Court Says Who Cares If Ireland Is Another Country, Of Course DOJ Can Use A Warrant To Demand Microsoft Cough Up Your Emails
from the say-what-now? dept
A NY judge has ruled against Microsoft in a rather important case concerning the powers of the Justice Department to go fishing for information in other countries -- and what it means for privacy laws in those countries. As you may recall, back in April, we wrote about a magistrate judge first ruling that the DOJ could issue a warrant demanding email data that Microsoft held overseas, on servers in Dublin, Ireland. Microsoft challenged that, pointing out that you can't issue a warrant in another country. However, the magistrate judge said that this "warrant" wasn't really a "warrant" but a "hybrid warrant/subpoena." That is when the DOJ wanted it to be like a warrant, it was. When it wanted it to be like a subpoena, it was.Microsoft fought back, noting that the distinction between a warrant and a subpoena is a rather important one. And you can't just say "hey, sure that's a warrant, but we'll pretend it's a subpoena." As Microsoft noted:
This interpretation not only blatantly rewrites the statute, it reads out of the Fourth Amendment the bedrock requirement that the Government must specify the place to be searched with particularity, effectively amending the Constitution for searches of communications held digitally. It would also authorize the Government (including state and local governments) to violate the territorial integrity of sovereign nations and circumvent the commitments made by the United States in mutual legal assistance treaties expressly designed to facilitate cross-border criminal investigations. If this is what Congress intended, it would have made its intent clear in the statute. But the language and the logic of the statute, as well as its legislative history, show that Congress used the word "warrant" in ECPA to mean "warrant," and not some super-powerful "hybrid subpoena." And Congress used the term "warrant" expecting that the Government would be bound by all the inherent limitations of warrants, including the limitation that warrants may not be issued to obtain evidence located in the territory of another sovereign nation.The DOJ hit back earlier this month by basically saying, "yeah, whatever, let's pretend it's a subpoena and give us what we want already."
The Government's interpretation ignores the profound and well established differences between a warrant and a subpoena. A warrant gives the Government the power to seize evidence without notice or affording an opportunity to challenge the seizure in advance. But it requires a specific description (supported by probable cause) of the thing to be seized and the place to be searched and that place must be in the United States. A subpoena duces tecum, on the other hand, does not authorize a search and seizure of the private communications of a third party. Rather. it gives the Government the power to require a person to collect items within her possession, custody, or control, regardless of location, and bring them to court at an appointed time. It also affords the recipient an opportunity to move in advance to quash. Here, the Government wants to exploit the power of a warrant and the sweeping geographic scope of a subpoena, without having to comply with fundamental protections provided by either. There is not a shred of support in the statute or its legislative history for the proposition that Congress intended to allow the Government to mix and match like this. In fact, Congress recognized the basic distinction between a warrant and a subpoena in ECPA when it authorized the Government to obtain certain types of data with a subpoena or a "court order," but required a warrant to obtain a person's most sensitive and constitutionally protected information -- the contents of emails less than 6 months old.
Overseas records must be disclosed domestically when a valid subpoena, order, or warrant compels their production. The disclosure of records under such circumstances has never been considered tantamount to a physical search under Fourth Amendment principles, and Microsoft is mistaken to argue that the SCA provides for an overseas search here. As there is no overseas search or seizure, Microsoft’s reliance on principles of extra-territoriality and comity falls wide of the mark.Unfortunately, it appears that the judge just went with the DOJ's reasoning -- though, immediately stayed the ruling since Microsoft made it clear it plans to appeal. Judge Loretta Preska basically just upheld the magistrate judge's ruling that Microsoft could, in fact, be compelled to hand over data held overseas via a warrant under ECPA, the Electronic Communications and Privacy Act (which we've already noted has tremendous problems and needs to be reformed).
Beyond the problems this has for the 4th Amendment in the US, it's also going to create a mess in Europe, where they have much stricter data privacy rules, and where something like ECPA is clearly a problem. For the US to argue that it can make ECPA reach across the ocean into European servers is going to be a big problem -- especially at a time when Europeans are (rightfully) distrustful of the US government's ability to snoop on their data.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, data protection, ecpa, ecpa reform, email, eu, ireland, loretta preska, privacy, subpoena, warrant
Companies: microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
So, if US Law applies everywhere...
