Microsoft believes you own emails stored in the cloud, and that they have the same privacy protection as paper letters sent by mail...
The U.S. government can obtain emails only subject to the full legal protections of the Constitution's Fourth Amendment...
A search warrant cannot reach beyond U.S. shores...
[The US government] argues that your emails become the business records of a cloud provider. Because business records have a lower level of legal protection, the government claims that it can use its broader authority to reach emails stored anywhere in the world.
> your emails become the business records of a cloud provider
That is simply ridiculous. Email stored by a cloud provider isn't a business record of the provider any more than the contents of a physical letter stored in a rented mail box is a business record of the box provider.
A physical letter in a rented mailbox is also generally not data-mined for the commercial purposes of the service provider.
I think cloud companies essentially want the 4th amendment benefits of treating the cloud like real world private areas (e.g. bank lock boxes), without any of the obligations that come along with that.
The "reasonable expectation of privacy" in things like safe deposit boxes or storage units is based on the actual fact that service providers generally do not and cannot access the contents of those rented spaces. To apply that same reasoning to data stored in the cloud, we have to indulge in the fiction that various bots and sysops cannot in fact access that data, and do not routinely do so.
That said, I think the cloud folks are ultimately going to win, on the basis of Riley v. California (which is noted in Brad Smith's op-ed). I think Riley is technologically ignorant in glossing over technical distinctions between local and cloud storage that are relevant to privacy, but it all but says the cloud is protected under the 4th amendment. I don't know what's left to fight over.
>they want the 4th amendment benefits of treating the cloud like real world private areas (e.g. bank lock boxes), without any of the obligations that come along with that.
and...
>That said, I think they're ultimately going to win.
Warning: Total Conspiracy Theory Ahead
Could this be an end-around by Microsoft to eliminate one of Google's main revenue streams? Follow me for a second.
1. Let's assume Microsoft wins this court case. By doing so, e-mails will be afforded the same protection, under the law, as physical letters.
2. A Microsoft backed plaintiff sues Google for data-mining her email's content, arguing under the same 4th Amendment ruling.
3. After years of legal procedures and court battles, Google (and all other e-mail providers) are forced throw away their master keys. Essentially all email is blind to the providers.
4. Google loses one of their larger revenue streams.
Everyone loves a good conspiracy theory, so indulge me for the moment. Why would this not work (And for the record, I'm sure it wouldn't. But I would honestly like to know why.)?
I think it goes off the rails in step 2. Private organizations are not bound by the 4th amendment. For the most part, the constitution defines the powers and limitations of the federal government (and to some extent the state governments). The government is the entity bound by the 4th amendment, not private companies.
I think a more likely scenario is that we end up with a court ruling that says something along the lines of: "In order to preserve the customer's 4th amendment rights, the company hosting the e-mail mustn't be using it for business purposes." So, Google wouldn't be able to simultaneously mine your e-mails and guarantee that your e-mails are protected under the 4th amendment.
This went off the rails well before I started to write it. But let me push back on your thoughts.
If I am understanding Microsoft's argument correctly for this court case, they are trying to equate e-mails to letters. And, by extension, equate themselves to UPS/USPS/FedEx whathaveyou. E-mails are private correspondence, just like letters in the post. And please, correct me if I'm wrong in this assessment.
It is also a felony in the US to open someone's mail. So wouldn't that same protection exist in email? Which would mean nobody can look at an email correspondence unless they were either the sender or receiver of said email.
The fourth amendment doesn't protect you from other people reading your post. It probably _does_ protect you from the government reading your post (though, apparently not protect you from the NSA logging all your mail[1]).
It is a crime for other people to read your mail, though that protection comes from the legislative branch, not the constitution. Specifically, Title 18, Part I, Chapter 83, § 1702 [2]. If you could convince a judge that § 1702 applied to e-mail, you might be able to ruin Google's day. It'd be a very different legal argument than the fourth amendment legal claim. Whatever comes from Microsoft's legal arguments about the 4th amendment won't have a bearing on this line of argument.
I still think the best avenue for a conspiracy theory motive for Microsoft is to get a ruling that says "if the e-mail provider examines the communication for any purposes other than facilitating mail delivery, then the communication loses its 4A protections." That would allow other competitors to advertise strong 4A protections, and force Google to choose between that sweet, sweet personal data or also advertising 4A protections.
