
Microsoft Defies Court Order, Will Not Give Emails to US Government - xamlhacker
http://windowsitpro.com/paul-thurrotts-wininfo/microsoft-defies-court-order-will-not-give-emails-us-government
======
jnbiche
The casualness with which the U.S. Government asks a private company to
violate EU and Irish law is truly disturbing.

The U.S. Gov has gone mad with power.

And for perhaps the first time ever: bravo Microsoft! I don't even care if you
did if for the PR, it's still a brave stand.

~~~
revelation
They did it neither for PR nor "principles", but for mere money. The US data
hegemony is bad for business overseas.

~~~
bushido
_> They did it neither for PR nor "principles", but for mere money._

Why can't it be all three?

Sticking to principles can be quite profitable, but it still needs balls.

~~~
jkestner
Because if you believe they did it on principles, then you will have misplaced
your trust and be worse off in the future. Microsoft has also turned over user
information to the government. That doesn't sound like principles - at least
not the same principles that I care about.

------
burgers
_> Judge Preska of course feels differently, and she has consistently agreed
with the prosecution argument that the physical location of email is
irrelevant because Microsoft controls the data from its base in the United
States._

I find this bit very interesting. As opposed to Microsoft being a US company,
it is that it's operations are located in the US. I wonder what effects this
decision could have on the US labor market if companies relocate operations in
the same way they relocate certain things for tax avoidance.

~~~
toyg
_> if companies relocate operations in the same way they relocate certain
things for tax avoidance._

They already do. Umpteen companies run servers in this or that country for
specific legal reason which are not necessarily related to taxation. Classic
case: companies with dubious stands in regard to copyright law.

The PATRIOT Act already forced a number of companies to open European
datacentres to satisfy particularly-picky customers; it's just that this
particular threat was considered mostly theoretical... until Edward Snowden
proved the opposite. Now all cloud-services providers must prove their
virginity or risk losing sizeable chunks of lucrative European markets, hence
why Microsoft is making a stand (on this case, at least).

I do applaud them: if anything, once this process is over, we'll have a
clearer picture of what exactly the US government can or cannot ask from US-
based cloud companies. We're currently in a fog where the law says certain
things but practical experience says another. A realignment in one way or the
other would be most welcome.

~~~
AndyNemmity
>The PATRIOT Act already forced a number of companies to open European
datacentres to satisfy particularly-picky customers;

It's not picky customers, it's everyone. It's literally the first discussion
that occurs. Any company in any part of the world wants their data in a
datacenter near them, that follows rules they are comfortable with.

It cannot be overstated just how important this issue is to foreign companies.

~~~
toyg
_> It's not picky customers, it's everyone. It's literally the first
discussion that occurs._

In my experience that often wasn't the case until Snowden came about, but I
guess it might depend on specific sectors.

I agree that now it's absolutely everyone.

------
mercurial
> Despite a federal court order directing Microsoft to turn overseas-held
> email data to federal authorities, the software giant said Friday it will
> continue to withhold that information as it waits for the case to wind
> through the appeals process. The judge has now ordered both Microsoft and
> federal prosecutors to advise her how to proceed by next Friday, September
> 5.

> Let there be no doubt that Microsoft's actions in this controversial case
> are customer-centric. The firm isn't just standing up to the US government
> on moral principles. It's now defying a federal court order.

Whoever wrote this clearly didn't bother wondering if, just maybe, handing out
customer data "overseas" ("overseas" apparently means Ireland) would be
illegal under EU and Irish law. But let's not minor details like this get in
the way of good PR.

~~~
jkestner
Assigning noble motives to Microsoft's actions is ignoring the actual motives
of a business. How do those same people explain why Microsoft has given the US
government user information on other occasions? It's just a calculation of
what's the best thing to do for the well-being of the business. Just as banks
happily take a "record fine" for breaking the law because it's a small expense
to making a lot of money.

We get in so much trouble trying to understand companies as if they're
individual humans. Evolutionary biology for corporations needs to be taught.

