administration or liquidation. What should happen is that the certificates are returned to the clients as they're the owners. If they can be treated as records of the trustee the administrator or liquidator could then take charge of them in the same way as they could take any other records and deal with them as they please and either use them as collateral to borrow against or sell them.
I see no objection in the US demanding any of Microsoft's records wherever they might be held. It's simply that email or any other data of Microsoft's customers shouldn't be included in that.
One has to wonder why the US doesn't use the MLAT. Didn't the official concerned know it existed, was too lazy to use it or just decided to throw his weight around? Or wasn't there sufficient prima facie evidence to ask for a warrant in an Irish court? Or did they have sufficient evidence but were just being too secretive to present it?
From what I hear going through the MLAT process can sometimes take up to a year. I still wouldn't support the idea of ignoring the MLAT in any sort of routine way, but that sort of delay would certainly show why they're keen to avoid it.
Of course some might suggest the best solution is to reform the processes used when making requests that involve using MLATs, but nobody seems to be interested in that.
In the good old days of downloading to a local store and removing from the central store this might have been measurable and enforceable.
Where we continue to store online as well as local, we might have a problem.
Does the clock stop permanently after the first access to each item?
Do we need to actively access the online version at least once every 180 days?
Wait a minute...
He's trying to give the impression that they can't access files ('They’re not ours. We don’t have access to them') but at the same time appear to support MLATs?
For MLATs to have any meaning Microsoft would have to be both able and - in some cases at least - willing to access that data he claims they never touch in order to comply with any request made under the auspices of said MLAT.
I would tend to agree and didn't MegaUpload try a similar defense to “These are the private communications of our customers. They’re not ours. We don’t have access to them. We don’t want access to them,” and lost in part because there was evidence that they did have some access to their customers data and used it for business purposes...
The part of the law in question (18 USC 2703 (b)) seems to have nothing to do with business records and everything to do with the communications of the users of computing services. In short, it is about the data. A different section (c) addresses metadata.
It also has nothing to do with interception of data in transit, but with data at rest in commercial facilities.
I have no love for Microsoft whatsoever. But, in this instance I say, fair play to them.
"...Michael Olmsted .... said he thought it was hypocritical that the Irish government supported the warrant..."
Though not a surprise to anyone. If you think the UK's sycophantic and supine attitude to the US is nauseating, don't ever travel to Ireland. Their puke-making adoration of all things American positively makes the Brits look like they're playing hard to get.
If you think the Irish are sycophantic lackeys, you should see the New Zealand Prime Minister.
He owns a holiday place in Hawaii, so gets a round of golf with Barak every now and then.
This earns the US whatever they want. Key's not only a whore, he's a cheap one.
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11180860
I must say I have not seen much evidence of a "sycophantic and supine attitude to the US" in Englishmen of my acquaintance. Perhaps it's a phenomenon that exists only at Number 10?
On the other hand, an attitude of condescension, ranging from smug to sneering, towards "Johnny Foreigner" in general, and Americans in particular, seems so common in the English as to be part of their genetic code. I find this to be much less prevalent among the Scots and the Welsh.
The Irish? The Irishmen I know approve of some things about the USA, and disapprove of others. Admire some and do not admire others. Certainly not "puke-making adoration of all things American". Are you sure they weren't just taking the mickey? There are few better ways to wind a fellow up than to praise that which he holds in contempt.
So, the bad boys of IT are now the good guys and the world's police are criminals hiding behind some rabid legislation and only ISIS can offer a secure home for your emails, but that'll get you imprisoned, so some hacking group might jump in and save the day, but the worlds police are after them as well, and the journalists that would normally be reporting on these horrors to the masses are too busy intercepting your conversations for lurid and salacious headlines to bother.
Please tell me there's another planet out there near Pluto where everyone is looking on and laughing their lungs up at "Earth, The Final Daze"
Why be confused. It's not news, it's been going on since before the W10 data grab and there's no conflict in Microsoft's position.
They want to build a cloud business because they see value in it and if this succeeds it will be an obstacle to that so they're fighting it.
They see a value in having W10 slurp data so they're doing that. This does run a similar risk of putting off customers but they probably reckon that by making it increasingly hard for users to avoid W10 they'll get away with it.
In each case they're doing what they think will profit them. You didn't think one case involved altruism did you?
"In each case they're doing what they think will profit them. You didn't think one case involved altruism did you?"
@Doctor Syntax - Thank you for stating this in such a clear and concise manner. Perhaps those posters fluttering on about "The irony" will begin to understand that Microsoft (and almost every other corporation for that matter), are in the business of making money, in any way they can.
... for example by including PGP/GPG by default in Outlook, and have it work in an opportunistic encryption mode. Simply have it generate a key on installation, sign every outgoing mail by default, attach the public key of outgoing mail by default and store every incoming public key. If you have the public key of your peer, simply use it for encryption by default.
Just make Outlook act reasonably by default and we'd have a big step forward. Once one of the big actors start doing so, the whole ecosystem will shift.
Because the majority of Outlook users would scream blue murder the first time they went to a new PC / laptop / phone and found that all their emails were lost to them.
Don't get me wrong - I'm very in favour of encrypted emails being the default if we can figure out how to make it error-proof. But Outlook already supports encrypted emails out of the box. You can also get a GPG plug-in for it. Talking about turning it on by default though, is a whole other can of worms. It's fine if you're Enterprise and you have an IT team taking care of certificate management for you. But in this case, they can already configure it to on. If you're suddenly throwing it at home users - there are difficult issues to solve with that.
Uhm... you do realize that, particularly since Outlook parses and reformats e-mail anyhow (it's not like they are using Maildir or something), they can easily just decrypt any received mail the first time you open it.
Yes, you can get GPG plug-ins, but that's not the point. Encryption must be as simple as possible to use, adding extra, completely unnecessary steps like installing plug-ins is hot helpful.
While I am no fan of Microsoft - I don't use their products - I do applaud their decision to fight. It does not matter whether they are acting out of commercial self-interest or not - a win for MS would benefit all of us. (Until of course the US Government rewrites the rules to restore what they would like to see as their global hegemony, that is.)
But it seems to me that there are two sets of standards being applied here. Microsoft are saying "By design we tell customers it is yours, we’re not going to access your data." In other words, if we hold your data on one of our servers it will be treated as private and will be secure. We won't look. On the other hand, if your data is held on YOUR local PC, which just happens to be running one of our operating systems, our EULA reserves to us the right to gather the same data for our own purposes.
That's moral consistency for you.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
