back to article US government wants Microsoft 'Irish email' case reopened

The United States Department of Justice has asked the nation's Second Circuit Court of Appeals to re-open its three-year-old case attempt to have Microsoft hand over e-mails stored on servers in the Republic of Ireland. At the same time, the Department has dropped more than a hint that Google's in the cross-hairs. In July, …

  1. redpawn Silver badge

    Surely they already have it

    Funny how the US government pretends not to have all this data already, having constructed its giant data farms years ago. I guess the pretense of following the legal system will linger for a few more years while constructing a "legal" framework to claim all data worldwide.

    1. Anonymous Coward
      Anonymous Coward

      Re: Surely they already have it

      Funny how the US government pretends not to have all this data already, having constructed its giant data farms years ago

      They have to keep up this pretence to make it appear privacy isn't undermined in the whole country. Making that too visible would put the whole of Silicon Valley at risk and that's not just a lot of money, that's a lot of campaign contributions at risk!

      If you look at the actual substance of Privacy Shield it's clear to see it's but a mirage..

    2. LDS Silver badge

      Re: Surely they already have it

      There's also the evidence issue - you can't use something illegally obtained as an evidence in a court case. It may not be allowed, and you would have exposed your data gathering capability uselessly.

      It may be they have intelligence that the data they need are stored there - but they need an usable evidence and want also a re-usable shortcut to obtain it, fully ignoring the damage to the US image around the world.

    3. Anonymous Coward
      Anonymous Coward

      Re: Surely they already have it

      "but entirely within the control of the U.S.-based company”."

      "As long as you have a US based HQ you'll be at risk from legal leverage: the not unreasonable assumption that you have the control and power to demand data from a subsidiary."

      As I understand it, Microsoft recently spent a lot of effort making sure that data is under local control, and that to get access to data in say Ireland would require the involvement of employees in that jurisdiction. So no longer within the control of a US based company....and If Microsoft US asked an Ireland based employee to do something that broke EU law, they would understandably get refused...The primary purpose of these changes is presumably precisely to prevent such judicial overreach - and to reassure sensitive non US customers.

  2. Ole Juul

    users don't control where data resides?

    Major US-based providers like Google and Yahoo! store a customer’s email content across an ever-changing mix of facilities around the world.

    I've chosen to not use those services and instead opt for a private service which suits my taste. It is a fallacy that users have no control. That would imply that they cannot chose what company they use. Which is wrong.

    1. Paul Crawford Silver badge

      Re: users don't control where data resides?

      Of course, Google, MS, et al could simply offer a user tick-box choice of data centre jurisdiction and side-step that argument.

      But more realistically the best option is not to store any important data on US companies' servers unless you hole the encryption keys. So no web email, etc, where it has to be plain text at the cloud end to access.

      1. Anonymous Coward
        Anonymous Coward

        Re: users don't control where data resides?

        Of course, Google, MS, et al could simply offer a user tick-box choice of data centre jurisdiction and side-step that argument.

        Nope. As long as you have a US based HQ you'll be at risk from legal leverage: the not unreasonable assumption that you have the control and power to demand data from a subsidiary, even if that puts the subsidiary at odds with the law in the country of operation (that neatly happens to your problem, not the DoJ's). It's exactly that legal theory that drives the recent revival of the US DoJ demand of data from Microsoft Ireland, and that makes the location of your data pretty irrelevant (as a slight aside, placing your data abroad is not helping either because you can be asked locally to provide that data - it doesn't automatically become untouchable because you pushed it elsewhere, it takes a bit more).

        This leverage risk is also the subject of frankly an astonishing amount of lobbying in Brussels. US companies, especially the bigger ones, have been aware of this problem for years (well before Snowden et al). There is nothing that scares them more than customers becoming too aware of this because it would substantially impact their ability to sell into Europe.

        1. doke

          Re: users don't control where data resides?