I'm all for privacy in email, but if we're doing analogies, unencrypted email is more like postcards, than letters. And metadata is more like what's written on the letter than in it. (And SMTP over TLS would be like the mailboxes you're not allowed to look in, unless you're delivering mail, or are the recipient...)
As far as I can gather, the US has pretty shoddy laws guarding personal information from corporations -- so a change wrt email might be a win. But I don't know if this is the best way.
As long as there doesn't appear to be any viable way to get most people to use gpg/smime -- I'm not sure we're likely to get anywhere. Perhaps that is what Microsoft should do: leverage S/MIME for outlook.com (with the caveat that they would have to keep the encrypted private keys, and being a web service, could be forced to backdoor the clients in order to get the pass-phrases/passwords...).
Hm, I wonder if there's an IMAP extension for storing encrypted key-pairs?
I think the snail mail to email analogy is flawed...
snail mail has an envelope, plain text email does not. However, a postcard does not generally have an envelope...
It won't work because Gmail users have agreed to what Google is doing.
(Also, as I understand it, Google works hard to limit access to email, but I don't think they have anything you would want to describe as a master key. It would be "Google deletes all customer data", not "Google blinds itself to customer data".)
I think you give Microsoft too much credit. But, you correctly identified the importance of this case.
Interestingly, I predict that if your outcome were to happen then Google will rapidly invest in Gmail to turn it into more than an email system, so that they'd have reason to argue that the messages are business records.
So cloud companies that want to preserve user's rights w/r/t to user data and doing email should not be able to do spam detection? Should they be able to adjust the markup in HTML emails such that the composition of emails into the web UI does not compromise the well-formed-ness of the page? Should they not be able to provide a "search" feature to locate emails that are relevant to a user's query?
These sorts of things are all capabilities I expect in a local mail client; I think it's a reasonable to apply 4th amendment protections to the user's data, even if computation done on behalf of the user (including selecting relevant ads) happens in a remote datacenter using code the user didn't write.
It is pretty ridiculous to treat users' emails the same as a grocery store's payroll when deciding whether customers have constitutional privacy safeguards.
At the end of the day, the lynchpin of the 4th amendment is an objectively reasonable expectation of privacy. Not merely a subjective desire that the government not see certain information.
With that in mind, I just don't see how you can say you have an objectively reasonable expectation of privacy over e-mails in the cloud, when a system operator can pull up all your personal information going back years at the touch of a button. When the e-mail service not only has incidental access to the data, but actively looks into that "private" data and uses that "private" data for commercial purposes. It's a distorted, results-oriented definition of "privacy."
That said, you're likely going to get precisely that results-oriented interpretation, because apparently the Supreme Court, like most users, doesn't fully understand the scope of how cloud providers access and use and commercialize your data.
But, under the ECPA, it is not a felony for system operators to do the same thing (for operational and diagnostic reasons) on networks carrying voice traffic. And yet nobody is suggesting that voice traffic isn't subject to wiretap laws.
Do you have a reasonable expectation of privacy for your bedroom or can the government freely search that too? Does your answer change after you hire a housekeeper (or housekeeping company) to dust your furniture and put away your socks?
You can't exclude the testimony of your housekeeper that your sock drawer was full of cocaine on the basis that you had an expectation of privacy, so yes, it changes a lot.
While I wouldn't expect much privacy from the provider holding my email, I would expect privacy from the government ... assuming there wasn't a warrant to access it.
Does anyone know the case law for services that filter a person's mail for them? E.G if I employ a service that will open mail for me to weed out the junk and send me the good stuff, do my letters become business records?
What if I also employ them to (going a step further), pay any bills that come in from my bank account?
I think that this line has already been drawn.
Tangential question: since the Supreme Court recently decided "do it with software" by itself is not sufficient (by itself) for software patents, can that precedent also be used for differentiating between letters and email? E.g. - letters with software is not enough distinction for 4th amendment bypass?
> The "reasonable expectation of privacy" in things like safe deposit boxes or storage units is based on the actual fact that service providers generally do not and cannot access the contents of those rented spaces.
And the "reasonable expectation of privacy" in cloud email is based on the fact that, while computers necessarily have access to the data (it is not possible to provide email service otherwise), humans generally don't.
Exactly. Employees at the UPS store can steam open your physical mail too. The question is whether you have a reasonable expectation of privacy, not whether you have actual privacy.