Good luck enforcing that!
[ link to this | view in chronology ]
Re: So, if US Law applies everywhere...
The old saying goes both ways... what's good for the goose is good for the gander too.
looks like we'll start seeing mandatory public amputations and executions by stoning to death in the USA.
[ link to this | view in chronology ]
Re: Re: So, if US Law applies everywhere...
Finally the Infadels get it!
[ link to this | view in chronology ]
Re: Re: So, if US Law applies everywhere...
[ link to this | view in chronology ]
Re: Re: So, if US Law applies everywhere...
[ link to this | view in chronology ]
Re: Re: Re: So, if US Law applies everywhere...
[ link to this | view in chronology ]
Re: Re: So, if US Law applies everywhere...
[ link to this | view in chronology ]
Re: So, if US Law applies everywhere...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
That is the reality and so far the downsides of doing that were bigger then the upsides. The current bullying tactics and warmongering of the US government are in the process of turning that equation around. Already large parts of the world are rejecting the dollar in trade relations. The US position is not nearly as safe as you might think.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
So would the rest of the world.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
Are you sure about that?
[ link to this | view in chronology ]
Judges
And then they do. And then the rest of their judge community groans their internal groan and prepare to deal with the fall-out. And then the offending judge...well nothing.
[ link to this | view in chronology ]
Oh yeah, this'll help restore trust in the US
Even better, I'm sure the judge will see no problem with an order like that, and just tell the company 'It's your problem to deal with, all I want is the data, I don't care what laws you have to break to get it.'(though I imagine they won't say that last bit out loud)
[ link to this | view in chronology ]
Re: Oh yeah, this'll help restore trust in the US
Oh wait.. that Immunity only applies within the USA.. hmmm I wonder how many Judges like to travel overseas and wont be able to anymore. So sad
[ link to this | view in chronology ]
Re: Oh yeah, this'll help restore trust in the US
Such considerations aren't supposed to affect judges' interpretation of the law, although it might make them decide that such subpoena is unreasonably burdensome. However, it should get the Treasury to send a rocket to the DoJ, and they'll issue a "clarification", especially when their political masters realise what's going on.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Well, if she insists...
What's clear is that any employee of Microsoft Ireland is legally bound to tell MS in the US where they can shove their warrant OR subpoena, as NEITHER has any force whatsoever in Europe.
There are procedures established through international law enforcement cooperation to get one's hand on such data in valid cases. This is merely an attempt by the DOJ to violate international and European law, and the court is aiding and abetting in that.
[ link to this | view in chronology ]
This'll be great for the IT economy
The American government is insisting that even though it's your personal data located on servers in your country, its laws applies, not your country's.
How long will it be before you and 50,000,000 others decide not to keep your data there?
[ link to this | view in chronology ]
Good news for the NSA
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
There's enough innate animosity to Yanks and Poms as it is. Our pollies may want one thing but they would have to get it passed through a national vote first and on the basis of past efforts, that is more than likely to fail badly.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Then they get what's coming to 'em for be stupid enough to work for a U.S. company.
Same thing as anyone else stupid enough to do business with a U.S. company... employee, contractor, customer—no difference.
[ link to this | view in chronology ]
Re:
It's better to get fired than to get imprisoned.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
As it stands, they need explicit consent by the owner of the data to transfer it to the United States anway.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Let an Irish Magistrate try the reverse on this judge
Oh, the hijinks that would ensure.
[ link to this | view in chronology ]
Nothing to see here
Exactly same thing going on here, where judge correctly pointed out that data is not a document or object. And as was repeated many times on this very site - data can't be "owned", only copyrighted, patented and so on.
I also must note, that I couldn't care less about kind of form judge must fill. Be it "order", or "subpoena", or "hybrid warrant/subpoena" or purple scroll. That's issue of US bureaucracy.
Bottom line is clear - MS has office in US, data is stored on MS's server and judge ordered a copy. Because "has office in US" part, MS must comply. "Privacy protection" laws in Europe are as stupid as "right to forget" - by same token they can outlaw gravity.
