Court Says Who Cares If Ireland Is Another Country, Of Course DOJ Can Use A Warrant To Demand Microsoft Cough Up Your Emails
from the say-what-now? dept
A NY judge has ruled against Microsoft in a rather important case concerning the powers of the Justice Department to go fishing for information in other countries — and what it means for privacy laws in those countries. As you may recall, back in April, we wrote about a magistrate judge first ruling that the DOJ could issue a warrant demanding email data that Microsoft held overseas, on servers in Dublin, Ireland. Microsoft challenged that, pointing out that you can’t issue a warrant in another country. However, the magistrate judge said that this “warrant” wasn’t really a “warrant” but a “hybrid warrant/subpoena.” That is when the DOJ wanted it to be like a warrant, it was. When it wanted it to be like a subpoena, it was.
Microsoft fought back, noting that the distinction between a warrant and a subpoena is a rather important one. And you can’t just say “hey, sure that’s a warrant, but we’ll pretend it’s a subpoena.” As Microsoft noted:
This interpretation not only blatantly rewrites the statute, it reads out of the Fourth Amendment the bedrock requirement that the Government must specify the place to be searched with particularity, effectively amending the Constitution for searches of communications held digitally. It would also authorize the Government (including state and local governments) to violate the territorial integrity of sovereign nations and circumvent the commitments made by the United States in mutual legal assistance treaties expressly designed to facilitate cross-border criminal investigations. If this is what Congress intended, it would have made its intent clear in the statute. But the language and the logic of the statute, as well as its legislative history, show that Congress used the word “warrant” in ECPA to mean “warrant,” and not some super-powerful “hybrid subpoena.” And Congress used the term “warrant” expecting that the Government would be bound by all the inherent limitations of warrants, including the limitation that warrants may not be issued to obtain evidence located in the territory of another sovereign nation.
The Government’s interpretation ignores the profound and well established differences between a warrant and a subpoena. A warrant gives the Government the power to seize evidence without notice or affording an opportunity to challenge the seizure in advance. But it requires a specific description (supported by probable cause) of the thing to be seized and the place to be searched and that place must be in the United States. A subpoena duces tecum, on the other hand, does not authorize a search and seizure of the private communications of a third party. Rather. it gives the Government the power to require a person to collect items within her possession, custody, or control, regardless of location, and bring them to court at an appointed time. It also affords the recipient an opportunity to move in advance to quash. Here, the Government wants to exploit the power of a warrant and the sweeping geographic scope of a subpoena, without having to comply with fundamental protections provided by either. There is not a shred of support in the statute or its legislative history for the proposition that Congress intended to allow the Government to mix and match like this. In fact, Congress recognized the basic distinction between a warrant and a subpoena in ECPA when it authorized the Government to obtain certain types of data with a subpoena or a “court order,” but required a warrant to obtain a person’s most sensitive and constitutionally protected information — the contents of emails less than 6 months old.
The DOJ hit back earlier this month by basically saying, “yeah, whatever, let’s pretend it’s a subpoena and give us what we want already.”
Overseas records must be disclosed domestically when a valid subpoena, order, or warrant compels their production. The disclosure of records under such circumstances has never been considered tantamount to a physical search under Fourth Amendment principles, and Microsoft is mistaken to argue that the SCA provides for an overseas search here. As there is no overseas search or seizure, Microsoft?s reliance on principles of extra-territoriality and comity falls wide of the mark.
Unfortunately, it appears that the judge just went with the DOJ’s reasoning — though, immediately stayed the ruling since Microsoft made it clear it plans to appeal. Judge Loretta Preska basically just upheld the magistrate judge’s ruling that Microsoft could, in fact, be compelled to hand over data held overseas via a warrant under ECPA, the Electronic Communications and Privacy Act (which we’ve already noted has tremendous problems and needs to be reformed).
Beyond the problems this has for the 4th Amendment in the US, it’s also going to create a mess in Europe, where they have much stricter data privacy rules, and where something like ECPA is clearly a problem. For the US to argue that it can make ECPA reach across the ocean into European servers is going to be a big problem — especially at a time when Europeans are (rightfully) distrustful of the US government’s ability to snoop on their data.
Filed Under: 4th amendment, data protection, ecpa, ecpa reform, email, eu, ireland, loretta preska, privacy, subpoena, warrant
Companies: microsoft
Comments on “Court Says Who Cares If Ireland Is Another Country, Of Course DOJ Can Use A Warrant To Demand Microsoft Cough Up Your Emails”
So, if US Law applies everywhere...
Then all laws everywhere apply everywhere to everyone.
Good luck enforcing that!
Re: So, if US Law applies everywhere...
this is a very bad decision…if this thing stands… i think we’ll start seeing the Muslim countries demanding that Sharia law should apply to USA too, to all people … who cares what their religious beliefs might be.
