DOJ Asks The Supreme Court To Give It Permission To Search Data Centers Anywhere In The World
from the world-is-[potentially]-yours dept
Having been told “no” twice by the Second Circuit Court of Appeals, the DOJ is asking the Supreme Court to overturn the decision finding Microsoft did not need to hand over communications stored in foreign data centers in response to a US warrant.
The Appeals Court told the DOJ that statutory language simply didn’t agree with the premise pushed by the government: that US-issued warrants should allow the law enforcement to dig through “file cabinets” not actually located at the premises (United States) searched. The court noted jurisdictional limitations have always been part of the warrant process (although recent Rule 41 changes somewhat undercut this). That the information sought is digital rather than physical doesn’t change this. The court suggested the DOJ take it up with Congress if it doesn’t like the status quo. The DOJ has proposed legislation but likely feels a Supreme Court decision in its favor would be a swifter resolution.
The DOJ’s 207-page petition [PDF] actually only contains about 30 pages of arguments. The bulk of the petition is made up of previous court decisions and oral argument transcripts covering the DOJ’s losses at the lower level. The Table of Contents gets right to the point, utilizing the section header “The panel’s decision is wrong” to set the tone for its rehashed arguments.
The DOJ quotes the dissenting judges from the Appeals Court’s decision, one of which makes the ever-popular “appeal to 9/11” argument:
Judge Raggi also emphasized the exceptional importance of this case and the “immediate and serious adverse consequences” of the panel’s ruling. “On the panel’s reasoning,” she explained, if the government had been able to show in early September 2001 probable cause to believe that the 9/11 perpetrators “were communicating electronically about an imminent, devastating attack on the United States, and that Microsoft possessed those emails,” a federal court would not have been able to issue a Section 2703 warrant if Microsoft had stored the emails outside the United States, “even though [Microsoft’s] employees would not have had to leave their desks in Redmond, Washington, to retrieve them.”
All well and good, if you like that sort of thing, but the facts of the case are far less dire:
In December 2013, the government applied for a warrant requiring Microsoft to disclose email information for a particular user’s email account. See App., infra, 2a, 8a-10a. The government’s application established probable cause to believe that the account was being used to conduct criminal drug activity.
This is how most arguments for expansions of law enforcement reach and grasp go: talk about how it will be used to stop terrorists; actually use it to hunt down normal criminals.
The petition admits Congress meant for domestic laws to only be applied domestically before arguing certain “applications” of US law should be seen as permissible inversions of Congressional intent. The DOJ argues Microsoft’s United States offices should permit worldwide searches of its data centers. Once again, the government’s arguments that stored communications are no different than paper files in a file cabinet (made when it wants broadly-written electronic storage searches to be seen as no more intrusive than a residence search) works against it. This interpretation of the Stored Communications Act means any service provider anywhere could be made to hand over documents stored overseas as long as they have a US office where a warrant can be served. This would be the case even if the service provider has no US storage locations and nothing more than a US-based “storefront” for convenience.
Microsoft has already responded with a lengthy blog post. It points out the better way forward is not to have the Supreme Court reinterpret a 30-year-old law, but rather to work with US service providers and Congress to build a better law that addresses the world as it is now.
The litigation path DOJ is now trying to extend in parallel to legislative progress seeks to require the Supreme Court to decide how a law written three decades ago applies to today’s global internet. The previous decision was soundly in our favor, and we’re confident our arguments will be persuasive with the Supreme Court. However, we’d prefer to keep working alongside the DOJ and before Congress on enacting new law, as Judge Lynch suggested, that works for everyone rather than arguing about an outdated law. We think the legislative path is better for the country too.
The post also points out cooperation with foreign law enforcement is a much faster process than has been portrayed by the DOJ, which insists it takes “weeks” to see results of these cooperative efforts. Following the Charlie Hebdo attack, Microsoft was able to turn over US-stored communications to French law enforcement in under an hour.
What the DOJ doesn’t seem to understand (or genuinely just doesn’t care about) is a decision granting it the power to seize communications from anywhere in the world would result in foreign governments expecting the same treatment when requesting communications stored in the US.
