Overall the US government acts as if other countries are not really sovereign entities, because software is eating the world. Hence the US is entitled to listen to everything non-US people say, read everything non-US people write, search data not stored on US soil, monitor non-US financial transactions, etc. All without having to respect any law of any other country.
The EU data protection bans storage of data about EU citizens outside the EU. Eventually the ban may have to include storage of data by US companies, even if in the EU.
This is going to end badly for American Internet companies. It's not just the NSA scandals. Americans need to realize that people outside the US have options, and at some point it will become a major handicap to be a US business -- seen as a conduit for US government power and spying.
I don't see how the US could or will step back from these abuses of power.
>This is going to end badly for American Internet companies.
Agreed. Of course, it's going to end badly for Americans in general. The "undue burden on the government" reasoning has been used to weaken almost every right that we have. Police don't have to announce themselves before entering, or even have a warrant (if they get one later), because these things would constitute an "undue burden". It is a very strange loophole that the government uses, again and again, to break the law. My rights are worthless if they inconvenience a police officer. And in this case, a companies rights are worthless if they inconvenience law-enforcement.
I think it's time we hang up the "undue burden" loophole once and for all. The constraints on behavior our laws represent should not be conditional on convenience, particularly not on the convenience of law-enforcement.
I couldn't agree more. What an incredibly lame excuse. The problem with such wording as "undue burden," "probable cause," "reasonable suspicion," etc. is that the phrases themselves are so broad and ambiguous, they can and do end up being meaningless when interpreted in court. It's clear that the original intent of the authors is irrelevant when interpreting such phrases as is any semblance of reasoning or logic. The only thing left is the warring parties intentions and their rationalizations for intentional misinterpretation.
What's wrong with undue burden on police and government? The constitution itself provides for many such burdens specifically to prevent an overzealous government from overstepping its power. The courts can and have applied such arguments to specific portions of the constitution, generally with great success. What gives law enforcement the right to be free of undue burden anyway?
They aren't, sovereignty is only a concept when each nation is capable of independence through economic, resource, and most importantly military. Since America spends more money on military than the next 9 largest spenders combined, America doesn't have to respect sovereignty. America's goal is to feed it's consumption, and ensure that nothing threatens the way of life for the wealthy at the cost of other nations. It frustrates me to no end because although I really hate this as a concept and practice, I really enjoy being given the opportunities that that this enables.
Yea, that's great and all but what happens when China and it's 1.4 billion people get their stuff together?
It's astounding that it seems that few in the US government seem to acknowledge that we may not be on top always, and what goes around comes around. There will be real future costs for our moral corruptness.
The military only comes into play under certain circumstances, for instance it gives the US a lot of leeway in Eastern Europe, as long as it acts as a credible counter-balance to Russia. It doesn't have so much of an effect in most of the rest of the developed world. The US is not going to invade Germany or France if they act independently to protect the interests of their citizens. In much of the world, the credibility of US actions matters just as much as brute strength, and that will become more and more the case. And arguably, in many circumstances, strength is better measured through economic leverage than military expenditure.
That's population not wealth, trust me I am sure most US businesses (technology based ones) currently don't have a strong foot hold in China. Which by your calculations make up ~15% of the world markets. If we however look by wealth and assume our allies are alright with our methods (given it also helps them spy on their citizens it's a fair assumption) we aren't risking that much, considering the countries we aren't in are the only ones who would oppose this.
I'm not saying that it's good practice to do what the U.S. did and I am appalled. However, they will not lose 95% of the markets, at least not now. There is currently no country with the capacity to generate as many new ideas into businesses, and the U.S. is roughly 25% of the worlds entire economy. Hell, just California is the worlds 7th largest economy.
Further, you don't think the other large nations (by economy), such as Japan, China, India, Russia, the U.K. are not doing/going to do the same thing (I omitted Germany and France since they seem to not wire tap.. Not necessarily true).
Business wouldn't and wont be cut 95%, I am pretty sure most countries are grateful the U.S. is setting precedent and will request them to issue warrants on their citizens.
Actually the US GDP is the same as the EU GDP -- almost 18% of the world's. [1] That's a little above China's. About the same as Japan + India + Brazil + Russia.
Currently non-US economies represent 82% of the world. Non-US Internet users represent 90%. Non-US people are 95% of the world.
And the US is not growing its share of world GDP, Internet usage, nor population.
I'd argue that the "wealth" (aka "valuation") of many US Internet companies is increasingly dependent on a larger user base instead of a richer one. Facebook paying $16B to acquire Whatsapp (and its 450M decidedly non-wealthy users) comes to mind.
> I omitted Germany and France since they seem to not wire tap
You can remove France from that very short list. It has been revealed that France does its own surveillance on its own population, and exchanges this data with the USA through the Lustre program [0], revealed in a German newspaper [1].
What's even more interesting is that the USA has little penetration in Africa's surveillance, but due to its history, France has a very strong presence there: Most of the intercontinental cables end in France, and the biggest telecom operator (Orange, ex France Telecom) is present in pretty much in every french-speaking country in Africa, along with Bull-Amesys, the one that installed the shiny surveillance toy for Al-Assad.
