Good
Maybe we'll get some clarity on the subject. Though I suspect the Supreme Court will have to get involved.
At Microsoft's own request, a judge has held the software giant in contempt of court for failing to comply with an order to give US authorities access to customer emails housed in a data center in Dublin, Ireland. Redmond's request was made jointly with government prosecutors, with the aim of expediting its appeal of the July …
@ratfox
Yes, that seems likely. The SCOTUS only hears so many cases per year but this looks to be one that ends up clarifying the intersection of several laws and laying down a significant precedent.
Given the SCOTUS's purpose and the wide-reaching nature of this case, I'd say it's almost certain to end up there.
Erm, You do realise that this whole tedious song-and-dance routine is NOTHING more than a contrived PR/propaganda spectacle, don't you?
The US government has its own bloody key FFS! ( http://cryptome.org/nsakey-ms-dc.htm ) ...AND it pwns all the pipes anyway... AND it pwns all the "crypto" AND it pwns all the infrastructure... except for the Huawei bit - a fact which, as they've been hilariously unable to conceal, is DRIVING THEM COMPLETELY UP THE WALL
Hasn't anyone learned anything from the Snowden "revelations"?
BOTH parties share EXACTLY the same objective, although their motives differ ever so slightly:
MSFT desperately wishes to dispel the nasty post-Snowden stink and restore the sheeples' blind faith in Microsoft products/services. Thus securing the flow of said sheeples' money into their coffers.
US gov desperately wishes to dispel the nasty post-Snowden stink and restore the sheeples' blind faith in Microsoft products/services. Thus securing the flow of said sheeples' data into their coffers.
So, they've got together and decided to stage a pitiful public circus in which the brave and benevolent Microsoft Corporation Inc. can heroically feign concern for the "rights" of its foreign victims and thus appear to "force" the US government to appear to mend its ways.
Was ANYONE expecting ANYTHING different?
No, and I wish there was a once-a-day 50-downvote option for the same-old-same-old con-con-conspiracy sheeple-spewing idiots that plague this place. And, dude, Snowden is just the government's revenge against Assange to emasculate him and his reputation. Don't you keep up?
This post has been deleted by its author
> Or the original criminals for potentially having their email accounts read?
What criminals? If this is to do with a crime, then there are plenty of internationally acceptable ways of law enforcement agencies in the US to obtain these data from Ireland, many of which could be completed very quickly if time was of the essence. We do not know if criminals were involved in this or if crimes have even be committed, let alone who may have done them.
It's not unreasonable to wonder what is being staged here, as the snippets of information do appear to be about some larger issue than a criminal investigation. It's also not unreasonable for readers of a tech rag to wonder about a large tech company's motives
"US gov desperately wishes to dispel the nasty post-Snowden stink and restore the sheeples' blind faith in Microsoft products/services. Thus securing the flow of said sheeples' data into their coffers."
Microsoft have encrypted most of their data flows now, and will encrypt all of them by the end of 2014. Meaning that the NSA can't simply slurp on demand but have to ask nicely first for specific things:
http://blogs.microsoft.com/blog/2013/12/04/protecting-customer-data-from-government-snooping/
"For many years, we’ve used encryption in our products and services to protect our customers from online criminals and hackers. While we have no direct evidence that customer data has been breached by unauthorized government access, we don’t want to take any chances and are addressing this issue head on. Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services.
This effort will include our major communications, productivity and developer services such as Outlook.com, Office 365, SkyDrive and Windows Azure, and will provide protection across the full lifecycle of customer-created content. More specifically:
· Customer content moving between our customers and Microsoft will be encrypted by default.
· All of our key platform, productivity and communications services will encrypt customer content as it moves between our data centers.
· We will use best-in-class industry cryptography to protect these channels, including Perfect Forward Secrecy and 2048-bit key lengths.
· All of this will be in place by the end of 2014, and much of it is effective immediately.
· We also will encrypt customer content that we store. In some cases, such as third-party services developed to run on Windows Azure, we’ll leave the choice to developers, but will offer the tools to allow them to easily protect data.
· We’re working with other companies across the industry to ensure that data traveling between services – from one email provider to another, for instance – is protected."
I doubt it. This is a narcotics case, probably domestic, probably FBI. So 1) The NSA would not deign to get involved in such pedestrian affairs and 2) The FBI would need their evidence to be obtained through the proper legal channels in order to present before a court. Probably more cock up than conspiracy, this one.
If Microsoft lose this case, it will make the use of any cloud business with ties to the USA untenable to companies and individuals outside the continental USA.
It already is. MS is merely using this as a publicity vehicle to make some of this visible, but it is impossible for any US company and multinational with a US HQ to claim it can protect your privacy and be credible - it is simply legally impossible.