[ link to this | view in chronology ]
Re: Nothing to see here
You could not possibly be further from the truth.
A local court can request YOUR data from YOU because it is YOUR data.
That's not the case here, Microsoft is merely STORING the data for others, and it is doing so under specific laws.
Nope. The servers belong to Microsoft Ireland, which doesn't have an office in the US, merely an owner.
We have jails aplenty to teach you otherwise.
[ link to this | view in chronology ]
Re: Re: Nothing to see here
Say wwwwhat? By this logic, if I have a warehouse, here, and you rent it, and put your stuff in there, local judge can't order me to open the warehouse and examine content just because stuff doesn't belong to me? Common sense just doesn't work this way: judge can order a _owner_ of a property to do something with said property.
>>> That's not the case here, Microsoft is merely STORING the data for others, and it is doing so under specific laws.
You probably talking about laws of physics, because other laws are irrelevant. What if MS using sort of distributed file system, where files are spread (shadowed/mirrored) all over the world? Will you apply jurisdiction per filesystem block? Your idea about "specific laws" is ridiculous.
>> We have jails aplenty to teach you otherwise.
Putting someone in jail doesn't make law more just or less stupid. Some people were burned at stake, and this didn't make heresy laws sensible.
[ link to this | view in chronology ]
Re: Re: Re: Nothing to see here
It would require getting the co-operation of the foreign government and courts to force you to open up.
[ link to this | view in chronology ]
Re: Re: Re: Nothing to see here
If the CEO of MS Ireland were to order his staff to hand over the information, he'd be breaking Irish laws, the employees would be protected if they refused (and guilty if they complied), and the fact that his shareholders ordered him to do it wouldn't be a valid defence.
If MS USA has a back door in their servers, and MS Ireland know about it, they're breaking their obligations to store the data securely. If they don't know about it, then if MS USA were to use it, they'd be breaking Irelands anti-hacking laws, and so would the individuals in question. (That could be especially amusing if Ireland has something equivalent to RICO.)
[ link to this | view in chronology ]
Offshore data bank - hide your data.
[ link to this | view in chronology ]
So Schrodinger's Warrant then?
[ link to this | view in chronology ]
You still don't get it
Except the servers aren't rented. They are the property of MS-Ireland, too. And no, local judges would have a search warrant against the person who rented it, yes.
Quite the contrary. Irish laws are the only thing that's relevant for servers in ireland.
No, your ideas are ridiculous. You miss that to install such a file system, MS would have to move the data out of Europe, which is covered by very strict laws.
And your lack of understanding of legal matters doesn't make laws "stupid". It says more about you than the law.
[ link to this | view in chronology ]
At that point, what is MS USA supposed to do? Fly over here to Dublin and physically do the US's court order? They'd be known and arrested at the airport for conspiracy to commit a crime.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
It's an intentional diplomatic insult by the United States directed to the Republic of Ireland.
Not sure exactly what the Irish did to the Obama administratio to piss 'em off, but the Obama administration is retaliating.
Diplomatically.
[ link to this | view in chronology ]
Go to jail in the US for contempt of court and obstruction of justice most likely....
[ link to this | view in chronology ]
Re:
Not likely to happen. They gave the order, that's about all they can do.
[ link to this | view in chronology ]
If the latter, then MS USA can't do anything. MS Ireland employees will just say no to the order, and they can't be disciplined over the matter. They'll know that if they get fired over this, they can sue Microsoft for punishing them for not committing a crime. Anyone know if these Irish employees could also bring a case internationally against the US government for starting this whole mess (either the employees or Microsoft Ireland/USA).
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The World At War - Against US
[ link to this | view in chronology ]
As a dual American/Irish citizen...
[ link to this | view in chronology ]
OR american journalist from yahoo or google that did some work in iran or russia or travelled thru russia .
Say some one has a blog in the us that someone says insults the iranian government ,
or breaks russian law ,
say reveals corruption in russian government .
Will they be able to acess all the email data of a us citizen or journalist from an american gmail server .
[ link to this | view in chronology ]