Submitted by Should the United States government be able to conduct a search of your emails if they are stored on a server in another country, or does the government’s right to examine digital evidence stop at the border?
That is a central question in United States v. Microsoft, a case scheduled to be argued on Tuesday before the Supreme Court.
Both sides in the case have legitimate concerns. If the court sides with Microsoft and declines to allow searches for data stored in another country, the government will be hampered in investigating crimes like terrorism, child pornography and fraud.
If the court sides with the government and rules that it may demand data stored overseas by American companies, those companies will find it much harder to do business abroad. This is because many foreigners fear that United States warrants authorizing such searches will disregard privacy protections afforded by their country. The government of Germany, a country with stringent privacy laws, has already indicated it will not use any American company for its data services if the court decides to allow searches.
At this point, I feel like it’s just safer to assume all data stored online or sent from one device to the next is essentially not secure in the sense that no one will be able to read if they really wanted to. It’s not the way it should be, but I don’t think there’s a whole lot we can do about it – regardless of the outcome of legal cases such as this one.
I’ve been under this assumption for the past 20+ years. Well, maybe not device to device, but with the whole cloud thing, sure.
No country has any right to investigate crimes that occur outside of its own borders
Are you really this naive? Governments don’t need the “right”, only the “might” to reach across their borders. Intelligence services do this regularly. Guess what? They’re expected to do it. It is safe to assume that any and all data not under your direct supervision is already compromised. It’s also reasonable to assume that data under your direct supervision may be compromised as well if you’re under the cross hairs of a nation state.
The moral? Don’t put anything in writing you don’t want ‘getting out’. Ever. Especially not in digital form.
I’m just waiting for the day that there is an alien invasion or other global catastrophe, then well… there probably will no longer be any borders and mankind will be forced to realize we shouldn’t be fighting each other over stupid crap.
Then again, mankind would probably take that opportunity and screw it up too.
More on topic… why is the US government at the level of needing to look at emails stored out of the US worried about anything other than high level of attacks, etc. It’s not like other countries are all about supporting child porn, and if any of them are, there should be a collective to nuke their asses.
While I agree that intelligence agencies regularly compromise data in foreign countries, In the United States, that data cannot be introduced into a court of law. This ruling could convince US courts that they too can reach across borders to prosecute legal persons (including both corporations and humans). This is a new idea, and I think it’s insane to even entertain that courts should be able to do this.
Hi,
I’m curious. If a person in Europe hacks into some servers in China to steal credit card information that belongs to American citizens (and then that person leaves Europe and moves to Russia); which country has the right to investigate?
The reality is that for some crimes investigation requires international cooperation; and because of this there’s (formal or informal) “I’ll help you if you help me” agreements between countries.
– Brendan
It’s not the investigating part that’s wrong. Everyone has the right to investigate. They just don’t have to right to seize data/evidence stored within another country’s borders. They can always try to set up a treaty, which would be the proper way of cooperating with other nations to obtain evidence and criminals.
cfgr,
You are right, cooperation is clearly the best solution. It’s simple and much less controversial.
I think that the problem for the US is that they loose blanket surveillance powers as well as secret fisa court subpoenas. But IMHO that’s a good thing. Hell, without oversight nor due process, these shouldn’t even exist within US borders due to their unconstitutionality.
Edited 2018-03-03 13:18 UTC
It sounds to me like the issue is not crimes committed abroad. But rather if crimes are committed in the USA, but records of the crime exist outside the USA, can the US government still access those records legally.
Even not allowing this cases of this type, they certainly do. Its called hot pursuit: https://en.wikipedia.org/wiki/Hot_pursuit
Edited 2018-03-03 13:19 UTC
I think this is going to be a sticky situation, legally, no matter which way it goes.
If the courts decide Microsoft must hand over their documents because they are, after all, an American company regardless of where the data is stored, then that’s going to signal to the world that American companies are not safe to deal with. No one is going to want to risk doing business with a company with offices in the USA if their files must be handed over, regardless of local law.
On the other hand, if the court sides with Microsoft then it signals that American companies can ignore USA laws if they just move their data/processes/dealings to another country. It’ll be the tax evasion issue all over again, this time with memos, e-mails and so on.
Either way, it’s not going to be pretty, especially for American citizens. They’re likely to lose jobs regardless of who wins because either data or jobs will likely be moved overseas.
Personally, I suspect the court is going to side with the DoJ. If they let American companies dodge investigation by simply moving where deals are made and/or documents are stored, then they’ve opened a massive loophole for all companies to open offices abroad. The ruling will open up a new legal battle between Microsoft and Ireland, but the American courts and DoJ will be fine with letting Microsoft deal with the fallout from that.
Edited 2018-03-01 02:20 UTC
jessesmith,
The way I see it is that the foreign branches are not under any obligation to comply with US law. Without jurisdiction, nor cooperation from the local government, US courts have no jurisdiction over them. The caveat, which is admittedly pretty big, is that the US government could hold the US corporate offices and executives in contempt if the foreign offices refuse to comply. In other words, the foreign branches technically have a legal right to ignore US rulings, but depending on the outcome of this case, US persons could be punished for it.
It’s an interesting case and I don’t know which way they’ll rule, but another point to add to the mix is that the foreign branches are technically subject to the foreign laws, which could theoretically impose consumer privacy laws that contradict the US requests.
Personally I think the best solution would be to use diplomatic relations to obtain a legal warrant in the foreign country. While the US government may not like that they have to ask rather than demand, I think it’s the only fair thing to do since the US isn’t entitled to make demands in other countries.
Some people might disagree with this conclusion, but to you I ask this: if we allow US rulings to carry into other countries, then does that give other governments the same rights in the US? Would you be ok if a foreign court could make a ruling that bypasses the privacy rights of US persons because they passed through foreign owned infrastructure? I think the supreme court has to consider this as a two edged sword.