Should people be governed by the laws of their own country? If the decision in our case were reversed, it would subject every person in the world to every other country’s legal process. The email of a person who lives and works in Dublin would be subject to an American warrant issued by a U.S. court just as an American would be subject to an Irish warrant. Our customers tell us they want to be governed by the laws of their own government, and they deserve the certainty of knowing what laws govern their data.
If the Supreme Court decides to grant the DOJ’s petition, this won’t be argued until the next session, leaving the DOJ plenty of time to work on its legislative proposals. Hopefully, it’s actually working with US service providers on this, rather than thinking it’s the only stakeholder of importance in the legislative process.
Filed Under: data, doj, ecpa, jurisdiction, sca, stored data, subpoenas, supreme court
Companies: microsoft
Comments on “DOJ Asks The Supreme Court To Give It Permission To Search Data Centers Anywhere In The World”
Considering that most people in the world are already subject to US laws and can be arrested in their own country and sent to US prisons for something that may not even be a crime where they live (and few have the resources to fight it like Kim DotCom) then it would follow that data could be snatched around the world by US authorities just like people have always been.
Boy, handy for criminals, huh? Just contract for email / websites / banking to be kept on media in foreign country (vague so can always say is "elsewhere"), and then safe from it being used as evidence!
The Microsoft — one of the world’s largest corporate criminals, which probably keeps its internal memos overseas so has a hidden interest — notion won’t stand.
How could this possibly work? Say you sub-divide physical property into square inch plots with varied shell corps “owners” (no one does, but it’ll happen if this rigorous “premises” notion is taken so literally as to make it worthwhile); now gov’t has to get literally thousands of warrants? Could you safely transport drugs in car glove box by “selling” just that to some overseas holding company?
How about instead the obvious (as already pushed): that if a valid warrant is made and Microsoft can call up data at a given “premises”, then it’s fine. Otherwise, it’d be giving powers to Microsoft beyond that of gov’t. — Like to merely SAY that it’s overseas. How would anyone ever prove that the wanted magnetic domains are actually overseas? They could hard-code the system so always came back “overseas”.
That impossible tangle is NOT going to happen. And it’s not going to take Congress to say INSANE HAIR-SPLITTING. Courts must always go by common knowledge besides statute.
— Kim Dotcom had servers in the US and took US payments, so he was IN the US for business.
Re: Boy, handy for criminals, huh? Just contract for email / websites / banking to be kept on media in foreign country (vague so can always say is "elsewhere"), and then safe from it being used as evidence!
I like how you have complete blind faith in law enforcement but simultaneously think they’re incredibly incompetent and will be foiled by a mere “it’s elsewhere”!
Re: Boy, handy for criminals, huh? Just contract for email / websites / banking to be kept on media in foreign country (vague so can always say is "elsewhere"), and then safe from it being used as evidence!
Only criminals would use a service that routes their internet deliberately through a foreign country. A service like TOR would automatically make you a filthy lawbreaker.
Re: Wut?
“The Microsoft…”
You lost me right there.
Re: Re: Wut?
Sometimes you have to read to the end of the sentence to get it. "The Microsoft… notion won’t stand."
Re: Boy, handy for criminals, huh? Just contract for email / websites / banking to be kept on media in foreign country (vague so can always say is "elsewhere"), and then safe from it being used as evidence!
So any citizen of any country ca have their data seized, especially when they are not living in their own country, which means dissidents would not be able to escape their own countries government ever.
Re: Re: Boy, handy for criminals, huh? Just contract for email / websites / banking to be kept on media in foreign country (vague so can always say is "elsewhere"), and then safe from it being used as evidence!
I’ll take a wild guess, and say that he’d probably be screaming blue murder if this was the EU ordering data from US servers. Intellectual honest and consistency of argument aren’t his style.
Re: Boy, handy for criminals, huh? Just contract for email / websites / banking to be kept on media in foreign country (vague so can always say is "elsewhere"), and then safe from it being used as evidence!
“Could you safely transport drugs in car glove box by “selling” just that to some overseas holding company?”
No. But, the fact that you think this is a good counter-argument says all we need to know about how well you understands what’s being said.
Re: Boy, handy for criminals, huh? Just contract for email / websites / banking to be kept on media in foreign country (vague so can always say is "elsewhere"), and then safe from it being used as evidence!
Damn Canadian.
