
A Case That Has Microsoft, Apple and Amazon Agreeing - andore_jr
http://www.bloomberg.com/news/articles/2015-09-02/as-microsoft-takes-on-the-feds-apple-and-amazon-watch-nervously
======
soylentcola
_" There’s irony in any tech company confronting the government on privacy
matters, considering how much heat many take for mining their own customer
information and using it for advertising and other profitable purposes."_

See, I don't find this very ironic. In fact, my only real issue with data
mining and analysis by these sorts of companies is the way governments can
demand this info without my approval.

If Microsoft or Google or Apple or Amazon offer me a service and state that
"hey, we'll provide this service for no cash outlay but data you submit to our
servers will be analyzed to tailor search results, advertising, and other
behavior to your usage" I can opt into that knowing that I'm trading targeted
ads for free email or hosting or whatever. If I don't think that's a good
deal, I don't use the service. If I think "OK, ads are a fair price for this
stuff" then again, I'm cool with that.

But just because I agree to let Google read my location to send me traffic
warnings before heading out to work doesn't mean I want the FBI to grab that
data without my knowledge so they can determine if I might be a troublemaker.
Just because I agree to let Amazon use my Amazon searches to suggest other
products I might want doesn't mean I want the DEA demanding that info to
decide if the gardening gear I purchased was for tomatoes or growing cannabis.

I'm perfectly aware that you pay for the things you get, whether it's directly
with cash or indirectly from advertisers who pay for access to your eyeballs.
Those are things I can consent to or decline. But when people with guns and
the ability to throw me in jail can demand access to that info without my
knowledge, I'm no longer agreeing to the same thing.

It's like signing a contract where someone else has the ability to change the
fine print after I've signed it.

~~~
rayiner
> But just because I agree to let Google read my location to send me traffic
> warnings before heading out to work doesn't mean I want the FBI to grab that
> data without my knowledge so they can determine if I might be a troublemaker

Constitutionally, privacy is a pretty cut-and-dry concept. Information is
either private or not. Private information isn't "information I don't want the
government to have" it's "information I don't want anyone else to have."

I'm not saying we couldn't restructure the law to express what you're talking
about. But it's not just a matter of extending our existing principles to this
new situation. You're throwing the concept of "privacy" on its head by saying
that you have this information that's "private" but that at the same time some
third-party entity (and its employees) actively sifts through to target
advertising to you.

~~~
LordKano
_Constitutionally, privacy is a pretty cut-and-dry concept. Private
information isn 't "information I don't want the government to have" it's
"information I don't want anyone else to have."_

You are incorrect. Your line of thinking runs in direct opposition to Roe V.
Wade.

You can share information with your doctor that you specifically do not want
the government to have. There's nothing special about doctors, in a
constitutional sense. They are a third party providing a service and it is
most certainly possible to have shared information with a third party that is
still private.

~~~
rayiner
I'm talking about "privacy" in the 4th amendment sense.

The _Griswold_ "privacy" line of cases is pretty much totally inapplicable
outside the reproduction/sexual activity/family planning context, largely
because they conjure up a "right to privacy" that doesn't really exist in the
Constitution.

~~~
ytpete
I'm still not sure about your claim that private information consists _only_
of "information I don't want anyone else to have."

You can share information with another trusted party and still have an
expectation of privacy (such that the government needs a warrant to compel
access to that information). Conversely, you can have information that you
don't share with another living soul, and the government can _also_ compel
access to that information - e.g. a warrant to search your private belongings.
The standard for how the government can access your information doesn't
automatically change depending on whether you've shared it with 0 or > 0
people.

------
kgilpin
If companies stored customer data encrypted by keys that are held by the
customer, they wouldn't have this problem.

Furthermore, they wouldn't have to worry about deleting customer data either.
The customer would have the power to simply deny access to the keys.

~~~
ddlatham
If the data is opaque to the provider, then there are many services they won't
be able to provide on it (without some major advances in homomorphic
encryption). For example, spam detection or search. Sharing is also made much
more difficult.

~~~
rayiner
There is no reason that stuff can't be done on the client side.

Outlook works just peachy searching my GB's of emails and attachments from its
local replica, using the internet only to sync.

~~~
ddlatham
Not true - there are reasons not to do it on the client instead. Consider a
web email client instead. It's not feasible to login to the site, download a
full archive of your email, decrypt it, and index it before being able to do a
search.

~~~
xj9
IndexedDB[1] sort of makes that a non-issue, doesn't it?

[1]: [https://developer.mozilla.org/en-
US/docs/Web/API/IndexedDB_A...](https://developer.mozilla.org/en-
US/docs/Web/API/IndexedDB_API)

~~~
ddlatham
No, it doesn't. This issue is not technology to store and search data from the
client. The point is not wanting to download everything to every client in the
first place.

~~~
xj9
Personally, I am a fan of p2p applications and doing things locally.
Unfortunately, there are a lot of unsolved issues, especially when it comes to
data storage, like you mentioned.

------
harrumph
Agreeing "for once"?