If the USA wants intelligence on Africa, signing a deal with France was a very important move. The french press not saying anything about it says everything about the level of independence and journalism.
Well, not really true. In fairness though the US population is less than 5% of the world, they amount to lot more than 5% of the market. The distinction is between the population and number of customers of internet/software based services/products.
As of 2012, US Internet users represented about 10% of world-wide Internet users. [1] Internet usage is far from being an exclusively American thing.
Given recent trends, US users will within a decade represent 5% of world-wide users, with relatively more expensive and narrower bandwidth at their disposal.
Looking at it from a B2B perspective, I can think of a lot of business situations where my own country spying on the data I store is acceptable, while any other country spying on it is not. Any sort of work with your local aerospace/nuclear/etc program falls into this case. Or any sort of work with a biggish company with ties to the power, really.
It's fascinating to see how some people seem to find silly the idea that their domestic government could be on their side.
> Hence the US is entitled to listen to everything non-US people say, read everything non-US people write, search data not stored on US soil, monitor non-US financial transactions, etc. All without having to respect any law of any other country.
I hope you realize that the US most definitely does all of that inside the US too! The NSA's pretending to only target "Outsiders" only serves to make the all-encompassing surveillance more abstract, and thus somewhat more palatable to the local masses.
This will embolden countries like Germany and Brazil even more to force Google and Microsoft to create local subsidiaries/different companies there and hold their citizens data only in those datacenters and with that specific company.
And I don't blame them. As a response to this, and to avoid that, Google and Microsoft should be adopting end-to-end encryption in their services as soon as possible, because it's the only way they can now say with a straight face that EU citizen data is "safe" with them.
Otherwise (hopefully) people will be using less and less American services over the next few years. Europeans (and others) can't and shouldn't feel safe with their data used by American companies now.
It is not enough that they are local subsidiaries. Microsoft said this already in 2011. A subsidiary on foreign soil, under foreign law is required by the patriot act to produce the data that a US authority is demanding, even if it breaks the law in the country it is in. http://www.zdnet.com/blog/igeneration/microsoft-admits-patri...
That's the difficult case. Suppose you're the head of Microsoft Brasil, a Brazilian company 100% owned by Microsoft. You're a Brazilian citizen siting in your office in São Paulo, overseeing the local datacenter. A US court asks Microsoft to ask Microsoft Brasil for some data. The request arrives at your desk and it goes against local law. Do you comply and risk going to jail in Brazil or do you not comply and let your boss in the US go to jail? There's got to be precedent for this in the physical world. There's nothing special about data in a datacenter vs cargo in a warehouse for this scenario.
In cases like this, there is a difference: that data can be accessed from US soil, even while it is stored on foreign turf. Guns sitting in a warehouse cannot be used in the commission of a crime in the US; data on an email server in Brazil can be. And I bet that's the angle the US govt is taking on this.
It still reeks of a belief that other nations do not really have sovereignty.
>In cases like this, there is a difference: that data can be accessed from US soil, even while it is stored on foreign turf. Guns sitting in a warehouse cannot be used in the commission of a crime in the US; data on an email server in Brazil can be.
A distinction without a difference. If the argument is that the data can, at some unspecified future time, be brought to the US, you get to wait for that to happen to intercept it. Just like you would with cargo in a foreign port that you suspect is going to be shipped to the US.
But suppose you've already lost that argument in court in the US how does the head of Microsoft Brazil respond to the request? Microsoft seems to be screwed either way.
There is something I don't really understand. If the subsidiary said no, it would have followed the local law, the parent company can explain the order was refused by the subsidary with reason and it can't do anything more (the employees don't fall under the same juridiction), and technically everything would be OK.
Am I missing anything apart MS not wanting to piss the US government and throwing their subsidy under the bus instead ?
They presumably already have wholly owned subsidiaries in each country where they have any presence - the US government can then presumably say to the parent company in the US "tell your subsidiary in <country> to give us their data" and what can they do?
They would respond "We ordered the CEO of the local subsidiary to give us the data, and he refused, because that would be illegal in the country the subsidiary is based in. We then fired the CEO, now he's suing the subsidiary and we had to close it down. We made $50M loss this year because of the lawsuit. Thank you, honourable judge."
If a country had a good precedent of telling the FBI to go away and come back when they obtained a search warrant through local courts, an educated population (with a high rate of English literacy), a climate that kept datacenter cooling costs low, and a high potential for geothermal power, I think this would be the time for such a country to push hard for even stronger privacy laws and start up some locally owned cloud computing/cloud storage businesses.
It's too bad such a country isn't closer to the great circle route between New York and London, Paris, or Berlin. Being able to terminate trans-Atlantic cables on a small Atlantic island nearly for free would pretty much make it an ideal location for datacenters.
> "A U.S. prosecutor cannot obtain a U.S. warrant to search someone's home located in another country, just as another country's prosecutor cannot obtain a court order in her home country to conduct a search in the United States," the company said.