~~~
mercurial
I absolutely agree. On the other hand, the fact that ethics rarely seem to
play any role in decision-making at large-scale organization is pretty telling
about the sort of people who rise up to the top :(

------
ryanburk
if the ruling is upheld, web services that face legal discovery like google,
dropbox, facebook, microsoft, etc will face an amazing burden of data
retention cost.

there is an amazing tax already on these services having to implement per
government specific retention policies based on where they do business. for
example in ireland, by law you need to be able to produce up to a year of
content even if an account has been deleted. in the u.s. the period is much
shorter. so if other countries create similar legislation after seeing a u.s.
version of this law stick, everyone will have to implement a myriad of
retention policies, or worst case retention, in every datacenter they operate.
it drives up cost and complexity in the services.

this might not be popular to say, but microsoft taking a stand here is an
amazingly good thing for our industry.

~~~
tracker1
That said, I don't think this has much to do with protecting MS's customers,
or for that matter standing up for them as it is presented. I'm pretty sure
it's more about MS operations being able to continue to run in Ireland and the
rest of the EU. If MS hands this data over, you can be assured that MS would
face stiff penalties and restrictions to even be able to operate in the EU,
and would likely have their Azure facilities shut down as a result.

MS is stuck between a rock and a hard place here, no doubt, and I think it's
important for this stand to be made. Hopefully sanity will prevail here...

I don't think the U.S. government would appreciate if Google were forced to
turn over the Google Apps data of scientific universities to China because of
a court order there.

~~~
Irish
I don't think the foreign country would care unless it was data that was owned
or related to an entity in that country.

Its an american owned and operated data center in Irelend (where I live).
Presumably the email is 'owned' by an american and the case involves all
american actors(cant really make that assumption I guess) so there dosn't seem
to be anything to spark the interest of the Irish legislature. Unless you make
the leap to the point that now america can just demand ALL the data in that
data center which you certainly could.

This isn't really the same as a warrant either is it? They are not demanding
to be allowed access to or to search the data center. Microsoft in America is
being ordered to hand over a document that they have access to, where that
document is seems irrelevant (just playing devils advocate).

Also the chances of any small to medium sized nation (particularly Ireland)
getting on their high horses about this is quite unlikely due to the amount of
money these large multi-nationals bring here. In fact if this is upheld I
imagine it would be another boon for Ireland as the american companies will
have to set up even more infrastructure so that they can argue that its a
completely separate entity that they simply funnel customers to or whatever.
If the companies act first they could even get favorable Irish legislation
passed to prevent the type of treaty talked about in the article (although
this would be a pretty ballsy move for Ireland)

~~~
icebraining
_Presumably the email is 'owned' by an american and the case involves all
american actors(cant really make that assumption I guess)_

Indeed, sounds like a dubious assumption to me.

------
simonblack
I cancelled my Dropbox subscription several years ago for precisely this sort
of situation. Not that any of my files are particularly wonderful, but the
point being that I would no longer have control over other people having any
and all access to them.

Microsoft will eventually roll over.

------
serve_yay
Not that I don't respect the decision, but something tells me that we would be
less happy, in other instances, to see giant companies like MS decide when the
law should apply to them.

~~~
CamperBob2
Not only that, but the idea that a US person or company can dodge a court
order just by transferring the data in question (or a physical object such as
a server, or an item of disputed ownership) to another country seems totally
unsupportable. I don't see how the judge has erred by issuing this order and
expecting it to be followed.

As I see it, the judge had no choice but to issue the order, and Microsoft has
no rational alternative but to defy it if they want to conduct business as an
international provider of cloud services. The real problem is with Congress,
not the courts. When they permitted intelligence agencies to run amok with
absolutely no Constitutional boundaries, they thought very little about the
long term consequences and cared even less.

~~~
toyg
_> When they permitted intelligence agencies to run amok [...] they thought
very little about the long term consequences_

I don't think intelligence agencies are involved here at all. In fact, them
"running amok" would be easier in this case: they would have those emails
already, process be damned.

In truth, this particular process would have happened at one point or another
regardless of intelligence services, it's just a function of global internet
services existing and laws having emerged to deal with them. Back before EU
privacy laws were introduced, Microsoft would have just handed out anything
they had to the FBI without really a second thought. Now they have to comply
with two conflicting sets of laws.

It's not just a problem with the US Congress: it's a transatlantic (or rather
global) conflict between incompatible laws.

It's like France had a law _prohibiting_ a company from selling widgets at
price X worldwide, and the US had a law _forcing_ them to sell the same
widgets at price X worldwide: you just couldn't obey both laws, since they
both claim the same jurisdiction while mandating conflicting behaviour. You
would need an international treaty to harmonize this, or one country to drop
their law.

