DOJ Tells Court That Of Course It Can Go On A Fishing Expedition Globally For Emails Microsoft Stores Overseas
from the because-we're-the-us-gov't-dammit dept
Last month, we wrote about Microsoft challenging the DOJ’s attempt to use the outdated Electronic Communications Privacy Act (ECPA) to go fishing for emails held overseas. As Microsoft rightly noted, a warrant does not apply overseas. A magistrate judge tried to dance around this, saying that a warrant under ECPA is really kinda like a subpoena. But Microsoft points out how insane that is:
This interpretation not only blatantly rewrites the statute, it reads out of the Fourth Amendment the bedrock requirement that the Government must specify the place to be searched with particularity, effectively amending the Constitution for searches of communications held digitally. It would also authorize the Government (including state and local governments) to violate the territorial integrity of sovereign nations and circumvent the commitments made by the United States in mutual legal assistance treaties expressly designed to facilitate cross-border criminal investigations. If this is what Congress intended, it would have made its intent clear in the statute. But the language and the logic of the statute, as well as its legislative history, show that Congress used the word “warrant” in ECPA to mean “warrant,” and not some super-powerful “hybrid subpoena.” And Congress used the term “warrant” expecting that the Government would be bound by all the inherent limitations of warrants, including the limitation that warrants may not be issued to obtain evidence located in the territory of another sovereign nation.
The DOJ has responded to Microsoft’s filing and basically says yeah, whatever, we can take whatever we want, and if it’s overseas, who cares?
Overseas records must be disclosed domestically when a valid subpoena, order, or warrant compels their production. The disclosure of records under such circumstances has never been considered tantamount to a physical search under Fourth Amendment principles, and Microsoft is mistaken to argue that the SCA provides for an overseas search here. As there is no overseas search or seizure, Microsoft?s reliance on principles of extra-territoriality and comity falls wide of the mark.
A bunch of tech and telco companies have all jumped into the case on Microsoft’s side as well, noting that the DOJ’s argument would almost certainly violate data privacy laws in other countries, not to mention piss off governments around the globe. The crux of the argument, as per usual with the DOJ, is that when it wants data, it will twist and twist and twist the laws to enable it to get access to as much data as possible, with as little scrutiny as possible. This is just one of many reasons why we need serious ECPA reform — such that it actually respects the 4th Amendment. But, in this case, it would be nice to have a judge realize that even under such an outdated law, the DOJ’s interpretation is simply out of line.
Filed Under: doj, ecpa, email, jurisdiction, overseas, sca, subpoena, warrant
Companies: microsoft
Comments on “DOJ Tells Court That Of Course It Can Go On A Fishing Expedition Globally For Emails Microsoft Stores Overseas”
It seems they are going to have to learn the hard way. Several countries are already considering tightening up data-sharing laws, such that data stored in one country can’t so easily be transferred to another, if the DOJ pushes too hard on this one, I imagine those laws and changes under consideration will get a lot more attention.
Of course even then I don’t imagine the DOJ will care, they aren’t the ones who will be screwed if they order a company to break the law of another country in order to get some data they want.
Love it, it worked when I was a kid too DOJ
The Nah-ah defence.
What-ever the other party claims, just keep saying “Nah-ah” with your fingers in your ears until they quit and give in.
Records vs. Data
They keep relying on the term records, as in Business Records, which is the normal meaning of that term. Data is quite another creature.
This confusion of terms is on purpose to help the slope get slippyer.
Re: Records vs. Data
We’re going to need to take a look at your analogue electronic data stored in your smart-house.
So to draw this out further...
I guess this begs the question: Why would for-profit companies–that are ultimately interested in keeping their customers data safe–continue to operate centrally in a country that doesn’t respect the privacy of its customers?
It wouldn’t surprise, or phase me, at all, if Google or Microsoft, just up and left the United States as a place of doing business, to preserve this requirement. How will our government justify the potential loss of jobs, tax revenue, and technology, as a result?
Re: So to draw this out further...
Its safe to say, that many companies are already doing this to protect their cash. Look at how many are “merging” with companies from a different country just so they can claim they are part of a different country now.
Re: So to draw this out further...
Create a tariff on them. Call them “unpatriotic companies” (or anything for that matter) because they are domiciled as an alien corporation and charge them an exorbitant percentage to peddle their wares inside the United States.
We have some pretty extensive trade agreements with most countries but there has to be a way to do it. If we can be engaged in armed conflict for decades and still be the good guys we can certainly fuck over “turncoat companies”.
Maybe it is as simple as just asking whatever country they go to for a stipulation (or whatever it is called) that allows for the persecution of traitorous companies.
Re: So to draw this out further...
The EU has refused to take a bid from AT&T if I remember this rightly over fears of US government spying. Germany is ready to make a law that any company doing emails in their country will guaranty that the email data resides within country to avoid both US and British spying. This is not going to get magically better.
At some point these companies are going to look at their bottom lines and decide whether to stay in the US and continue to loose profits or move to another country outside the jurisdiction of the US.
Germany as well as a couple of other EU countries are considering ending the financial data transfers that the US demands for both the IRS and for looking for terrorist financial data. This won’t ease those fears but rather will push it to a head.