The old saying goes both ways… what’s good for the goose is good for the gander too.
looks like we’ll start seeing mandatory public amputations and executions by stoning to death in the USA.
Re: Re: So, if US Law applies everywhere...
“Sharia law should apply to USA too, to all people…”
Finally the Infadels get it!
Re: Re: So, if US Law applies everywhere...
Stoning to death? We’re already seeing execution by chemical torture!
Re: Re: So, if US Law applies everywhere...
FFS … the fear mongering bullshit spewed from propaganda machines is getting more outrageous everyday.
Re: Re: Re: So, if US Law applies everywhere...
Well, seeing as the fearmongering is coming from the US Government… we thought that the NSA haveing real-time access to metadata was outreageously impossible.
Re: Re: So, if US Law applies everywhere...
as a Certifiable Pedant, i should point out that there is an even older saying that goes ‘what is sauce for the goose, is sauce for the gander’…
Re: So, if US Law applies everywhere...
This is how they do it: https://i.imgur.com/dBEmELN.gif
That is the process.
and when someone from another country wants info from the USA what will they be told? i hear a resounding ‘fuck off’! what the hell is wrong with judges and security forces in the USA? they seem to think that they can get anything, from anyone, anywhere but when the shoe is on the other foot, stop the same thing from happening in reverse! and as for what Bharara or whatever his name is, he needs to stop and think of the consequences to USA firms and people when their details are wanted by overseas courts. it definitely hasn’t been thought through very well, as usual, thinking only of what is wanted in this particular case.
Re: Re:
Yes, well, the only way that such things tend to get resolved is through warfare… and yet, we can’t possibly imagine that the entire world might wish to wage war on us. Maybe soon we’ll find out otherwise.
Re: Re: Re:
why wage war? If the rest of the world decides to just get rid of all US bonds, the USA will be bankrupt in less than 24 hours.
That is the reality and so far the downsides of doing that were bigger then the upsides. The current bullying tactics and warmongering of the US government are in the process of turning that equation around. Already large parts of the world are rejecting the dollar in trade relations. The US position is not nearly as safe as you might think.
Re: Re: Re: Re:
You don’t think that if all the countries in the world came looking for money we owed them that we’d just sit here and be bankrupt?! Hell no, we’d go to war!
Re: Re: Re: Re:
True they could bankrupt us… then there will be an market crash that pretty much does the same to them. The down side to a global market is that we all depend on each other to some extent.
Re: Re: Re: Re:
“If the rest of the world decides to just get rid of all US bonds, the USA will be bankrupt in less than 24 hours.”
So would the rest of the world.
Re: Re: Re:2 Re:
Not all of the world, only certain parts of it. Most of the rest would probably be better off as they would have far less debt to repay and more to spend on their own people.
Re: Re:
“when someone from another country wants info from the USA what will they be told? i hear a resounding ‘fuck off’!”
Are you sure about that?
Judges
All over the world some judges wake up with the intent of doing good. Then reality hits them in the face as they take the bench, and as the power soaks in it clouds reason and enthralls them with that which they can actually order.
And then they do. And then the rest of their judge community groans their internal groan and prepare to deal with the fall-out. And then the offending judge…well nothing.
Oh yeah, this'll help restore trust in the US
Just waiting for when a US judge flat out orders a multi-national company to break the law in another country, by ordering them to hand over data from another country, in clear violation of that country’s privacy and data sharing laws.
Even better, I’m sure the judge will see no problem with an order like that, and just tell the company ‘It’s your problem to deal with, all I want is the data, I don’t care what laws you have to break to get it.'(though I imagine they won’t say that last bit out loud)
Re: Oh yeah, this'll help restore trust in the US
Well why would a US judge care, they’d just point towards there Qualified immunity that of course stops them from being indicted, charged, sentenced, sued, etc
Oh wait.. that Immunity only applies within the USA.. hmmm I wonder how many Judges like to travel overseas and wont be able to anymore. So sad
Re: Oh yeah, this'll help restore trust in the US
If this doesn’t get overruled, it will make US cloud services virtually unusable for EU businesses, because they’ll no longer be able to comply with the Data Protection mandate.
Such considerations aren’t supposed to affect judges’ interpretation of the law, although it might make them decide that such subpoena is unreasonably burdensome. However, it should get the Treasury to send a rocket to the DoJ, and they’ll issue a “clarification”, especially when their political masters realise what’s going on.
US: “Come on guys, why won’t you trust me?”
So… could a US court demand records of non-Americans stored outside the US? Could they do so for physical documents and not just electronic ones? Could foreign countries do the same to the US?