Gmail is not the only cloud. Does Apple datamine icloud.com or me.com emails? The fact that the email may exist on multiple servers around the world (aka, cloud) doesn't per se mean the company is abusing the customer's trust.
Are you telling me that a banker does not have the capabilities to access a rented lock-box? That only the renter has that key? What then happens if a renter dies and that key is missing?
And soon they will argue that your mail is not your mail, and subject to legal protection, when it is in any USPS facility because it is government assets until it touches your mailbox.
Granted, they already track all metadata without opening it (if you believe that). This is attrocious. I come from a family of attorneys and I have told them I lost all respect for the system in which they operate, and Jeffersonian calls to refresh the tree of liberty have started to seem very real and urgent these days.
>A search warrant cannot reach beyond U.S. shores...
Well, that is also part of this case. The court is going to determine how to fit data into the current caselaw. There is good reason for why the US can't order searches in another country.
But if Microsoft has servers in the United States that can routinely access their cloud servers, there is a good argument that data is really in the United States as well.
The business records argument is a bad one. However, I don't see any good reason for why the government shouldn't be able to access American companies cloud data with valid warrant.
The government's case here isn't a ridiculous one. I can't think of any other situation where there is 4th amendment protection of property in custody of a third party where the custodian has essentially unregulated and unrestricted access to the property and no consequences for loss or damage to the property. Its a really novel argument on the part of Microsoft to claim that your emails on their service are still your property, when none of the usual protections that apply to property held by third parties applies to that email.
If I rent my house to you, you have unregulated and unrestricted access to it. That does not mean that the government can, without either of us giving permission, search that house.
If you rent your house to me, you no longer have unregulated and unrestricted access to it. You can only access it in certain circumstances defined by landlord-tenant law. That's what creates the expectation of privacy: you know your landlord will only enter your unit for emergencies or with adequate notice to you. You can sue them if they violate these requirements.
The difference with cloud hosting is that, unlike your landlord, your cloud host does have unregulated and unrestricted access to your cloud storage.
In the analogy the customer is the landlord giving access to the could service. Giving someone access to your property does not automatically give the government the right to search it.
Obviously Google is the landlord, since it owns the servers and you're just renting space on them to put your property.
In any case, your analogy doesn't work either way you phrase it. If you're the landlord, and Google is the tenant, then the government doesn't need your permission to access the property, just Google's. The government can't break in and search the servers, but it can get the documents with a valid subpoena duces tecum (subpoena for documents).
> Giving someone access to your property does not automatically give the government the right to search it.
No, but giving potentially hundreds of people you don't know and have never met access to your property does undercut any argument that you have an objectively reasonable expectation of privacy with regards to that property.
Apparently it is not the most intuitive analogy, but it is an example of one party giving custody of their property to someone else. A landlord gives custody of their house to a tenant, a customer gives custody of their email to Google. It seems reasonable that Google could give the government permission to search the email just as a tenant can give the police permission to search a house, but that is not what we are talking about. We are talking about the the government's right to access those emails without Google's permission.
"On Thursday Microsoft will oppose the U.S. government at a hearing in federal court in New York, arguing that it can't force American tech companies to turn over customer emails..."
So, with the US Govt. move to use commercial cloud providers (including Microsoft Office365!), does that then make all of the USG communications stored on that system 'business records' of the provider? That would completely destroy the whole cloud market for anything other than public data...
I don't think there's any shortage of people who believe the US government is a bloodsucking, many-tentacled world-destroying monster. But hyperbole of this degree is neither insightful, nor is it helpful.
If you use AWS, is all the data (S3, EC2 filesystems, RDS data+backups, etc.) now a business record of Amazon?
What about renting dedicated servers at your local datacenter? You're basically renting bare hardware at that point, but the hard drives are still technically owned by the datacenter. Is the data on those hard drives business records of the datacenter?
Not being able separate the owner of the hardware and the owner of the data on the hardware seems like it would have a ton of modern consequences.
EDIT: Here's a fun thought experiment. Say I bought a license to analyze some music dataset from a record label. That license requires that can't share the music data with anyone. When I upload the dataset to S3 to run my Elastic Map Reduce script on it, did I just violate my license because that data is now a business record of Amazon?
While it's understandable to feel down about the fact that Microsoft used to feel it was ok to hand over emails, there's a more positive way to look at it: this article is strong evidence that the public opinion regarding online privacy has changed such that, were Microsoft to give up these emails, it's own business would suffer negatively.