It's quite fun to ask Silicon Valley execs about this when they're over in Europe on a sales tour - politicians have nothing on the evasive skills of these people not to answer that question. You get reframing, deflection, "let me get back to you" delaying tactics, the squirming is simply entertaining. It's also not a good way to secure your next invite to a publicity event, of course, but my point is that they very well know they have a problem, all of them, and there is nothing they can do about it other than pay lip service to privacy.
For MS to win this it would require a change of law. I honestly cannot see that happen, because it would interfere with what appears to be a genuine investigation. Sure, it's overreach from an Irish perspective, but the US can argue that is has both access to that information as well as authority (being HQ). That this would involve breaking the law in Ireland is irrelevant, it does not break the law in the US and that's that. It's the same principle that prevent DVD Jon from being handed over for creating DeCSS - what he did didn't break the law in his country of residence.
If it's an individual who is in contempt, they do jail time. Given that this is a corporation.. who will do the time?
Major kudos for them standing up to the government but I suspect there will be some major headaches coming their way. One doesn't fight city hall and win, normally.
They're not fighting "City Hall", though. They're just fighting the government itself, which is not the same thing at all as "fighting the government backed by every powerful economic interest in its neck of the woods".
The Feds have an interest in seeing the ruling upheld, but they're the only ones who do. Pretty much everyone else will be on Microsoft's side.
Let's just say Microsoft loses and are forced to turn the evidence over because the SCOTUS says so. Now, Amazon runs the gov cloud, let's just say Germany demands information from the Gov cloud to be turned over. While the US government would say it can't be released because of national security interests, that law doesn't apply in Germany. So now you have a precedent set; it doesn't matter where the data is actually stored (foreign or domestic). Take IBM, 64% of their revenues comes from foreign sources. If they had government data and refused to release it, 64% of their revenue would be at stake. They could be held in contempt of a foreign court and say it was the EU, that would be about 40 to 50% of their revenue right there if they were barred from doing business.
When this makes it to the SCOTUS, I expect foreign governments to join in supporting Microsoft. Where does it stop if Microsoft loses? BlackBerry could be a target. Apple could as well.
"While the US government would say it can't be released because of national security interests, that law doesn't apply in Germany. So now you have a precedent set; it doesn't matter where the data is actually stored (foreign or domestic)."
The precedent won't be set until the appeal process is exhausted. If the appeal goes the Fed's way the precedent will only apply in US law. If the case you envisage were to be raised in Germany it would be tried under German law which might come to a different conclusion.
"If the appeal goes the Fed's way the precedent will only apply in US law. "
Courts in many parts of the world (including europe) look at and are guided by precedents set in other parts of the world (including the USA).
In MS's case, it has signed a number of contracts stating that short of a PATRIOT act order, data stored in irish servers was not obtainable by non-EU entities without obtaining an irish court order first.
The fact that this isn't a PATRIOT case is why there's so much heat and light about it.
" While the US government would say it can't be released because of national security interests, that law doesn't apply in Germany. So now you have a precedent set; it doesn't matter where the data is actually stored (foreign or domestic). "
It's not hard to have an encryption scheme designed so that only resources in the local jurisdiction have access to decrypt local data. Microsoft EFS is a good example of a system that can be implemented like this.
It's not hard to have an encryption scheme designed so that only resources in the local jurisdiction have access to decrypt local data. Microsoft EFS is a good example of a system that can be implemented like this.
To use anything made by Microsoft for security is like building a firesafe out of hardwood..
@Mark 85
Those seeing the inside of SingSing are probably the MS employees with a bad performance review. Joe Blow, you get day one, Sandy Beach, you get day two, on in that fashion. Wait, Ballmer's no longer with the company? Damn, who's going in for the long weekend?
Yep - contempt of court? Who cares! No-one goes to jail. Might mean they're fine a bit more in the future, but I'm sure their sofa contains enough spare change to fund that.
I'm more annoyed that companies are allowed to ignore the law/be unafraid of the law, because there's very little consequences to them.
Personally, I'm quite keen on the: if a company kills a man by manslaughter, someone at that company should be serving time.
"The US has entered into many bilateral agreements establishing specific procedures for obtaining physical evidence in another country including a recently-updated agreement with Ireland . . . We think the same procedures should apply in the online world."
It's funny - the way both software companies and government/law enforcement selectively choose when digital is the same as physical and when it isn't.
or paranoid if you prefer . . . but i wonder how much the feds are paying Microsoft to be "in contempt" in this case.
first - judges usually treat contempt seriously and if personal they throw your ass in jail until you repent and see the light or if corporate they impose a huge fine per day until they get the same result.
second - the government wants this to get to SCOTUS (or, if you prefer, SCROTUS) where The Five Supremes™ can rule that the US government has the right to subpoena any data anywhere on the planet or elsewhere that is held by, or accessible to, any person or corporation having any residency or branch office in the US including "just passing through."
thing the third - this lays some nice groundwork for declaring that digital and physical assets are the same kind of thing . . . which allows the government to seize anything anywhere as "evidence." . . . and by "seize" i mean take, not copy.
so what . . . if it's just me being paranoid then you suffer no harm . . . but...