Well, if she insists...
on instigating a criminal conspiracy against European citizens, I’m sure there’s a jail cell available for her in Europe. I hear the Dutch have to shut down prisons because they can’t fill them.
What’s clear is that any employee of Microsoft Ireland is legally bound to tell MS in the US where they can shove their warrant OR subpoena, as NEITHER has any force whatsoever in Europe.
There are procedures established through international law enforcement cooperation to get one’s hand on such data in valid cases. This is merely an attempt by the DOJ to violate international and European law, and the court is aiding and abetting in that.
This'll be great for the IT economy
Consider: you are a citizen of France or Germany or Italy. Your data is held on servers physically located in your country BUT those servers are owned by the local branch of an American company.
The American government is insisting that even though it’s your personal data located on servers in your country, its laws applies, not your country’s.
How long will it be before you and 50,000,000 others decide not to keep your data there?
Good news for the NSA
They are no longer the only government agency responsible for driving the rest of the world away from US tech firms.
Ireland confirmed for US state #53? (England and Australia are #51 and #52.)
Re: Re:
Good luck getting that through our referendum process.
There’s enough innate animosity to Yanks and Poms as it is. Our pollies may want one thing but they would have to get it passed through a national vote first and on the basis of past efforts, that is more than likely to fail badly.
Re: Re: Re:
They seem quite happy hosting tax cheats.
Re: Re: Re: Re:
which tax cheats – former prime labour prime ministers?
Re: Re:
Not anymore, haven’t you read? Australia is moving out of U.S. butt and into China’s and most of Asia’s instead.
Re: Re: Re:
Maybe yes to the latter, but the firmer isn’t true – it is easy to lick two arses if you have two faces.
One world corporate rule.
So what happens when the people outside the US go to jail for obeying the US order?
Re: Re:
Then they get what’s coming to ’em for be stupid enough to work for a U.S. company.
Same thing as anyone else stupid enough to do business with a U.S. company… employee, contractor, customer—no difference.
Re: Re:
My advice – obey the law of the jurisdiction you’re in.
It’s better to get fired than to get imprisoned.
Re: Re: Re:
Especially if you’re in a country with decent labour rights, so you can then file for unfair dismissal for being dismissed for refusing to break the law.
Re: Re:
I can’t imagine that MS needs the assistance of any specific employee at the data center to pull that data.
Re: Re: Re:
They will need it the moment European authorities require it – or pull the plug on the connection.
As it stands, they need explicit consent by the owner of the data to transfer it to the United States anway.
Re: Re: Re:
I would imagine that MS Ireland would be in breach of European data protection laws if it was possible for an employee (of MS US) in the US to just pull personal information from their servers without help from local employees.
Re: Re: Re:
Either MS Ireland would be in breach of date protection laws, or MS USA (and the specific employees involved) would be in violation of Ireland’s hacking laws, depending on whether MS Ireland gave permission.
so remind me if judges don’t have to follow the laws why do I?
Let an Irish Magistrate try the reverse on this judge
I’d love to see a couple if Detective Chief Inspectors with their State Department minders present a warrant for the search of the Judge’s computer for emails pertinent to the case. I’m sure Microsoft Ireland could convince a Judge over there that there’s some sort of payoff going on and they want to “have a look” at her computer, just like MI5 looked at the Guardian’s computers.
Oh, the hijinks that would ensure.
Nothing to see here
As non-US person, I must say this is blown out of proportion. Common sense says, that my local court can request data from me, even if I store it on Amazon/Google/Dropbox or any other “cloud” service located nobody-knows-where-exactly.
Exactly same thing going on here, where judge correctly pointed out that data is not a document or object. And as was repeated many times on this very site – data can’t be “owned”, only copyrighted, patented and so on.
I also must note, that I couldn’t care less about kind of form judge must fill. Be it “order”, or “subpoena”, or “hybrid warrant/subpoena” or purple scroll. That’s issue of US bureaucracy.
Bottom line is clear – MS has office in US, data is stored on MS’s server and judge ordered a copy. Because “has office in US” part, MS must comply. “Privacy protection” laws in Europe are as stupid as “right to forget” – by same token they can outlaw gravity.
Re: Nothing to see here
You could not possibly be further from the truth.
A local court can request YOUR data from YOU because it is YOUR data.
That’s not the case here, Microsoft is merely STORING the data for others, and it is doing so under specific laws.
Nope. The servers belong to Microsoft Ireland, which doesn’t have an office in the US, merely an owner.
We have jails aplenty to teach you otherwise.
Re: Re: Nothing to see here
Re: Re: Re: Nothing to see here
more correctly, would be if you had a warehouse in another country and local judge ordered you to open it up. He has no authority to do so since it is in another jurisdiction in another country.