~~~
CamperBob2
The involvement of intelligence agencies is indirect but very much relevant.
Widespread disclosure of illegal domestic spying, including misuse of
intelligence data for commercial purposes, incentivizes customers to keep
their data out of the US. As a result, companies like Microsoft need to be
prepared to maintain customer data outside the US, or they won't be able to
compete with providers in other countries.

------
rdxm
Here's the 64k dollar question. __If __Snowden hadn 't dropped the dime on the
douchebaggery going on not just at NSA, but also w.r.t. the
complicity/cooperation by all the biggies(Google, FB, MS, etc), would MS be
doing this?

I assert that the answer is clearly a big No....anyone else agree with me??

~~~
jpatel3
I guess we don't know, statistically answer might be No. But whats your point?

------
aikah
Impressive move by Microsoft, frankly i'm more enclined to use MS cloud
services,if they challenge US court orders on a regular basis. do some people
know what they risk?

------
mnglkhn2
Maybe I've missed it, but is data requested belonging to a US or non-US
resident?

~~~
icebraining
That wasn't released.

------
spydum
So, I wonder if Microsoft wins this appeal, how practical would it be to
stripe encrypted data across data centers in 2+ countries. The idea being that
to obtain the data stored, would require legal authorization in each country?

~~~
belovedeagle
A possible argument by the feds comes to mind: recall that in Lavabit, they
argued that access to the SSL keys was a "necessary" part of implementing the
court order. In such a case as you describe they'll just pull the same trick.

------
zmmmmm
It's a very confusing article, I must say. On the one hand it seems to imply
Microsoft is defying the law on behalf of its customers. If that is the case
MS is in contempt of court and presumably the board of directors and other
executives could face criminal sanctions. However there's certainly no mention
of that and in other parts of the article it sounds like this is just one more
round in an ongoing legal case ...

> The removal of the suspension legally requires Microsoft to hand over the
> email immediately

vs

> The judge has now ordered both Microsoft and federal prosecutors to advise
> her how to proceed by next Friday, September 5

Paul Thurrott is of course a relentlessly pro-Microsoft writer, and I can't
help but get the feeling he's trying to take advantage of strategic ambiguity
to put out a positive story here. I will stay tuned to see if indeed there is
some kind of punishment meted out to Miscrosoft - otherwise my assumption
would be that this is much less of a story than it sounds.

~~~
diafygi
Huh, it does appear that officers are the ones who are locked up in the event
that a corporation is held in contempt[1].

Which brings up another question. Instead of proposing that the officers be
held in contempt, could the judge instead rule that the corporate charter get
suspended? It seems like that would be more analogous to imprisoning a
"person".

[1] -
[http://www.millerjohnson.com/pubs/xprPubDetail.aspx?xpST=Pub...](http://www.millerjohnson.com/pubs/xprPubDetail.aspx?xpST=PubDetail&pub=1546)

------
jburwell
I can't believe I am actually saying this -- "Go Microsoft!". For once, they
are on the right side.

------
jrapdx3
This case may be the leading edge of a huge wave with a global sweep.

The sticky point may be that the locality of data is impermanent and
ambiguous. In the MS case, though the data is said to be stored on a server in
Ireland, it could just as well be distributed, moved or duplicated anywhere,
and for all we know it already has been.

Eventually laws will have to come to terms with the implications of the
Internet: data, like a flock of migratory birds, for its own reasons goes one
place to another and knows nothing about national boundaries.

~~~
yutah
one global country would probably fix that... or I guess you could end the
Internet... but to tell you the truth, "cloud computing" needs to end instead.

~~~
toyg
_> one global country would probably fix that_

This is a joke only up to a point. The current legal landscape emerged
throughout the last few centuries mostly in response to commercial pressures:
as commerce grew in range, volume and needs, so did laws, agreements and
conflicts.

