Another Judge Says The Microsoft Decision Doesn't Matter; Orders Google To Hand Over Overseas Data

from the when-reality-is-complicated,-simply-ignore-it dept

Microsoft may not have to respond to government demands for US persons' data held overseas, but it looks like everyone else (specifically, Google) will have to keep trawling their foreign data stores for US law enforcement.

The Second Circuit Appeals Court ruled US government warrants don't apply to overseas data. Courts outside of the Second Circuit are finding this ruling doesn't apply to Google's foreign data storage. The most obvious reason for this is other circuits aren't bound by this decision. The less obvious reason has to do with how Google stores its data.

As Google describes it, communications and data are in constant motion, moving in and out of the country as needed for maximum efficiency. When a warrant arrives, Google gathers everything it finds in its domestic servers but hands back a null response to data currently held overseas. Sometimes what Google hands law enforcement is nothing more than unusable digital fragments. Obviously, the government isn't happy with this new status quo.

And it is a new status quo, as is pointed out in this ruling [PDF] by a DC magistrate judge [via FourthAmendment.com]. The ruling here aligns itself with one handed down in Pennsylvania earlier this year. In that decision -- like in this one -- the judge noted Google used to capture everything requested, no matter where it was located. It's only very recently Google has refused to chase down data (and data fragments) located in servers around the world.

The process was described this way in the Pennsylvania decision:

Google stores user data in various locations, some of which are in the United States and some of which are in countries outside the United States. Some user files may be broken into component parts, and different parts of a single file may be stored in different locations (and, accordingly, different countries) at the same time. Google operates a state-of-the-art intelligent network that, with respect to some types of data, including some of the data at issue in this case, automatically moves data from one location on Google's network to another as frequently as needed to optimize for performance, reliability, and other efficiencies.

As a result, the country or countries in which specific user data, or components of that data, is located may change. It is possible that the network will change the location of data between the time when the legal process is sought and when it is served. As such, Google contends that it does not currently have the capability, for all of its services, to determine the location of the data and produce that data to a human user at any particular point in time.

Nothing has changed here. And nothing has changed in terms of legal analysis, despite this memorandum order being issued in a DC court. The court finds Google does not effect a seizure of requested data because it simply makes a copy of it. It also points out (and Google concedes) that it does not act as a government agent when it does this, despite the only reason for Google's copying of the data is to respond to a government warrant. The court notes the Stored Communications Act does carry privacy implications, but only as far as the private entity's actions -- not the government's demands. The court's analysis states the SCA provisions only prohibits unlawful access (such as hacking) while regulating companies' responses to government demands.

The court goes on to say Google's view of its legal responsibilities is completely untenable. Because of the transitory nature of Google's data handling, it would never be able to fully comply with demands for records, no matter which country issued the order.

Finally, it must be said that the above Morrison analysis of the operative sections of the SCA has the added benefit of avoiding the bizarre results that application of the Microsoft decision to modern data networks like Google's would produce. If that decision's focus on the physical location of the data's storage were to be applied to service providers using such networks, the records and information the government would receive in response to an SCA warrant may differ significantly depending on the date on which the warrant is served. Indeed, the same warrant served on ten different days may well produce ten different results depending on where on the network the shards of responsive data are located at the moment each warrant is served. Such random results -- generated by a computer algorithm -- would serve the interests of neither privacy nor international comity.

Compounding the problem, even assuming the service provider could and would identify for law enforcement the location of the foreign-based servers on which the missing data was stored (as Google refused to do here), that knowledge would effectively be useless to the government here. By the time the government could initiate the international legal process necessary to obtain the missing data from wherever it was stored, it is entirely possible that the network would have relocated the data yet again to a server in a different country. Moreover, it is Google's position that it need not respond overseas to any such international legal requests because it is only at its headquarters in California that its data can be accessed and compiled into a recognizable electronic file. Thus, in Google's view, the only means available to obtain records and information related to a Google account is by serving an SCA warrant on its LIS team in California.

The magistrate says that's not going to work -- not under the stipulations of the SCA. In fact, it's just not going to work at all because of Google's data-handling. It may be primed for efficiency, but does little to help it comply with warrants.