It's not a signal of the end of our battle for privacy, but it's something.
If Microsoft was serious about this, they'd also offer end-to-end encryption for their e-mails (open source protocol, otherwise they shouldn't bother).
But because they aren't doing this, it just shows they are more concerned about not losing business overseas than "fighting for your e-mail".
I'm no longer sure that is enough. Considering what happened to Lavabit, just offering end-to-end encryption is only going to work until the government decides they want what you have hidden. I doubt that Microsoft will put up as much of a fight, or take the high road out, like the Lavabit founder did.
Fighting them on the legal front to stop such practices from starting may well be the best option right now. Even though Microsoft may be doing this for business reasons, it'll still help everyone.
End users need to and can take control over their own email privacy. GPG. Ten minutes to download, install, and generate a key pair is all you need to secure your email. Perhaps the willingness to do so will increase when the government successfully argues that non-encrypted mail posted through an email server is the same as posting your thoughts on a public peg board...
If you want full compatibility, you can pay a small yearly [extortion] fee to the Verisign gatekeepers... but I prefer not to...
Pffft, GPG doesn't work if you want to communicate with other people. It's very difficult to get people to use it, and the UX is horrible for it. On top of that it's even harder to use on mobile platforms. GPG also doesn't have forward secrecy.
GPG works fine. It's difficult to get people to use encryption regardless of the implementation... I used to work for an organization that required, by written policy, all email to be encrypted. Everyone had an S/MIME cert with a short pin... the number of encrypted emails I received over a 7 year period was precisely - without exaggeration - '2.' People do not care about encrypted email, and don't want to bother with even the slightest inconvenience. This is by far the largest problem with encryption, much more so than any 'it's too difficult to use' excuse.
If memory serves, the feds had probable cause and a warrant when they want after Lavabit. Lavabit tried to fight it. Lavabit lost. So they shut down instead and tried to spin it as the feds shutting them down.
They did indeed have a warrant for the info. The problem was how they chose to pursue obtaining the info- that is, installing a MitM black box that could read all customer email going through it, not just the citizen for whom they had the warrant. I'm not sure if they promised or not to only snoop on that one individual, but even if they did you would have no way of knowing if they're telling the truth or not. From what I read, he wasn't necessarily trying to protect Snowden, but protect the rest of his userbase.
What other options were there? There was only one SSL key. Once you can MitM one user in that scenario, you can MitM them all.
To my understanding Lavabit didn't have a system in place for separating out one user like that, and the feds would likely have been disinclined to wait for the development of one.
So perhaps we should take this as a lesson in designing systems to be as secure as possible even with legitimate warrants rather than as a sign of warrants being abused.
My understanding was that he offered them his programming services to create a method to do exactly what they wanted- pull the email info out for just one user. True, he was going to charge them for it, but it was only $2000. A laughably small sum for the people he was dealing with. Supposedly, they denied this offer because they couldn't control it. From my perspective, $2k and a couple day wait is a paltry sum to pay to not trample over the constitution.
According to Wikipedia, just one month prior, Lavabit had complied with a search order for one user suspected of child pornography. I'm not exactly sure what the difference was between these two cases, but it does show he had at least some capability to do what they asked.
I do agree that "one SSL key to rule them all" is perhaps not the best practice. That said, the design of the system doesn't matter as much to me. Reality is that the system was designed in the way it was, and when offered two methods of getting their data, the feds decided to take the wrong one. (In my opinion.)
It wouldn't surprise me if the feds are sharply limited in what they can pay for warrant-wise. There's a good chance they simply didn't legally have the option of waiting and paying $2k. Understandably, the government does not want "I have a warrant" to become the sound of a cash cow begging to be milked.
If I were to guess, I would say control is actually a huge issue. If it's their equipment and software that's certified for this use, it probably satisfied chain of custody and certification requirements. If it's someone else's, who knows? It's almost certainly not certified and so it might not stand up in court at all. Certification is a big deal in the government and a court is likely to be skeptical about the use of an unproven and uncertified magic software black box in executing a warrant.
So what it comes down it is that the feds may not have actually had a choice of how they got that data.
However, I'll ask you this: is it constitutionally agreeable to trample the rights of others for the sake of gathering evidence? I would say no. Just like how I would say searching all personal mail coming from a certain zip code because you know of someone sending secrets would be, in my viewpoint, wrong. I can chalk up the initial issue of a warrant to the judge not understanding technology, but as soon as it was explained in a courtroom how it was tied together, he should have told the feds to seek evidence elsewhere.