Sure, the U.S. government cannot send agents to search Irish homes owned by U.S. citizens, but it can damn well order the citizen in question to retrieve and present a certain document that is known to be stored in the basement of that home, and threaten to hold him in contempt if he fails to have it shipped stateside within a few weeks. So according to Microsoft's own analogy, there's nothing surprising about this decision.
What I'd really like to know is what happens if it is illegal in the country where the server is located for Microsoft to disclose the server's contents to the U.S. government.
I don't know much about EU privacy laws, but surely some countries take issue with the personal information of their own citizens being shipped abroad? Could U.S. corporations (and/or their EU subsidiaries, if any) argue that it would be illegal for them to obey this U.S. judgment?
EU laws are directives, which must be converted into law in each country. So, it really depends on the wording of the law in each country. In my country (Portugal), if Microsoft were to comply with the US court and send information from Portuguese datacenters over to the US, they would be in violation of the privacy law. The penalty varies, usually it is just a fine and compensation to the information owner. In severe cases, however, the law allows for mandatory removal of the data stores, effectively prohibiting Microsoft from operating the service in the country. Not that I imagine the full penalty ever being applied. It never happened to anyone yet, and Portugal is strangely in bed with the US [1].
[1] The guy on the left in the picture is the then prime minister, when Bush was drumming the drums of war onto Iraq; photo taken at the military base in Azores. He later became president of the European Commission: http://imagens6.publico.pt/imagens.aspx/227656?tp=UH&db=IMAG...
> Sure, the U.S. government cannot send agents to search Irish homes owned by U.S. citizens, but it can damn well order the citizen in question to retrieve and present a certain document that is known to be stored in the basement of that home, and threaten to hold him in contempt if he fails to have it shipped stateside within a few weeks.
Even when the document in question doesn't belong to said citizen?
U.S. courts (and all courts everywhere) can compel you to produce any document or item under your control, whether or not you actually "own" it.
Your cousin Bob gave you a sealed letter to hold for him and the court says you have to hand it over? You must.
And calling it "theft" is an attempt to prejudice the discussion. Theft is taking without due process of law. By definition, taking at the command of a court is with due process of law.
> And calling it "theft" is an attempt to prejudice the discussion. Theft is taking without due process of law. By definition, taking at the command of a court is with due process of law.
By the same token I could come and repossess your car after obtaining a judgement against you in a foreign court if it was in my parking lot, right?
>And calling it "theft" is an attempt to prejudice the discussion. Theft is taking without due process of law. By definition, taking at the command of a court is with due process of law.
Not if the taking is in a jurisdiction the court commanding it has no power over. Which was the point here.
There is of course a big practical difference. Deniability is far easier if something the US government wants is outside the US. Searches in the US are, in practical terms, comprehensive - take everything that isn't nailed down, especially every electronic thing, never mind the wording of the IVth or the warrant. Having something outside the US naturally enforces the condition that the thing be described, and only that thing be produced.
What happens if/when another country (China? India?) introduces a similar law, requiring a company that operates there to make data on u.s citizens available even if its stored outside of the country. Will these companies stop operating in these markets?
My guess is that this worry is why Microsoft's opposing the order. The university I work at in Denmark uses Office 365 specifically because Microsoft was able to convince them that data will only be stored in the EU, and will only be accessed in accordance with EU data-protection law. If Microsoft can't credibly maintain that claim, European companies and universities may not be able to use their cloud services.
The EU has a track record of defying US extraterritoriality so I would be surprised if the data gets handed over.
Also, this ruling was made by a magistrate judge, which is prett low down on the judicial totem pole. This ruling will be appealed, which means that it'll be reviewed by a judge who doesn't, in fact, have his head up his ass.
Devil's advocate: what if MS, Google et al had all the US persons' email and files stored in Canada or Germany...on purpose? You type your email in Washington DC and then it is stored in a server somewhere in Germany. No can do says Microsoft.
Along similar lines, suppose you are GM, and you have known for over a decade that faulty ignition switches on your cars have been killing people, yet you have not applied the cheap fix for the problem, and that this is at least grossly negligent and possibly criminal. Can you just ship all the incriminating physical documents to a GM branch in another country so that US prosecutors and US plaintiff attorneys and US regulators cannot get them?
It would be one hell of a loophole if a person or company in country X could put documents (electronic or physical) that they fully control completely out of the reach of prosecutors, plaintiffs, and regulators in country X simply by storing those documents in country Y but still fully in their control and easily in reach when it serves their interests to access them.
From the article: "Longstanding U.S. law holds that the recipient of a subpoena must provide the information sought, no matter where it is held, he said."
The EU data protection bans storage of data about EU citizens outside the EU. Eventually the ban may have to include storage of data by US companies, even if in the EU.
This is going to end badly for American Internet companies. It's not just the NSA scandals. Americans need to realize that people outside the US have options, and at some point it will become a major handicap to be a US business -- seen as a conduit for US government power and spying.
I don't see how the US could or will step back from these abuses of power.