To reach the conclusion advanced by Google here, the Court would need to find that a properly-issued SCA warrant requiring the disclosure to law enforcement in the United States from Google's headquarters in the United States of digital files accessible only from the United States constitutes an extraterritorial application of the SCA simply because pieces of data that make up those files were stored on a server located outside the United States at the moment in time the warrant was executed. Because such a conclusion runs contrary to the straightforward extraterritorial analysis of the SCA under Morrison detailed above, the Court finds that Google has not shown cause for its failure to produce all the records and information called for in the instant warrant within its possession, custody, or control.

In the end, the court orders Google to ignore the realities of its data flow. It may make things easier for law enforcement, but it has very little to do with keeping the government within its jurisdictional confines.

Google's LIS representatives in California can access, compile, and disclose to the government those records and information with the push of a button and "without ever leaving their desks in the United States." Microsoft, 829 F.3d at 229 (Lynch, J., concurring). Because that "entire process takes place domestically," id., Google will be ordered to comply with the warrant in full, and to disclose to the government all responsive electronic records and infonnation identified in Attachment B to the warrant within its possession, custody or control, wherever those records and information may be electronically stored.

In essence, Google is being ordered to act as a government agent to secure all requested data wherever it happens to reside. Since it can do it from a California office, the court reasons nothing foreign is touched -- at least not by the government. Once it's all packaged up locally, the local boys can access it without fear of a suppression challenge.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, doj, ecpa, international data, privacy, sca, subpoena, warrant
Companies: google, microsoft


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 14 Jun 2017 @ 2:19pm

    Turnabout is fair play

    In essence, Google is being ordered to act as a government agent to secure all requested data wherever it happens to reside. Since it can do it from a California office, the court reasons nothing foreign is touched -- at least not by the government. Once it's all packaged up locally, the local boys can access it without fear of a suppression challenge.

    By that argument any other country that google has offices in could also order the company to hand over US based data by claiming that the company isn't demanding foreign-located information, but merely local, and the US person(s) involved wouldn't have grounds to object because the 'collection' took place entirely within the country.

    As for the 'It's not the government doing it, it's entirely Google', that's complete and total garbage. Google is only performing the action under order of the government. If the government couldn't do it itself, forcing someone else to do it and then pretending that they're doing it entirely on their own is absurd, and ignores the limits of the law entirely though sleazy reasoning. If the government forces someone to do something then they are acting on the government's behalf when they do it.

    link to this | view in chronology ]

  • icon
    aerinai (profile), 14 Jun 2017 @ 2:42pm

    Government has a point...

    The choice of Google not to stitch these files together seems to be the choice of Google; This isn't a technical issue, its an issue of whether or not Google will comply (because it obviously has the means to).

    In light of the Microsoft case, I'd say Google has every right to withhold that information, but it does seem a bit like Google does say it is above the law... which I'm also not about.

    Quite literally a convoluted network management solution of a company (regardless of how justified or efficient) is no better than the NSA saying "we cant tell how many people's privacy we are tromping on because we will violate people's privacy to find out".

    I'm a fan of accountability and the police doing the right thing (like requesting warrants). It is rulings like this that makes officer's bend the law and do parallel construction and other nefarious backroom hacking... That helps no one. Just saying...

    link to this | view in chronology ]

    • icon
      TKnarr (profile), 14 Jun 2017 @ 4:16pm

      Re: Government has a point...

      I suppose Google does have the means to comply with the order, by simply changing how it manages data. The question is, does it have to change how it manages it's data so that it can comply?

      That question isn't just an abstract question about network management, it implicates a lot of other very concrete aspects of law. For instance, a person can set up their finances so all their income is earned in the name of and goes to an overseas trust which buys what it's trustees (who happen to be the person in question and a couple of people he employs for the purpose of agreeing with his decisions) tells it to and lets the trust's beneficiary (also the person in question) use it. That way the person has no income and no assets in the US and none of the trust's income is under US jurisdiction, so they don't have to pay US income tax on anything. That person can easily change their finances to bring all of their income under US jurisdiction. Assuming that the trust arrangement is legal, is that person then obligated to change their finances so the US can collect income tax from them?