I think it's about collecting evidence in the least invasive way possible. To me, the priority is limiting damage while still allowing law enforcement to function. One of the key privacy advantages of how LE access to phone companies or gmail or similar is implemented that it allows them to be granted access to just the data in question and little more.
What really becomes a problem is when the evidence in question is only available from one source and there's no way to do it that doesn't run the risk of what I'm going to term information bycatch. At that point there are really only two viable options - allow the collection with bycatch or disallow the collection due to bycatch.
The first is a significant privacy risk. That said, it's also not a new one. As long as people have kept records or written letters, a search has run the risk of exposing the private information of other unrelated people. Certainly, the same concern applies to tapping phone calls, and that's permitted by courts.
The second runs the risk of hobbling law enforcement entirely. Without perfect knowledge of what a given document, packet, phone call, etc. might contain, it's impossible to say that a search will or will not invade the privacy of another person in addition to the subject.
My understanding is that a warrant is for information or items because it's known and understood that information bycatch isn't always avoidable. This is considered unfortunate but unavoidable, as there cannot always be assumed to be other and better options.
I think this goes back to my earlier point about design. If a system isn't designed to contain any breach, then any breach - legal or otherwise - will be uncontained. I think this is less a constitutional problem than it is a technology one.
I believe they were told to hand over the SSL private key. I'm not sure everyone using the Lavabit service was a criminal... So, my thought is that probable cause for handing over the master key to the hotel should be a bit more than probable cause to hand over the room key...
That's my understanding as well. Unfortunately, Lavabit used one SSL certificate for every incoming user, rendering it impossible to use anything lesser. So to continue your analogy, the hotel only had one key - the master.
> The government seeks to sidestep these rules, asserting that emails you store in the cloud cease to belong exclusively to you. In court filings, it argues that your emails become the business records of a cloud provider.
So, how long until Dropbox contents are just a matter of business records?
It is a lose-lose case for the US. If they win the case, other countries say sorry you can't do business here. We already have seen countries such as Brazil and Russia make moves to requiring companies to securely store user's data in country.
This makes a good argument for open source software development and decoupling storage. Software-as-a-service may end up being Commodity-as-a-service. Terrible for enterprises like Microsoft, Oracle, and IBM who want to be global "cloud" providers.
This is the same Microsoft that ran ads against Google based on the claim that unlike Google's ad algorithms, they don't look at your email, then turned around and looked at a user's email when they found out that a Microsoft employee sent confidential information to that account. (http://www.techrepublic.com/article/microsoft-issues-mea-cul...).
It's also the same Microsoft that was found to have provided the greatest aid to the NSA in accommodating their mass wiretap requests (compared to Yahoo, Google, and other webmail providers).
The irony is delicious.
To put it very mildly, I question Microsoft's integrity and wouldn't trust them with my data. Want to showcase a hero who actually went to great lengths to fight the feds over your email? Try Ladar Levison.
I think Microsoft are right here and I'm glad that they are willing to take this on. Of is in their interests to show that their customers' email privacy is afforded the same level of protection that normal mail does.
You might want to reconsider posting comments like that. You may think you're making a principled stand against the evils of paywalls (aside: how do you expect online publications to stay in business?) but in fact all you're doing is advertising the fact that you're either too lazy or too stupid to take the trivial steps required to get around one.
"too lazy or too stupid to take the trivial steps required to get around one"
Or maybe he just doesn't want to? You know, on principle? Even skirting the paywall, you're boosting the WSJ's viewership stats which in turn, helps them sell more advertising/contributes to their "value".
I appreciated the comment because I do not want to bother navigating to a paywall'd page. And I'd be happy if these publications didn't stay in business.
What do you mean by "these publications"? Do you want any on-line publications to stay in business, and if so, how do you expect them to support themselves?
Publications that use "pay-wall" websites. It's antagonistic to the type of web I want to support.
I eagerly contribute to online publications that use other types of business-models: wikipedia, democracynow, TVO, individuals with high-quality blogs, etc.
Paying a for-profit company to do work is not a moral good, it's not a charity. If they can't stay in business, that's hardly my problem. If they want to be a non-profit or charity, then I'd be more inclined to contribute, and that structure might help them produce a higher-quality work anyway.