We now have a situation where global commerce is real, both in a physical and
logical sense. The law, both at national and international level, just doesn't
know how to deal with it. Companies design hardware in Massachusetts, produce
it in China, sell it in Europe, and file their accounts in Caribbean islands.
They develop software in Romania, run it on servers in Texas, sell it to the
Brazilian market, support it from India, and file accounts in Luxembourg. This
stuff could only be done by a handful of players back in the '70s, and we
could deal with it on ad-hoc basis ("dude, we know your money is in
Switzerland, just open a token factory in my constituency and we'll call it
even"). Now it's just how business works everywhere, and we need real
processes to scale up.

What rules can be defined and applied? How are they going to be enforced? Who
is responsible for amending them? These big questions are the real challenge
of this century for us "First World", and some harmonization will eventually
have to emerge one way or the other.

------
hartator
maybe I am some kind of sheep but this kind of stand makes me strongly
consider again Microsoft as a platform of choice against Apple.

Bravo Microsoft.

~~~
silencio
Not to be an Apple apologist, but do we know if Apple's faced a case like
this? Or other companies? It's not like Microsoft chose to be targeted here.
My guess is that this is so insanely overreaching that the major industry
players would have done the same as MS if they were the ones hosting this one
Irish email account in question. Plus, Apple and others have filed briefs in
support of MS and have been lobbying against what's been going on.

I personally would have enjoyed listening to more of Tim Cook on this topic if
Apple and MS swapped places. Earlier this year, he said the USG needed to cart
employees out in a box before they can get access to Apple servers.
Interesting quote for sure.

------
thrownaway2424
This is interesting but let's give the cheer leading a break. What were really
talking about here is corporations testing the size of their stick versus the
government's. The feds are pursuing a USA case against and american entity and
the data in question is held by another american entity, which happens to have
moved it to Ireland. Well why did they do that and when? Was is always there
and will it always be there? In what country is the data chiefly accessed? If
it is sent and received by Americans exclusively then perhaps the place where
it is nominally stored might not even matter. In that case the place of
storage would be just the kind of corporate fiction that courts are happy to
pierce.

What if the data is striped among all the countries where Microsoft has
datacenters? Do you get the union of all possible data protections? Or the
intersection?

There are actual legal questions here and Microsoft's position is not
neutrally good.

~~~
icebraining
_The feds are pursuing a USA case against and american entity_

Are they? Where did you read that? As far as I know, the nationality of the
Microsoft customer hasn't been released.

------
wfunction
Am I the only one who's worried this may make the government _less_ careful
about giving orders in the future? (i.e. won't they figure "hey, let's just
give the order; if they disagree then they'll defy it"?)

------
mindvirus
This raises the question: if the judge's option ends up being held, would any
non-US based company buy services from a US company?

------
notastartup
Good job for Microsoft being the first to stand up against a surveillance
government. If only everyone else was brave enough to follow, we would see
change.

~~~
nabla9
This is not move against government mass surveillance (collecting
intelligence).

This is criminal case and the question is the limits of legal discovery.

------
edoceo
+1 to MS!

------
jrochkind1
Thank you, Edward Snowden.

------
hellbanner
This is because the USG already has backdoors, right?

------
yutah
So I guess the US government is not logging everything yet... so this is 2
good news.

~~~
toyg
"The US government" is not a monolithic entity. Certain departments (e.g. NSA)
might "log everything" already, they just don't (or can't) share it openly
with other departments yet -- if anything, because revealing such capability
is damaging in itself.

~~~
yutah
If I understand correctly, from some news I read [1], they are already sharing
information with at least the DEA and the IRS. The DEA and the IRS were told
to cover up the source of that information by coming up with their own
independent leads to recreate the information obtained ("Parallel
construction" is really intelligence laundering).

[1] [https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-
intel...](https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-
laundering)

------
niels_olson
Watch my left hand waving while my right fist delivers a body blow.

------
okasaki
They give it to the NSA, and the NSA shares it with other govt. bodies through
that search engine (and probably a dozen other ways).

Anyway, it always freaks me out a bit when people cheer a megacorp like MS.
They're not fighting for you, they're fighting for your perception of them.
The faster you cheer, the less they'll do.

~~~
pyre
At the same time, if they find that people are indifferent to actions like
this, maybe they'll feel that it isn't worth their while.

------
venomsnake
I have a feeling that USG already have the data they need and are just running
"parallel discovery/whitewashing" here.

Still it is nice to see MS take a stand.

~~~
jqm
or at least "appear" to take a stand...