      The question's the same in both cases. I do things in X way. The government orders me to give it something it's entitled to ask me for. As it stands I'd only have to turn over A to comply with their order, but if I stop doing things X way and do them Z way instead then I'd have to turn over B, C, and D in addition to just A. Both X and Z are perfectly legal ways of doing things. The government would prefer I turn over A, B, C, and D. Am I obliged to change how I do things to suit their preference, or am I entitled to turn over only A and tell them to go pound sand as far as B, C, and D go until they can get the law changed to make doing things X way no longer legal?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 14 Jun 2017 @ 4:32pm

        Re: Re: Government has a point...

        Google's American employees do have control over the data, and I don't think it's (entirely) crazy for that to impact the legal analysis. They could have set it up (and still should) so that no American employee ever has control over the data.* For example, encrypt it with a key that never enters the USA.

        * More generally, they could set it up so a user's key is never in their home country.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 14 Jun 2017 @ 5:01pm

          Re: Re: Re: Government has a point...

          Intentionally creating s8ch a system could be seen as obstruction of justice or aiding and abetting. Neither is a good outcome.

          link to this | view in chronology ]

          • icon
            Jeff Green (profile), 15 Jun 2017 @ 2:52am

            Re: Re: Re: Re: Government has a point...

            And not constructing such a system could see Google banned from handling personal data anywhere outside the states and its satellite nations. For instance it is a very clear breach of EU law for Google to comply with this court order.

            US courts have always had a tendency to regard the rest of the world as fair game, while regarding all actions on US soil as immune from any foreign action.

            This is the sort of attitude that is common an acceptable in 5 year old children ...

            link to this | view in chronology ]

            • identicon
              Enif, 15 Jun 2017 @ 5:22am

              Re: Re: Re: Re: Re: Government has a point...

              > This is the sort of attitude that is common an acceptable in 5 year old children ...

              Also common in childish adults.

              link to this | view in chronology ]

            • identicon
              Cowardly Lion, 15 Jun 2017 @ 6:39am

              Sad day to be an LEO

              Google would likely be in breach of EU law, although to be said, it's not totally clear what's meant by a "Person's data". It might be an eMail or bank record but then again it might be an mp3 track stored in a cloud somewhere.

              More food for thought; a lot of organisations that handle personal, sensitive or restricted data quite often prevent anyone within their organisation from having actual sight of the data, and that can include the hard-core admins. It's only when data enters or exits their platform that data becomes plaintext, or meaningful. And that perimeter can be on someone's application or browser in an entirely different jurisdiction.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 15 Jun 2017 @ 9:15pm

                Re: Sad day to be an LEO

                More food for thought; a lot of organisations that handle personal, sensitive or restricted data quite often prevent anyone within their organisation from having actual sight of the data, and that can include the hard-core admins.

                The loophole is the hardcore admins can be ordered by their local jurisdiction to reconfigure things so that data is visible. As is the implication in this case with Google: "Your current methods are not favorable to us, so change them so they are favorable, or else."

                Is it political suicide? In the US I'd wager not, and sadly, that is becoming my default opinion for every nation around the world. As nations have woken up to the idea that they can use the technology to control their populous without fear of penalty, they are increasingly becoming more tyrannical in how they shape it's policy.

                Just because you can shift the location of data doesn't mean that you'll be able to. If anything will kill the internet, (or at least the modern version of it), it will be the governments of the world abusing it to the point that it's only primary use in practice will be for spying on and controlling the lives of citizens.

                link to this | view in chronology ]

        • icon
          TKnarr (profile), 15 Jun 2017 @ 9:29am

          Re: Re: Re: Government has a point...

          And in the above the person has control over the money and the offshore trust. Does this mean that the US government can order him to change the trust so it's no longer offshore so they can collect taxes on it that they can't as long as it's offshore?

          link to this | view in chronology ]

    • icon
      orbitalinsertion (profile), 14 Jun 2017 @ 4:51pm

      Re: Government has a point...

      I would hazard a guess that the reason they need to force Google to do this (reasonably or not, on its face), is that they are already engaging in parallel construction.

      link to this | view in chronology ]

    • identicon
      Sharatan, 14 Jun 2017 @ 5:42pm

      Re: Government has a point...