          These large multinationals have billions in cash reserves. Why don't they buy an island, make their own country, and move their HQs there?

          1. Anonymous Coward
            Anonymous Coward

            Re: users don't control where data resides?

            These large multinationals have billions in cash reserves. Why don't they buy an island, make their own country, and move their HQs there?

            Because that simply moves the issue to the next problem: ownership leverage. You really do not want anyone with a US passport of US based assets near an organisation protecting secrets, harsh as that may appear to be.

            It's not the passport holders that are the problem, but their government's enthusiasm to abuse any hold it has over companies, people and resources. It appears that nothing is off limits when they decide they either have the thinnest of justification or the means to enforce secrecy :(.

          2. Adam 1

            Re: users don't control where data resides?

            > Why don't they buy an island, make their own country, and move their HQs there?

            Yes, you can host with Oracle if you like.

    2. Hans 1

      Re: users don't control where data resides?

      >I've chosen to not use those services and instead opt for a private service which suits my taste.

      Yes, you work in IT ... d'oh! Joe Public cannot ...

      1. sabroni Silver badge

        Re: I've chosen to not use those services

        So for the purposes of this argument not a user. We're specifically talking about users of MS email services. Surely even the Merkins wouldn't expect to legally get MS to raid your personal email server...

        1. Doctor Syntax Silver badge

          Re: I've chosen to not use those services

          "Surely even the Merkins wouldn't expect to legally get MS to raid your personal email server."

          They might expect MS to raid your email client if it's running on W10.

      2. Doctor Syntax Silver badge

        Re: users don't control where data resides?

        "Yes, you work in IT ... d'oh! Joe Public cannot."

        Not true. For one thing most ISPs offer en email service. Of course that's not ideal either as it makes flitting between ISPs more inconvenient than having a separate email provider. It takes a minimal effort to find a 3rd party provider as soon as you get over the idea that you might have to pay for such a service.

  3. J. R. Hartley

    Bollocks

    America needs to wind its neck in.

  4. GrumpyKiwi

    From recollection, it's not that the US govt can't get hold of the emails, it's that they would have to go via the Irish government and the mutual assistance legal agreement they have. Which means plenty of paperwork and getting it right with t's crossed and i's dotted and other such things that your typically lazy bureaucrat doesn't want to do.

    1. Phil Kingston

      is it not more about setting a precedent whereby feds can just slap one warrant on a US company and force it to hand over data wherever that company has placed it, without having to deal with legal treaties for other countries?

      same overreach though.

    2. Anonymous Coward
      Anonymous Coward

      They have to have a case

      Not just that. In order to use the any of the legal assistance treaties they have to have a case.

      They cannot just go on a random fishing expedition protected by a gag order and approved by a kangaroo court.

    3. Doctor Syntax Silver badge

      "Which means plenty of paperwork and getting it right with t's crossed and i's dotted and other such things that your typically lazy bureaucrat doesn't want to do."

      It also means having to provide a pro facie case. Either they didn't have that or were too secretive to put it forward.

  5. Notas Badoff

    Worried about seizures?

    Since the "Tired of fog? Try the frogs!" campaign illustrates that it is _possible_ for a government have "nous now", can we hope that some EU country will propose a special economic zone for IT companies, which combines both taxes and data in their definition of "none of our business"?

    Relocate the headquarters to Luxembourg, say, and you've solved your monetary headaches and forever declared independence from arbitrary government interference. In fact, bull-headed short-sighted government actions may be cited in the future as the reason multinationals became supranationals, beyond any governments' control.

    Which country do you think will be first to establish a SEIZ or SIIEZ?

    The charming euphemism is rather obvious, appropriate both for the companies tired of being screwed in all the wrong ways, *and* the former host countries experiencing sudden turnabouts - SITZ

  6. KjetilS

    What happens the day China takes a leaf out of USA's playbook and demands that the Chinese subsidiary of Boeing gives them information located at the US office of Boeing? Would USA still think this is a good idea?

