DoJ v Microsoft: Feds Still Want to Snoop on Irish Cloud
Not only is the data stored outside the U.S., but the owner of the data isn’t a U.S. resident. So Microsoft argues the jurisdiction should be Ireland. A few months ago, an appeal court agreed, but the DoJ isn’t giving up without a fight.
Hope you ready for the next episode. In today’s IT Newspro, we gon’ rock it til the wheels fall off.
What’s the story? David Kravets US renews fight:
The U.S. Department of Justice…asked a federal appeals court to reconsider its July decision…that authorities [have] no legal right to access data stored…in overseas servers—in this case, Dublin, Ireland. … The case touches on consumer privacy, international relations, and the [U.S.]’s desire to investigate criminal activity.
Federal prosecutors urged the court to reconsider. [It] argued that the precedent set…will hinder national security.
How did we get here? Ellen Nakashima—Justice Dept. asks court to review decision:
Microsoft, one of the world’s largest email providers, received the warrant in December 2013…in the wake of disclosures that shed light on tech firms’ role in complying with U.S. surveillance programs. … “Congress did not intend the [Stored Communications Act of 1986] warrant provisions to apply extraterritorially,” U.S. Appeals Court Judge Susan Carney wrote.
Microsoft and [others] argue that if the government’s view prevails, U.S. businesses could lose billions of dollars. [And] that foreign governments might retaliate. … “Three experienced judges already agreed this 30-year-old law doesn’t apply…abroad,” Microsoft spokesman David Cuddy said.
But how can I be sure? Aine McMahon reports from Ireland, to be sure: [You’re fired -Ed.]
In July, a panel for the U.S. Court of Appeals ruled Microsoft would not be obliged to turn over emails stored in Ireland. [The ruling] overturned a 2014 decision ordering Microsoft to hand over messages of a suspected drug trafficker.
Get to the point! Paul Thurrott summarizeifies:
U.S. law enforcement agencies routinely and secretly demand that technology firms hand over user data, and Microsoft has had enough: This case…involves a non-U.S. citizen and data stored in an international location, and thus the U.S. government has no legal right to that data.
Didn’t Microsoft’s Brad Smith write the book on this? Here are his thoughts on cross-border Government access to data:
Businesses and individuals have the reasonable expectation that the information they…store in digital form should [have] the same privacy protections as [on] paper. [But] governments have a clear and compelling need to access digital data.
[And the] rise in transnational criminal activity raises new challenges. … Governments are increasingly taking unilateral steps to seize information stored outside their borders. [This] can undermine public trust in cloud.
Technology providers should have the opportunity to challenge [government requests] to ensure that governments are acting within the law. … The existing mutual legal assistance process should be modernized and streamlined to ensure that it can continue to serve its purpose. … Important work is already being done in this area by academics and a small number of governments.
A new hope? Here’s Charlie Osborne—U.S. strikes back:
In 2014, the company was held in contempt of court for refusing to hand over this data. … Luckily for Microsoft and privacy advocates alike, the firm won.
However, the DoJ is not taking the decision lying down, [saying] the case “involves a question of exceptional importance.” [They] call the decision “severely limiting” to an “essential investigative tool”…and is also “causing confusion and chaos.” [But] Microsoft says…European Union…mechanisms should be used and the proper procedures followed.
Wo what happens next? Bogdan Popa pops this on the stack:
It goes without saying that Microsoft doesn’t agree with the government. [It] will continue to hold its position…so it’ll definitely take longer than expected. … The government…will most likely move the case to the US Supreme Court should the judges decide not to reconsider.
Sounds like a bit of a problem. Jennifer Daskal foresees Dangerous Implications:
This is obviously a problem. … It significantly impedes law enforcement’s ability to get sought-after data pursuant to lawful process.
The case really isn’t about protecting privacy. … That said, I think the government goes too far. … Yes, a warrant provides…for accessing sought-after data, but that does not eradicate the user’s privacy interest.
There is something very disconcerting about the idea that a government’s ability to access our data turns on the decisions of third-party providers, about which most of us have no control. … This is an issue that belongs in the hands of Congress, and not the courts. … The bipartisan International Communications Privacy Act…is a step in the right direction.
More great links from Petri, IT Unity, Thurrott and abroad:
- Connect Two Azure Resource Manager Virtual Networks Using VPN
- How the Focused Inbox Replaces Clutter Inside Office 365
- Skype Recording “Save To” Location
- Google Seeks to Restore Chrome’s Lost Luster
- Microsoft Set to Spring a New Windows 10 Release on Us
- How Apple Scaled Back Its Titanic Plan to Take on Detroit
- Previously in IT Newspro
More in Security
Microsoft Defender for Endpoint Adds Tamper Protection on macOS
Aug 16, 2022 | Rabia Noureen
Microsoft Sentinel Now Lets IT Admins Detect Low and Slow Password Spray Attacks
Aug 15, 2022 | Rabia Noureen
Google Workspace Adds Stronger Protections to Sensitive Accounts
Aug 11, 2022 | Rabia Noureen
Slack Releases Fix for Critical Bug That Exposed Hashed Passwords for Years
Aug 8, 2022 | Rabia Noureen
Microsoft Defender Experts for Hunting Lets Businesses Proactively Hunt Security Threats
Aug 4, 2022 | Rabia Noureen
VMware Releases Updates to Address Critical Authentication Bypass Flaw
Aug 3, 2022 | Rabia Noureen
Most popular on petri