      Google does say it is above the law

      Bull. Google said no such thing.

      link to this | view in chronology ]

    • identicon
      Lesath, 14 Jun 2017 @ 5:47pm

      Re: Government has a point...

      It is rulings like this that makes officer's bend the law

      Courts no more "make" cops break the law than they do any other criminal.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Jun 2017 @ 12:39am

      Re: Government has a point...

      Let's say I own a U.S. based bus company with services in many countries around the world. One country of my service is Ecuador (which has no extradition treaty with the U.S.). Can the U.S. government force me to change my business model in Ecuador, rerouting a particular bus with a wanted fugitive onboard when they demand, so that I cross borders with an extadition-friendly country on the way to the actual destination?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Jun 2017 @ 3:40pm

    Nice to see a judge who isn't hoodwinked by big companies playing 'we are American ' and 'nothing we do is American '.

    The data is available to and generally controlled by the US parent company. What physical device it is on should not be material. Otherwise all US companies would just offshore all IT operations and nake all of their business records out of bounds.

    link to this | view in chronology ]

    • icon
      Roger Strong (profile), 14 Jun 2017 @ 4:31pm

      Re:

      And the implications of that?

      Google is a multinational company with offices and doing business in more than 40 countries around the world. It has product research and development operations in cities around the world. They are subject to the laws of those countries just as much as to American law.

      Sure, American law will likely set the standard for how Google responds to one country's request for data beyond it's borders. And then other countries will expect no less.

      An American company or person has upset authorities in Turkey? Their court will be able to demand international data - including on American servers - too.

      link to this | view in chronology ]

      • identicon
        Anomalous Coward, 15 Jun 2017 @ 6:17am

        Time to re-incorporate in another country

        Unless you are incorporated in a country that doesn't take such an intrusive view of the world's data (say Nevis or Anguilla), there will always be some pressure from the government of the incorporating country to have you cough up data.

        That the US has a particularly disturbing history of extra-territorially imposing its laws on other countries and citizens of other countries is cause for concern.

        Better for Google, et. al. to re-incorporate in another country, change the composition of its Board to be majority non-American (and have no American C-level executives).

        link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 14 Jun 2017 @ 4:05pm

    Awesome video on the leftist victim mentality

    Leftists need to watch this or remain willfully ignorant. Today we saw the leftists violence leave a congressman in critical condition. Leftists policies always lead to violence and ultimately death. If it could be defended with speech, as is often the battle cry here, it would be. But it can't so it needs violence to oppress opposition.

    https://www.youtube.com/watch?v=9BW0kU_wc2U

    link to this | view in chronology ]

    • icon
      Rapnel (profile), 14 Jun 2017 @ 4:19pm

      Re: Awesome video on the leftist victim mentality

      What the..?

      Take your "my side is better than your side" flap trappy garbage and hit the road, dickhead.

      link to this | view in chronology ]

      • This comment has been flagged by the community. Click here to show it
        identicon
        Anonymous Coward, 14 Jun 2017 @ 4:27pm

        Re: Re: Awesome video on the leftist victim mentality

        That is always the response from the left when confronted with the truth about their violent ideology. Just look at the violent protests that take place almost weekly now. Look at Madonna saying she wants to blow up the Whitehouse. Look at Kathy Griffin perform a mock beheading of the President. Look at the 100 million people killed by Socialism and Communism in the last 100+ years and the cry of the left to bring that ideology here. Look at abortion killing a million children every year. Every where you look on the left is death and misery. Just ask Venezuela, once praised as the model of the left, even praised by Bernie Sanders.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 14 Jun 2017 @ 4:50pm

          Re: Re: Re: Awesome video on the leftist victim mentality

          "Victim mentality." As you blame everyone one but yourself for your problems. The cognitive dissonance in your mind is truely spectacular to behold.

          link to this | view in chronology ]

          • This comment has been flagged by the community. Click here to show it
            identicon
            Anonymous Coward, 14 Jun 2017 @ 5:32pm

            Re: Re: Re: Re: Awesome video on the leftist victim mentality

            I don't follow your argument. There is no doubt that leftists employ the "victim mentality", just consider Thad and his "dog whistle" "secret message" fantasy. The leftists in the US are have coalesced around minorities who display their victimhood as a badge of honor and now want to create a "second class" of white citizens, even banning them from University campuses and using violence to suppress free speech.