Covers my key concern. However, I think it's also possible that Microsoft may be playing for some people who are dull witted enough to think the big MS has an actual concern about their human privacy.
In reality, if Microsoft feels like giving the email to the government, you'll never know. Ditto the rest of them, eh?
The truly worrying thing about this whole mess is that the 'mericans believe that they have jurisdiction over OFFSHORE servers. Once again, the USA want to meddle in the affairs of another country - since when was Ireland a state of the USA? They seem to fondly believe that their "Laws" apply to the rest of the world!
The US Government can request the data from the Irish Government, but will probably be told where they can stick their request!
It's also rather worrying that MS can claim to have any kind of data security - everyone knows that this is complete nonsense.
"It's also rather worrying that MS can claim to have any kind of data security - everyone knows that this is complete nonsense."
On what basis do you make this claim? Microsoft OSs currently offer one of the most comprehensive and secure set of data encryption and control / right management options on any competing platform - together with one of the lowest vulnerability counts. These include advanced features such as constrained delegation and conditional access control (claims based multifactor controls) - that simply don't exist on most other OSs.
Microsoft OSs currently offer one of the most comprehensive and secure set of data encryption and control / right management options on any competing platform - together with one of the lowest vulnerability counts.
Wow. Can I have some of what you're smoking? It clearly is seriously powerful stuff because you must have visited a parallel universe..
"The US has entered into many bilateral agreements establishing specific procedures for obtaining physical evidence in another country including a recently-updated agreement with Ireland"
This whole episode is very insulting to Ireland. What's the point of the agreement if the US governement is going to ignore it and bully US corporations into handing over the material directly? Does the US government think that the Irish are somehow going to be happy with their sovereignty being ignored this way?
Somewhere there will be a document signed by both the Irish and US governments, and it's looking increasingly like it's not worth the paper it's written on. It would be highly entertaining if the Irish Ambassador were to walk into Obama's office, tear that document up, and then leave.
Sure, it's nothing more than a symbolic act, there's nothing substantive that the Irish government can achieve by itself. However if the EU as a whole takes umbrage at this episode then the US could find that data protection laws within the EU get tightened to the point where companies associated with the US can no longer operate in the EU.
Effectively the US government is carelessly making it less viable for online services companies to be hosted or based in the US if they want to have a meaningful global presence too. Companies like Google could offer exactly the same global service by hosting its entire corporate presence outside of the US. Afterall, the Internet goes Everywhere... Microsoft are rapidly heading that way too. Amazon has it's warehouses, so it's kinda stuck with a physical presence, and Apple has its shops, so global business for those companies could become very difficult in the future.
MS captured the UK HE sector by promising that their Ireland data centre was immune to the Patriot Act. Google couldn't make such assurances so despite a better cloud offering at the time, lost a lot of business. I imagine the same applies in other industries.
"Google couldn't make such assurances so despite a better cloud offering at the time"
What better cloud offering was that? Certainly not their compute / IaaS platform which is vastly inferior to Azure and always has been. Just look at market share - Azure about to overtake AWS - and Google not even close.
I can only think that you mean Google Apps - and that was only superior in that Microsoft didn't actually offer a cloud service at the time. Office 365 is now leagues ahead of what Google offer in that space.
Yeah, sorry, I just meant their email and online docs. I disagree that MS has moved ahead, but it's more a matter of preference I think. The fact is my institution were swayed by the assurances of security, and I'm guessing a lot of others were too. If your business is new knowledge, you want to be able to keep your email away from foreign governments.
"What better cloud offering was that? "
Gmail vs Outlook.
Google's system was (and is) more reliable/technically superior but HE entity which pulled in data lawyers were told in no uncertain terms Google couldn't be used for the reasons given above.
A significant number of HEs didn't bother with lawyers and just signed with Google. Those responsible for that decision really should be feeling the wrath of the ICO (which basically means a slap on the wrist with a wet bus ticket).
MS captured the UK HE sector by promising that their Ireland data centre was immune to the Patriot Act
I cannot believe anyone fell for that without getting a second opinion from lawyers who didn't have a dog in this fight, because AFAIK that is total BS. There is no way that MS can free itself from a US court order for data as long as it keeps its HQ in the US.
It's not as easy as quickly setting up a data centre abroad, otherwise any criminal would do this too.
"AFAIK that is total BS. "
It is. The assurance was anything SHORT of a PATRIOT act order.
There will be a number of unintended consequences whether or not the SCOTUS rubberstamps the state court order.
Expect cloud providers to become fully separate companies in each jurisdiction, contracting to Google, MS, etc.