I would imagine following that will be the denial of forwarding passenger data to the US. That too will create quite a problem for the US.
While they may stonewall the rest of the way through the Obama term, it won’t be going away as an issue.
Microsoft and the other tech companies are under the mistaken belief that other countries are sovereign. The government has proven time and again that sovereignty means nothing when it comes to what the government wants.
Kill foreigners in their own country; check.
Kill US citizen in foreign country; check.
Spy on foreign governments and their heads; check.
You’re either with us or against us; check (hint: they’re all against us)
Re: Re:
In is YOU under mistaken belief that piece of paper (sovereignty) means anything without means to enforce it.
If your government is weak enough to allow other to come and kill people on your soil – that’s YOUR fault.
>> You’re either with us or against us; check (hint: they’re all against us)
That’s true for any country, USA is not special here, just a big one.
Give it time, justice will come through.
Whether it is next year or 30 years from now, the people damaging our country will face justice for what they have done.
All despotic leaders and their followers have eventually faced a firing squad or the end of a rope.
They all thought they were right and the citizens were wrong. They placed their pocketbooks ahead of their countrymen. They were all eventually judged.
ESI
for beginners like me ESI is Electronically Stored Information (pretty much everything that can be digitized)
Anyway, I thought discovery could include anything a corporation controlled. Am I wrong?
Otherwise wouldn’t Mafia types keep all their information on servers in a place that has ESI/privacy/etc laws like Switzerland’s banking laws.
I love government bashing but I don’t get how it is wrong. Educate me.
Moral of the DOJ story. Don’t do business with companies that have offices open on American soil, if you value your privacy and the privacy of your clients.
Mr Masnick at it again.
Bill Gates, or any of his fellow shysters, can hide hard drives in their arses. If that makes them feel more secure.
It has nothing to do with fact of producing data due to subpoena. Remember, they DO NOT challenge subpoena itself.
If we allow this shit to fly, then any single defendant will just store DATA outside US, and use it to advance criminal activity. Goldman Sucks, can you hear me?
After all, the Feds did not try to seize hard drives. Did they? They asking for data.
Re: Re:
What they’re challenging is the assertion that an ECPA warrant in any way resembles a subpoena. The magistrate judge’s ruling notwithstanding, there doesn’t appear to be any actual legal basis for this claim.
Re: Re:
Re: Re:
So you wont worry when I get a warrant or even a subpoena (they are a LOT easier to obtain) from Australia for ALL information about you that TD holds including but not limited to IP address’s, email logins, etc etc, and under your logic he will HAVE to provide it.
Law vs. Ego
The DOJ has never been an organization to let a few laws (or Constitutional Amendments) stand in the way of their ego.
Interesting
Its interesting how the DOH is pulling out all the stops to find e-mails from Microsoft.
It kind of make you wonder why they aren’t even lifting a finger to try and find the missing IRS e-mails. Hmmmmmmm.
Re: Interesting
Professional courtesy and self-interest. After all, if they investigate the IRS for something, some times down the road the IRS might return the favor.
Maybe...
Microsoft shouldn’t be spending so much money lobbying for stronger copyright protection and building anti-piracy schemes that end up punishing their paying customers, and instead maybe focus some lobbying money on getting some sane privacy laws passed so their customers are actually protected and want to use their software and services.
Priorities of corporations these days seem to be basically “fuck the customers, pander to shareholders” – we’ll see how the shareholders respond when they have no more customers.
At this rate, any American who ever travels to a foreign country will probably be on a list and get watched in the near future.
Who am I kidding. That’s probably how it works already.
Re: Re:
With how the government likes to reinterpret everything’s meanings, it wouldn’t surprise me if they considered the US as foreign soil. After all, it’s foreign to someone.
Re: Re: Re:
Within 100 miles of the US borders it might as well be, given that ‘zone’ is considered a Constitutional Right Free area, where you only have the ‘rights’ they ‘graciously’ grant you.
This "Department of Justice" needs to be shut down
Like “News of the World”, it is rotten to the core and needs to be dismantled. It’s not just that lies, perjury, and unaccountability are time and again happening from the highest positions down, it is systematically treating the laws of the land as something to be gamed rather than upheld.
And that’s something Justice cannot afford. This institution needs to be rebuilt from the ground up until it serves the interests of Justice rather than its own and that of the government.
Long ago and far away...
…when Microsoft established a facility in Canada there was some conjecture that they might redomicile some time there in the future. Might be that time is nigh, although I don’t think it’ll get them much as Canada is also part of the Five Eyes community.
Well, thanks, DoJ!
You now have no excuse to go after others for ‘hacking’ into Microsoft’s servers.
Morons.
Pot Kettle Black?
So when my country issues a court order that requires data from American servers does that mean the DOJ just gonna roll over and play nice?
Sigh! Yea I know, rhetorical question
To be fair, any American company could just host data elsewhere then claim immunity. M$ is clearly a US product and is based in the US, with offices/locations around the world. They’re still a US-based company with their head offices in the US. Americans are also, by far, the biggest consumers of, at least, M$ Windows, if not other products. And in today’s world, it’s not very expensive to host data elsewhere, bandwidth and storage being so cheap.
On the other hand, “screw the law, we make our own as we go along” DOJ need to be stopped. MLATs exist for a reason.