            I thought the post was rather insightful, irrespective of your "cognitive dissonance", which I don't think applies here.

            link to this | view in chronology ]

        • identicon
          Anonymous Coward, 14 Jun 2017 @ 5:31pm

          Re: Re: Re: Awesome video on the leftist victim mentality

          lol

          link to this | view in chronology ]

      • This comment has been flagged by the community. Click here to show it
        identicon
        Anonymous Coward, 14 Jun 2017 @ 7:04pm

        Re: Re: Awesome video on the leftist victim mentality

        You do understand you are reinforcing his point with "flappy traps garbage" and "dickhead", right? You are employing the rhetorical violence and idiocy he was attributing to leftists.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 14 Jun 2017 @ 7:14pm

          Re: Re: Re: Awesome video on the leftist victim mentality

          "Oh no he was intolerant of my intolerance!"

          link to this | view in chronology ]

          • This comment has been flagged by the community. Click here to show it
            identicon
            Anonymous Coward, 14 Jun 2017 @ 7:36pm

            Re: Re: Re: Re: Awesome video on the leftist victim mentality

            Humor, right? Thank you for that. I like humor.

            Imagine, just for a moment, Techdirt without censoring. When two different opinions, or even three, are allowed to be displayed without the fear based censorship displayed above.

            When you hide the dissent, and display only the vitriol, you damage your own cause.

            I would also respectfully point out that if you had a point, you would just present it, and not have to resort to either nasty language or humor. You have no argument to present, right, that's why you go this route. I believe your behavior is exactly consistent with the original poster's message - you are a leftist, you have nothing to say, so you resort for to rhetorical violence, and later to physical violence, like Berkeley and others.

            link to this | view in chronology ]

    • icon
      Talmyr (profile), 15 Jun 2017 @ 7:11am

      Re: Awesome video on the leftist victim mentality

      Looks like the "leftists" are finally learning to live down to your "Second Amendment solutions" and using their easy access to weapons of mass murder to attempt to use them as designed. If only at least one side of the partisan divide weren't so gun happy but wanted stringent gun controls! If only at least one side of the partisan divide didn't want every crazy, criminal, and terrorist to have their 'Constitutionally mandated' access to firearms!

      It's a shame people had to get hurt in the crossfire of ideas. Good thing none of them were inveterate NRA supporters or the irony would be palpable. Almost like the irony of voting away people's healthcare then needing your own government-handout healthcare to save your life...

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 15 Jun 2017 @ 2:30pm

        Re: Re: Awesome video on the leftist victim mentality

        Prohibition didn't work and in fact gave rise to the mob. The drug war has been raging for decades and is costing $21 billion per year now. So please explain to me how making guns illegal will actually get them out of criminals hands.

        link to this | view in chronology ]

        • identicon
          Wendy Cockcroft, 16 Jun 2017 @ 2:32am

          Re: Re: Re: Awesome video on the leftist victim mentality

          Strawman; nobody is trying to make guns or the ownership thereof illegal on principle. Some people have proposed and enacted some misguided laws in an effort to limit the kind of guns available to the public, that's true, but nobody, as far as I know, is actually trying to ban all guns and gun ownership. They just want to limit ownership to sane law-abiding citizens.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 17 Jun 2017 @ 3:30pm

            Re: Re: Re: Re: Awesome video on the leftist victim mentality

            They just want to limit ownership to sane law-abiding citizens.

            Shouldn't we do the same thing for knives? And motor vehicles? What about hammers?

            link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Jun 2017 @ 4:22pm

    The problem isn't the U.S. government--there's always _some_ government; the problem is that what one government may do, the others may do also.

    What's to keep some Chinese lawyer presenting a demand--blessed with all the forms of Chinese legality that good money can bribe--demanding the trade secrets of some American company, because, after all, part of those secrets might have once resided on a server in Hong Kong?

