DoJ v Microsoft: Feds Still Want to Snoop on Irish Cloud

Microsoft DoJ Ireland
[Wrong Snoop: You’re fired -Ed.]
Microsoft’s fight to keep its European customers’ data private is back in the news. The U.S. Justice Department wants a court to revisit a ruling preventing the government from reading email stored in an Irish data center.

Not only is the data stored outside the U.S., but the owner of the data isn’t a U.S. resident. So Microsoft argues the jurisdiction should be Ireland. A few months ago, an appeal court agreed, but the DoJ isn’t giving up without a fight.

Hope you ready for the next episode. In today’s IT Newspro, we gon’ rock it til the wheels fall off.

Your humble newswatcher curated these news nuggets for your entertainment. Not to mention: Martha and Snoop

What’s the story? David Kravets US renews fight:

The U.S. Department of Justiceasked a federal appeals court to reconsider its July decisionthat authorities [have] no legal right to access data storedin overseas servers—in this case, Dublin, Ireland.The case touches on consumer privacy, international relations, and the [U.S.]’s desire to investigate criminal activity.

Federal prosecutors urged the court to reconsider. [It] argued that the precedent setwill hinder national security.

How did we get here? Ellen Nakashima—Justice Dept. asks court to review decision:

Microsoft, one of the world’s largest email providers, received the warrant in December 2013in the wake of disclosures that shed light on tech firms’ role in complying with U.S. surveillance programs.“Congress did not intend the [Stored Communications Act of 1986] warrant provisions to apply extraterritorially,” U.S. Appeals Court Judge Susan Carney wrote.

Microsoft and [others] argue that if the government’s view prevails, U.S. businesses could lose billions of dollars. [And] that foreign governments might retaliate.“Three experienced judges already agreed this 30-year-old law doesn’t applyabroad,” Microsoft spokesman David Cuddy said.

But how can I be sure? Aine McMahon reports from Ireland, to be sure: [You’re fired -Ed.]

In July, a panel for the U.S. Court of Appeals ruled Microsoft would not be obliged to turn over emails stored in Ireland. [The ruling] overturned a 2014 decision ordering Microsoft to hand over messages of a suspected drug trafficker.

Get to the point! Paul Thurrott summarizeifies:

U.S. law enforcement agencies routinely and secretly demand that technology firms hand over user data, and Microsoft has had enough: This caseinvolves a non-U.S. citizen and data stored in an international location, and thus the U.S. government has no legal right to that data.

Didn’t Microsoft’s Brad Smith write the book on this? Here are his thoughts on cross-border Government access to data:

Businesses and individuals have the reasonable expectation that the information theystore in digital form should [have] the same privacy protections as [on] paper. [But] governments have a clear and compelling need to access digital data.

[And the] rise in transnational criminal activity raises new challenges.Governments are increasingly taking unilateral steps to seize information stored outside their borders. [This] can undermine public trust in cloud.

Technology providers should have the opportunity to challenge [government requests] to ensure that governments are acting within the law.The existing mutual legal assistance process should be modernized and streamlined to ensure that it can continue to serve its purpose.Important work is already being done in this area by academics and a small number of governments.

A new hope? Here’s Charlie Osborne—U.S. strikes back:

In 2014, the company was held in contempt of court for refusing to hand over this data.Luckily for Microsoft and privacy advocates alike, the firm won.

However, the DoJ is not taking the decision lying down, [saying] the case “involves a question of exceptional importance.” [They] call the decision “severely limiting” to an “essential investigative tool”and is also “causing confusion and chaos.” [But] Microsoft saysEuropean Unionmechanisms should be used and the proper procedures followed.

Wo what happens next? Bogdan Popa pops this on the stack:

It goes without saying that Microsoft doesn’t agree with the government. [It] will continue to hold its positionso it’ll definitely take longer than expected.The governmentwill most likely move the case to the US Supreme Court should the judges decide not to reconsider.

Sounds like a bit of a problem. Jennifer Daskal foresees Dangerous Implications:

This is obviously a problem.It significantly impedes law enforcement’s ability to get sought-after data pursuant to lawful process.

The case really isn’t about protecting privacy.That said, I think the government goes too far.Yes, a warrant providesfor accessing sought-after data, but that does not eradicate the user’s privacy interest.

There is something very disconcerting about the idea that a government’s ability to access our data turns on the decisions of third-party providers, about which most of us have no control.This is an issue that belongs in the hands of Congress, and not the courts.The bipartisan International Communications Privacy Actis a step in the right direction.

Buffer Overflow…

More great links from Petri, IT Unity, Thurrott and abroad:

And Finally…

Martha and Snoop?