Re: Boy, handy for criminals, huh? Just contract for email / websites / banking to be kept on media in foreign country (vague so can always say is "elsewhere"), and then safe from it being used as evidence!
So basically, we now have court orders that have global reach regardless of unimportant little things like national sovereignty or different national laws, and soon we may have laws that say it’s okay to collect possibly classified information from foreign countries?
Sounds to me like Edward Snowden will soon be able to return home without fear of criminal charges, since the Espionage Act will be effectively abolished providing the accused had the permission of a foreign government to spy.
Relevant to Dotcom as well
Either way, this will have an impact on the Kim Dotcom trials. Hopefully the court accepts it and tells the DOJ to take a hike or expect every local court in the world to start demanding reciprocity for even civil cases.
Re: Relevant to Dotcom as well
This seems to me to be a lot like those ISDS clauses the US government keeps insisting on adding to trade agreements.
They envision a world where they get whatever they want no matter what a foreign government want, but they keep writing language into the laws that actually works both ways, never imagining it could be used against them.
And then they freak out and start making noise about withdrawing from treaties when it is used exactly that way.
“even though [Microsoft’s] employees would not have had to leave their desks in Redmond, Washington, to retrieve them.”
Oh, I thought for a moment that this was referring to law enforcement: “not having to leave their desks” to work a case.
I was wrong.
“What the DOJ doesn’t seem to understand (or genuinely just doesn’t care about) is a decision granting it the power to seize communications from anywhere in the world would result in foreign governments expecting the same treatment when requesting communications stored in the US.”
Part of me is amused at contemplating the collective meltdown that would occur if the Kremlin attempted this.
Re: Re:
Trump would probably be perfectly okay with it.
No more Russian hacking, then ....
As soon as the DOJ has established precedent, Putin can just ask Amazon (Russia) to compile a little package of data from Amazon Servers in the US (from their office in Russia, without leaving their desk). North Korea, Iran, Syria contact their local CIA reps for copies of files in Langley, Goldmans-Sachs (Katar) retrieves a bundle of financial data to facilitate negotiation with US companies.
An interesting door the DOJ is opening here.
Y'see, this kind of crap is why so many people hate the USA.
While refusing to submit to any other country’s or any international body’s decision or treaty (even those bodies that the US is a member of or a signatory to), other countries are expected to kowtow to US and US States’ law and/or courts.
Microsoft is an American company, which is why they have to comply. But a Chinese company, say, with no ties to the United States would not subject to this.
163data, which has server centers all over China, could tell the US government to shove it, and there is no way could enforce that on them, since they have no ties to the United States.
Re: Re:
Don’t underestimate the power and reach of the United States.
In the early internet era, countries such as China, Turkey, and Ukraine had a wide variety of public websites that openly violated US copyright laws — but such sites are extremely rare today (and it’s not hard to guess why).
Re: Re:
AC: "But a Chinese company, say, with no ties to the United States would not subject to this."
OK, so what happens when Microsoft, an American company, has "ties to" EU-member Ireland, by installing data servers there because of EU law, and when retrieving that data into the USA contravenes EU law? What then, eh?
Re: Re: Re:
Courts have a long tradition of ignoring things like that. They don’t care how a defendant arrived in the court room or whether their orders would violate the sovereignty of a foreign nation (AKA an act of war).
The Canadian decision recently isn’t terribly unusual, as court decisions go, though the US courts tend to do such things more often than most.
Excerpt from a meeting at the DOJ
"Sir, we’ve expanded the haystack to include every data centre in the entire country, but we still aren’t finding the needles."
"You know what this means? We need to expand the haystack to include other countries!"
Please, let them do it and then start demanding data from servers in the US without consulting the US Government. Please do it. Let chaos ensue.
Authority
What impresses me is the notion that the DOJ thinks the US Supreme Court has the authority to grant such a request. Where is their jurisdiction? In the US.
Now there may be treaties that allow some reciprocity with signators to those treaties, but I unaware of any treaty that encompasses the WHOLE WORLD.
Using 9/11 as an excuse to spy on everyone is disgusting.
Re: Re:
Using 9/11 as an excuse to spy on everyone is disgusting.
You used four words too many, just cut the ones in the middle out and it’ll be much more accurate.
Using 9/11 as an excuse is disgusting
@PillarWallet a solution that can keep all your important data #MyDataMyBusiness