    Google needs to clarify their own jurisdiction; and if the intent is to maintain the data outside the U.S. (as EU laws may require), then having it "sometimes in the U.S." isn't going to be a workable solution.

    link to this | view in chronology ]

    • icon
      Arthur Moore (profile), 14 Jun 2017 @ 9:30pm

      Re:

      EU laws may require

      This is going to bite them so hard. The moment it's an EU citizens data in question Google is going to face massive EU fines. Except, if they don't comply they're in contempt in the US.

      This is exactly the reason why Microsoft has refused to turn over the data. They know that the moment they do so the EU will burn them alive.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Jun 2017 @ 5:39pm

    Different laws for different people

    Isn't that what it's all about?

    link to this | view in chronology ]

  • identicon
    Bruce C., 14 Jun 2017 @ 6:04pm

    They could treat it like foreign profits...

    US only taxes foreign earnings if they are imported into the US. Using this analogy on data, if it's ever accessed for business purposes within the jurisdiction of the US, then the US isn't forcing Google to do anything it wouldn't normally do with the data within the US jurisdiction.

    OTOH, Google may very consciously keep foreign data out of the US, whether due to foreign regulations or simply because there is no business need to know. In cases where the data has never been "in" the US, I find it hard to see where the US can claim jurisdiction.

    This approach addresses the shell-game (where is the data at the moment the order is served?) that the PA and DC courts are worried about, while still maintaining jurisdictional boundaries. The order would be valid if the data was ever in the US, but not if it was walled away from the US on an ongoing basis.

    link to this | view in chronology ]

  • identicon
    Rotanev, 14 Jun 2017 @ 6:14pm

    Foreign Laws

    Now wait until Google is brought up on criminal charges by a foreign government for breaking data privacy laws there by not having a valid order to seize the data there. (And no, despite what some believe, U.S. court orders are not valid worldwide.)

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Jun 2017 @ 6:26pm

      Re: Foreign Laws

      Data has no real nationality. If it is accessible in the US as part of Google's business then it is effectively here.

      link to this | view in chronology ]

      • icon
        That One Guy (profile), 14 Jun 2017 @ 6:44pm

        Re: Re: Foreign Laws

        The data has no nationality, no. Where it's located most certainly does have an impact.

        If 'it's accessible in the US' means that it's not foreign when it comes to a US court demanding it be handed over, then by that same argument foreign courts can demand that US based data be handed over because google happens to have an office there.

        Be very careful opening up that can of worms, as once open it can be easily used by others in ways you might not be so happy with.

        link to this | view in chronology ]

  • identicon
    My_Name_Here, 15 Jun 2017 @ 2:50am

    You see, Tim, this is a judge who knows what due process means.

    link to this | view in chronology ]

    • icon
      Talmyr (profile), 15 Jun 2017 @ 7:14am

      Re:

      Funnily enough, those are prized here. Just not automatically ones who kow-tow to Your Imperial Masters.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Jun 2017 @ 3:03am

    EU Applicability

    All very interesting. The EU has already made it clear that it is prepared to play hardball to keep its citizens' data private within the EU. This decision is a red flag and will inevitably have serious and unexpected consequences. The US legal system needs to stop confusing technical influence with legal remit.

    link to this | view in chronology ]

  • icon
    Sok Puppette (profile), 15 Jun 2017 @ 6:32am

    Yeah, OK, whatever

    Look folks. If you let somebody other than yourself hold your unencrypted data (or hold the keys to your encrypted data), then you can expect those data to be given to people you don't want them given to.

    That's not a US law matter, and it's not an international law matter. It's a laws of physics matter. It will happen regardless of anybody's laws.

    Only idiots store anything in the cloud unencrypted if they don't want it known.

    The solutiond to this are decentralization, user-managed end-to-end cryptography, and stealth technology. Where that interacts with the law is in the need to keep those things from being forbidden (or to make it impossible to enforce any laws against them).

    Spending time on some doomed attempt to keep governments from forcing corporations to turn over data is a distraction.

    It may actually be a useful distraction, because as long as the governments think they can get what they want by attacking Google or whoever, their attention doesn't turn to finding ways to attack the actually effective technical approaches. With some luck, you might even get them to tie themselves up in giant nets of treaties and precedents that would make it harder for them to interfere with anything actually effective once they figured out that they needed to.