It would require getting the co-operation of the foreign government and courts to force you to open up.
Re: Re: Re: Nothing to see here
The servers are in Ireland and belong to MS Ireland, which is a separate company which just happens to be owned by MS USA (possibly indirectly). MS USA must hand over what it has, and it can be ordered to send any instructions it wants to MS Ireland, but MS Ireland’s officials aren’t bound by the US court order and can’t be disciplined for refusing to follow instructions which are illegal in Ireland.
If the CEO of MS Ireland were to order his staff to hand over the information, he’d be breaking Irish laws, the employees would be protected if they refused (and guilty if they complied), and the fact that his shareholders ordered him to do it wouldn’t be a valid defence.
If MS USA has a back door in their servers, and MS Ireland know about it, they’re breaking their obligations to store the data securely. If they don’t know about it, then if MS USA were to use it, they’d be breaking Irelands anti-hacking laws, and so would the individuals in question. (That could be especially amusing if Ireland has something equivalent to RICO.)
Offshore bank – hide your money.
Offshore data bank – hide your data.
So Schrodinger’s Warrant then?
You still don't get it
Except the servers aren’t rented. They are the property of MS-Ireland, too. And no, local judges would have a search warrant against the person who rented it, yes.
Quite the contrary. Irish laws are the only thing that’s relevant for servers in ireland.
No, your ideas are ridiculous. You miss that to install such a file system, MS would have to move the data out of Europe, which is covered by very strict laws.
And your lack of understanding of legal matters doesn’t make laws “stupid”. It says more about you than the law.
I simply don’t see this working. (Irish person here). I can imagine, hypothetically, Microsoft USA sending orders down the chain of command (if they complied with the court order) to Microsoft Ireland, but at that point…what are the MS Ireland employees going to do? They’ll talk with their legal department, legal will say “Fuck no, we have data protection laws” and the MS Ireland employees will reply back to Redmond, Washington saying “Sorry, no, we will not be complicit in breaking the laws of our sovereign country“.
At that point, what is MS USA supposed to do? Fly over here to Dublin and physically do the US’s court order? They’d be known and arrested at the airport for conspiracy to commit a crime.
This has me scratching my noggin as to just why the US Department of “Justice” seems so allergic to following rules and producers. What’s wrong with working through Interpol and An Garda Síochána (Irish police force) to get the information needed? It wouldn’t be creating this diplomatic and political hassle at all if the US just fucking asked for cooperation in the matter.
Re: Re:
Oops. Producers up above should be procedures.
Re: Re:
Most likely they are just too afraid to be told “No” by local authorities and want to circumvent any opposition.
Re: Re:
It’s an intentional diplomatic insult by the United States directed to the Republic of Ireland.
Not sure exactly what the Irish did to the Obama administratio to piss ’em off, but the Obama administration is retaliating.
Diplomatically.
> At that point, what is MS USA supposed to do?
Go to jail in the US for contempt of court and obstruction of justice most likely….
Re: Re:
Not likely to happen. They gave the order, that’s about all they can do.
Anyone know if the people in Microsoft’s headquarters in Redmond have access to data stored on MS Ireland servers, or is the only way MS USA could get at the data is to ask/order MS Ireland to produce it?
If the latter, then MS USA can’t do anything. MS Ireland employees will just say no to the order, and they can’t be disciplined over the matter. They’ll know that if they get fired over this, they can sue Microsoft for punishing them for not committing a crime. Anyone know if these Irish employees could also bring a case internationally against the US government for starting this whole mess (either the employees or Microsoft Ireland/USA).
Re: Re:
If they have direct access, then European authorities will simply demand that such direct access be stopped. And that will be the end of it.
So what is the name of this new hybrid with the powers of both a warrant and a subpoena and the limitations of neither? Perhaps a Warpoena.
The World At War - Against US
Lets see: we’re attacking Putin/Russia on their policy in the Ukraine. We’re attacking Israel on their policy in Gaza, we’re attacking Europe and Britain by demanding data on things that are none of our business. We keep this up for much longer, we won’t have to wonder what they think. They’ll all declare war on us. Any such actions by anybody outside of the US TO the US would be regarded as an act of war by Congress. Why do we think we can get away with it?
As a dual American/Irish citizen...
…I was going to write that I’m somewhat bemused by this, but I’m really not. The USGOVT seems more out-of-control than normal, and the judiciary even less of a check on executive overreach and abuse.
Wait til the russian or iranian government asks for email data for say an american charity ,ngo,
OR american journalist from yahoo or google that did some work in iran or russia or travelled thru russia .
Say some one has a blog in the us that someone says insults the iranian government ,
or breaks russian law ,
say reveals corruption in russian government .
Will they be able to acess all the email data of a us citizen or journalist from an american gmail server .