    1. Anonymous Coward
      Anonymous Coward

      What happens the day China takes a leaf out of USA's playbook and demands that the Chinese subsidiary of Boeing gives them information located at the US office of Boeing? Would USA still think this is a good idea?

      Of course. Whatever the US does is by default always good and serves The Free World (stop laughing, they really believe this). Whatever China does is always bad, even if it merely copies the US, be it economic espionage or rendition, and they will always make "victims" instead of "collateral damage".

      /snark

    2. LDS Silver badge

      While a subsidiary request could be refused by the HQ, think what would happen if a foreign-owned US company on US soil would be asked to hand data about US citizens by the owner's foreign country, with the same arguments used by the DoJ. Say for example the European authorities tells FCA, to hand data about someone at Chrysler... or Finmeccanica about someone or something at DRS (which is also a defense suppliers).

      Guess you would see any US politician enter full "Trump-mode". Guess people at DoJ should look for psychiatric help, they entered a megalomaniac stage.

  7. LDS Silver badge

    If the DoJ wants access to US citizen data...

    ... it has to force them (and the company managing them) to store those data on US soil only - if that's constitutional.

    I can't really see how the DoJ can have access to data managed by US companies (or their foreign branches) and stored elsewhere, without colliding with many jurisdictions abroad.

    Anyway, this way the DoJ is nailing the coffin of any treaty between US and and foreign countries regarding non US data stored by a US company.

    Good my cloud provider (not a US one) lets me choose where my servers are run from.

    1. Anonymous Coward
      Anonymous Coward

      Re: If the DoJ wants access to US citizen data...

      If the DoJ wants access to US citizen data it has to force them (and the company managing them) to store those data on US soil only - if that's constitutional.

      I can't really see how the DoJ can have access to data managed by US companies (or their foreign branches) and stored elsewhere, without colliding with many jurisdictions abroad.

      Incorrect. This is why US tech companies avoid mentioning legal issues - they KNOW they have a problem, and it's not one that can be fixed overnight.

  8. Anonymous Coward
    Anonymous Coward

    Soon the only thing America will be trusted with will be High Speed pizza delivery.

    1. Anonymous Coward
      Anonymous Coward

      Soon the only thing America will be trusted with will be High Speed pizza delivery.

      Are you sure they can be trusted with that?

      1. Anonymous Coward
        Anonymous Coward

        SPLAT

        Nope.

        1. Anonymous Coward
          Anonymous Coward

          It just needs to arrive, it doesn't need to be pretty. Can't deliver piping hot 'za from Mexico to Washington in 30 minutes. Not yet.

    2. LDS Silver badge

      Sorry, I never trusted American pizza - another thing they believe they knew more than the original makers, and turned into an ugly mess by megalomania.

      1. Anonymous Coward
        Anonymous Coward

        Sorry, I never trusted American pizza - another thing they believe they knew more than the original makers, and turned into an ugly mess by megalomania.

        As someone who has spent FAR too many times scoffing the yummie real thing in Siena, I agree.

        On the plus side, it's still less controversial than paella :).

  9. Doctor Syntax Silver badge

    "In its new filing, the DoJ focuses not on where the data is stored, but who controls it."

    Neither seems to be the appropriate issue. The issue should be whose data it is. For email the data belongs to the user. The controller of the server on which is resides is simply the trustee and messing about with the law governing trusteeship could severely damage your entire financial system.

  10. JaitcH
    WTF?

    In theory, MS is claiming the data disclosure is governed by Irish law ...

    therefore, I wonder, why doesn't a little canary send off an e-mail to the intended DOJ victim saying Uncle Sam wants to look at your stuff? After all, National Security Letters only apply to US jurisdiction and if one US law is challenged, why not this?

    The e-mail owner could then delete his account, and then MS could say: "Too late!"?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022