Posted by Kevin on June 16, 2014.
Microsoft’s case to prevent the United States government from using search warrants to demand data that is not stored in the United States has picked up a number of high-profile backers, including the Electronic Frontier Foundation, Verizon, AT&T, and, recently, Apple and Cisco.
Tech Giants Join Microsoft In Calling For US Gov To End Use Of Warrants To Demand Overseas Data
Where, you might wonder, are Google and Facebook?
There is a European movement that threatens to create a European intranet, where European data can be safe from NSA and US law enforcement subpoenas. If this were to proceed, the existing US tech giants (and indeed budding UK companies) would be the losers – they simply would not be able to operate in Europe under current interpretations of US law (in particular the PATRIOT Act).
Earlier this year, in a clear attempt to maintain and perhaps increase its European marketshare, Microsoft declared that in future, it would maintain European data on European servers within Europe. On its own, this was a welcome statement that meant nothing. At the time privacy expert Alexander Hanff told me, “They are a US corporation and therefore any data they hold is vulnerable to the US surveillance machine no matter where it is. It is clear from the announcement that Microsoft (as well as the rest of the cloud industry) is really concerned about losing revenues for cloud services and they know there is a strong movement within Europe (not least by the European Commission) to create infrastructure independent of the US and US tech giants.”
But Microsoft went on to put its money where its mouth is. When it was served a warrant for full records on an Irish customer whose details were held on a server in Ireland, it objected. Warrants cannot be enforced on overseas locations, it said, asking for the warrant to be negated. A Magistrate judge disagreed, saying that while this might be couched as a warrant, it could be treated as a subpoena, and subpoenas can be enforced on overseas locations. The magistrate declared,
To be sure, the “warrant” requirement of section 2703(a) cabins the power of the government by requiring a showing of probable cause not required for a subpoena, but it does not alter the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information.
This approach is also consistent with the view that, in the context of digital information, “a search occurs when information from or about that data is exposed to possible human observation, such as when it appears on a screen, rather than when it is copied by the hard drive or processed by the computer,” Orin S. Kerr, Searches and Seizures in a Digital World, 119 Harv. L. 531, 551 (2005). In this case, no such exposure takes place until the information is reviewed in the United States, and consequently no extraterritorial search has occurred.
Last week Microsoft filed a further objection to the magistrate’s order. It claims that the Magistrate was just plain wrong. The basis of its argument is that it is a warrant and must be treated as a warrant, and that warrants cannot be served extraterritorially; that it violates the Fourth Amendment; and that the US should seek to acquire the information required through use of the mutual legal assistance treaty (MLAT) with Ireland.
Within the last few days, other major tech companies, including Verizon, AT&T, Cisco and Apple have sided with Microsoft. Last Friday (13 June), Cisco and Apple filed an amicus brief (a legal statement with arguments in favour of one of the parties, in this case Microsoft) agreeing that MLAT would be the correct process.
Furthermore, viewing the use of warrants in these circumstances as protecting U.S. interests is short-sighted. Neither the broad economic interests nor the political interests of the United States will be served if foreign citizens believe that they are better off not doing business with U.S. based companies. Based on the evolution of the case, the Court should reject the effort to apply ECPA extraterritorially, and conclude that absent further Congressional action, the MLAT process remains the appropriate vehicle for the retrieval of foreign user data stored abroad.
The Electronic Frontier Foundation also filed its own amicus brief on Friday. Its conclusion is more legal than commercial:
The magistrate’s decision undermines the constitutional and statutory protections for the data that capture’s people’s most detailed and intimate communications, leads to selective and inconsistent enforcement of the statute that protects these communications from the government, and threatens international comity. This Court should reverse the magistrate’s decision.
EFF’s argument is that the Fourth Amendment protects against unreasonable search and seizure. Although the magistrate had said the search technically took place within the US, the ‘seizure’ had first to be performed in Ireland. “You can’t ignore the ‘seizure’ part just because the property is digital and not physical,” said EFF Staff Attorney Hanni Fakhoury. “Ignoring this basic point has dangerous implications – it could open the door to unfounded law enforcement access to and collection of data stored around the world.”
US courts have time and again demonstrated the ability to interpret the law to suit the government of the day. But it’s the economy, stupid; and there are now some mighty powerful companies arguing that such behaviour will hurt the US economy. Against this argument, however, is aligned the military industrial complex represented by the NSA. It will not wish to see its ability to acquire any information from anywhere blunted by a court ruling that says it will have to go through international treaties in future.
It’s not one I would like to call at the moment. But where are Google and Facebook? By not siding with Microsoft on this, they are actually siding with the government.Submitted in: News, News_cloud, News_legal, News_surveillance |