I would say that the reverse situation would make sense. If an Irish company, for example, were to open a new office in the USA, then Irish courts would be able to demand documents be handed over from the American branch.
In short, I think companies need to follow the laws of each country they set up shop in. If they face issues (like contempt of court) from contradicting laws then that is part of the cost of doing business.
jessesmith,
Your second paragraph contradicts your first paragraph.
How far are you willing to take a breach of jurisdiction? If an Irish court makes a legal request to a corporate subsidiary registered in the US operating on US soil, requesting information about US citizens also in the US, do you think that should be honored?
Edited 2018-03-01 15:46 UTC
There is no contradiction between my two paragraphs. I’m saying companies which work in multiple countries need to follow the laws of each host country. It doesn’t matter which countries.
Tax evasion and the question of legality over demanding materials stored outside US borders don’t equate in any way.
The idea that US law has or should have jurisdiction in other countries is absurd and for the Supreme Court to rule otherwise would be incredibly reckless, and pointless. No country is going to willingly agree US law supercedes their own. If a US agency wants materials stored in foreign lands, it will have to use either diplomacy to obtain the proper subpoena or warranty from the target country, or just take the materials illegally, both of which is how it works now. US companies don’t get to just open shop elsewhere, they have to license themselves as businesses within their host country and are subject to all the local laws and regulations. They may be owned by a US entity but that doesn’t grant any special privilege to the US govt.
This could get really nasty.
If Company M has data in Country I and Country U (where M is legally incorporated) wants that data which is against the laws of Country I there is ample justification for Country I taking over the assets of M to protect its own citizens. The leader of U will throw a hissy fit and retaliate.
And so begins a trade war.
Probably going to happen over U’s latest issue with Steel and Aluminium etc.
Laws of unintended consequences are just not on the radar of Politicians. To them and especially in U, it is all about getting re-elected or rather getting the vast funds needed to bribe the electorate into voting for you again.
Be it land, resources, other humans, or data, there’s been a tug-of-war over possession/ownership since the dawn of man. History teaches us this is just a part of human nature and probably won’t ever stop. It *is* in fact a really sticky situation but outside of using diplomacy and/or illegal & criminal activities to get what they’re after, I don’t know that there are really any other tangible options. The US Supreme Court and rule however they want but if the US thinks they’re going to declare their laws overrule the laws of all other sovereign nations where US companies do business, they can expect a very firm G-F-Y in response.
The one thing they probably can do legally is punish companies homeland entities. Whatever the Supreme Court ruling is, we already know the outcome – they will get what they want either legally or illegally – but they will get what they want.
They can and they do, even though it’s illegal.
It’s complete bollocks and fake news to drag child pornography (among other ‘serious’ crimes) into this conversation. Child pornography specifically is criminalized pretty much everywhere in the world and law enforcement from different countries even works together to combat it.
There is no problem at all to receive a warrant for investigating such heinous crimes regardless of the location of the servers.
Edited 2018-03-01 16:23 UTC
I think the Supreme Court can say whatever they want, and it won’t matter. That court only has jurisdiction within the United States. Even if you are a U.S. Citizen overseas, without the cooperation of the country in which someone resides the US judicial system cannot bring you back to the country.
I think, if the US Government wants that data, they will need to request it from the country the data resides in. Microsoft should tell the court to go over there and try to get it themselves… we’ll see how well that goes.
You really don’t see how the Supreme Court/authorities could make life …difficult for the US entity of Microsoft if MS ignored the ruling?
This is mostly a non-issue, those who care will move hosting to outside the USA/outside of US businesses. Those who don’t will continue as is and get shafted. Not a huge deal. The older I get the more I see people kicking up a stink over this stuff. If you cared about privacy you wouldn’t be running Windows and you wouldn’t use the cloud. If you do, you get what you pay for. It’s silly watching people argue for things like Africa developing a tech industry in one breath, then talk about using Windows there in the next. You’re not teaching people about tech when they play with black boxes. Similarly it’s silly watching people argue about privacy when they insist on running platforms that are inherently insecure, and known to be targeted by foreign governments.
Edited 2018-03-01 19:48 UTC
Darkmage,
Well, that’s a defeatist attitude
I’m not saying you are wrong about the way the world works, but I do disagree with your calling it silly to defend our rights as much as we can.
“Futile” -> probably
“Silly” -> no, it’s quite serious.
Whether it’s net neutrality, privacy, jailbreaking our own machines, etc, I sincerely hope we never give up on our rights. It is frustrating, I understand that, however if people cave in and accept the losses as a “non-issue”, then we’ll continue to loose ground to overreaching powers.
Edited 2018-03-01 21:57 UTC
Jurisdictions cannot exist on the World Wide Web. It’s in the name. Regardless of if the data is stored on a physical server in one country, the fact it can be accessible from any device connected to the World Wide Web means that data is essentially insecure. Without enforcing national firewalls (and restricting data movement between physical borders) there is no way to stop governments and agencies from accessing your data.
The only way to enforce any sort of laws regarding data on the internet, is if we stop thinking we can enforce separate laws per jurisdiction. The internet is a worldwide entity, and much like the laws regarding international waters, we need international law to regulate the internet. No individual country should have the right to enforce its laws regarding the internet, regardless of the physical location of the servers. It’s by no means an easy thing to implement, but it’s the only true, fair way to enforce laws on data on the internet
(I understand the World Wide Web and the internet are technically different things, i just used it for emphasis)
That’s certainly a more practical approach than trying to remember the laws of more than two hundred countries.
Except many countries have data privacy laws as well, so you have to “remember” the laws of those countries. Big companies have an army of lawyers to do the remembering.