    But it's not useful to drink your own Kool-Aid and think that you'll ever get useful protection from Google, Microsoft, or anybody else.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Jun 2017 @ 8:59am

      Re: Yeah, OK, whatever

      "user-managed end-to-end cryptography"

      I agree with you on that. Question for you (if you don't mind): do you have any opinion about whether this solution ("user-managed end-to-end cryptography") could be or should be open source?

      link to this | view in chronology ]

      • identicon
        Thad, 15 Jun 2017 @ 10:51am

        Re: Re: Yeah, OK, whatever

        I'm not the person you asked, but I hope you don't mind my answering:

        do you have any opinion about whether this solution ("user-managed end-to-end cryptography") could be or should be open source?

        It would have to be; how else could you verify that it worked as intended, and didn't contain any nasty surprises?

        Security through obscurity doesn't work. Strong security is reproducible and verifiable. If an E2E encryption process works, then there's no reason to hide the nature of how it works.

        That's not to say there are no vulnerabilities in open-source software; of course there are. There have been some extremely serious ones found in major projects like OpenSSL, after going undetected for years. That is seriously bad news. But "it was vulnerable because it was open-source" is the wrong conclusion to draw.

        link to this | view in chronology ]

      • icon
        Sok Puppette (profile), 15 Jun 2017 @ 1:43pm

        Re: Re: Yeah, OK, whatever

        *I* would use open source, yes. With the understanding that that's not foolproof.

        link to this | view in chronology ]

    • icon
      orbitalinsertion (profile), 15 Jun 2017 @ 1:40pm

      Re: Yeah, OK, whatever

      That's great and i agree with a lot of your points, however, it is irrelevant and we are not discussing the woes of an individual targeted with this order.

      The cloud, or companies, being crap, does not excuse governments and their courts from being crap.

      Everything which may be abused (which is everything), will be abused. See? I told you so. Therefore you are all idiots. All your base nao morally belong to me, apparently.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Jun 2017 @ 10:12am

    The court finds Google does not effect a seizure of requested data because it simply makes a copy of it.

    Unless that data is copyrighted of course, in which case making a copy of it is most definitely a seizure carried out by a no-good filthy pirate...

    link to this | view in chronology ]

    • identicon
      Tejat, 15 Jun 2017 @ 12:17pm

      Re:

      Unless that data is copyrighted of course...

      Which it is, of course, because copyright is automatic. No way to avoid it.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 15 Jun 2017 @ 12:39pm

        Re: Re:

        Not really. If Google is returning the contents of your emails, then the contents are copyrighted. But if it returns things like email date/sender/receiver or search history or a variety of other things, those aren't copyrighted because they are simply a collection of facts, which aren't (yet) copyright-able.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Jun 2017 @ 1:38am

    law as written != law as intended

    I think, just going by the rules as written (which determines what is legal), Google would neither be required nor allowed to serve up the data currently outside of the US. Of course warrants depend on their time of execution.

    If I execute a search warrant on a physical property while someone has just departed with the eveidence, I won't find anything. Just because it was once in that cupboard over there does not mean it will be forever, and a warrant for that cupboard will not extent to anything that has ever been or will ever be in that cupboard.

    But the existing legislation written for a physical world often do not work very well in a modern digital context. Just as searching someones pocket contents in 1917 is very, very different from searching all digital devices carried in their pockets in 2017, other laws don't translate well. You will need to update them.

    You have an amorphous network of data that self-organizes, moves and copies according to current neeeds? It needs to be fair game for seizure from any government that has legal jurisdiction over part of that network. You want to obey several different legal privacy frameworks? Build different data networks, e.g. one North American, one European. As soon as the data moves automatically from one jurisdiction to another you need to submit it to both jurisdictions to avoid idiotic results as those described above, where any warrant is just a lucky grab for fragments to puzzle over, like a legalistic heartbleed exploit.

    But such legal reforms need technically competent legislators, or competently advised legislators willing to *be* advised. Not to mention legislators without hidden agendas (like corruption, lobbying, thirst for power...). Since both are rare qualities, ever getting a majority having both those qualities seems unlikely.

    link to this | view in chronology ]

    • identicon
      Rasalgethi, 17 Jun 2017 @ 3:33pm

      Re: law as written != law as intended

      Too bad they aren't all smart as you!

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.