Hardly. Apple and Microsoft are already on record as agreeing to fix wages,
creating a cartel affecting a million tech workers.

[https://pando.com/2014/03/22/revealed-apple-and-googles-
wage...](https://pando.com/2014/03/22/revealed-apple-and-googles-wage-fixing-
cartel-involved-dozens-more-companies-over-one-million-employees/)

~~~
alyx
You mean Apple and Google.

~~~
harrumph
I mean Apple, Microsoft, Google, et al.

------
throwaway7767
Microsoft has shown that they are quite willing to access induviduals private
data if they have a financial stake in it [0]. Yes, they eventually
backtracked under public pressure (after trying very hard to justify how it's
totally okay because they were going to pay a lawyer to rubber-stamp things in
the future), but it's rather hard to listen to their general council talking
about how they value privacy on principle given their history. It's quite
obvious they only care about privacy insofar as it affects their bottom line.

The article also conflates (intentionally?) this issue with the mass-
surveillance issue, bringing Snowden into it and insinuating that this ruling
would have an effect on that, which is just silly [1].

The whole "Company F" section is interesting (hadn't heard before that
microsoft is challenging the statement that they were willingly providing user
data to the NSA), but it's a bit hard to square with the leaked documents
which list microsoft as the first participating partner in the PRISM program
[2]

[0] [http://www.geekwire.com/2014/microsoft-defends-hotmail-
snoop...](http://www.geekwire.com/2014/microsoft-defends-hotmail-snooping-
windows-leak-investigation/) [1] [http://www.cbsnews.com/news/patriot-act-can-
obtain-data-in-e...](http://www.cbsnews.com/news/patriot-act-can-obtain-data-
in-europe-researchers-say/) [2]
[http://www.motherjones.com/politics/2013/09/nsa-timeline-
sur...](http://www.motherjones.com/politics/2013/09/nsa-timeline-surveillance)

~~~
MichaelGG
Is there any evidence that any companies were _willingly_ going along with
PRISM? Seems like they were under gag orders and potential fines (Yahoo said
$250K a day). Not sure what choice they had.

Though MS accessing user's data via Hotmail for internal review really does
scuttle their credibility.

~~~
throwaway7767
> Is there any evidence that any companies were willingly going along with
> PRISM? Seems like they were under gag orders and potential fines (Yahoo said
> $250K a day). Not sure what choice they had.

I'm not aware of any evidence of their intent, no, just that they assisted in
collection. I believe Glenn Greenwald has stated that they were a willing and
proactive participant, but that that information came from NSA internal forums
and not official documentation so it would not be released.

I don't think it really matters though. Whether they were willing or not, the
end result is the same. If you don't trust the USG, you cannot trust US
corporations (yes, of course this applies not just to the US but others as
well; it's just that we currently have more information about the fiveeyes
programs, and the US is a big player geopolitically so they have interests to
protect in a lot of areas).

On an more personal level, I would say that even if they collaborated with
this under legal threats, they are still morally responsible for their
decisions to support the surveillance state. I cannot accept that we give
people or companies a clean slate for evil just because they had financial
interests to protect. Everyone has financial interests to protect, and it's
usually more convenient to ignore evil than to put oneself at risk.

~~~
dhimes
_I would say that even if they collaborated with this under legal threats,
they are still morally responsible for their decisions to support the
surveillance state_

Perhaps, but at some point they have to be excused if they were complying with
the law. It's our jobs as citizens to ensure we have the right laws. In a way,
it's kind of like blaming the soldiers for the 2003 Iraq war. I don't blame
them. I want them to fight their guts out believing that they are answering
their highest calling (otherwise they lessen their odds of surviving it).

But I want the sonofabitch who sent them there and caused the deaths of all
those innocent Iraqis to go to jail.

------
zeveb
I am not a lawyer, but it seems to me that an American court has the power to
demand that an American citizen produce an item or information under his
control, even if it happens to be in another country (e.g., a man getting
divorced can't drive his car and all his gold and jewelry into Canada to
shield them from his ex-wife). I imagine that most other countries would
behave similarly: being within their borders and subject to their
jurisdiction, they can compel someone to do something.

If that's indeed the case, then it seems that an American corporation—a legal
person with a presence in the United States—may be compelled by a court to
produce items or data it controls outside of our borders.

The thing we need to do is to limit the power of the subpoena generally.

~~~
dpark
> _it seems to me that an American court has the power to demand that an
> American citizen produce an item or information under his control, even if
> it happens to be in another country_

Does the American government have the power to compel someone to violate
foreign law in order to produce an item held in a foreign country? Can the
American government force an American citizen to violate Greek law and take a
million Euros out of Greece for that hypothetical divorce settlement?

This is the scenario in question here. It is illegal in Ireland for Microsoft
to provide the requested information to the US Government. The data resides in
Ireland so complying would require performing an illegal act in Ireland. Does
US law for some reason override Irish law? Can the US government compel
Microsoft to violate Irish law?

~~~
crpatino
> Does US law for some reason override Irish law?

It's pretty simple. Whoever has more guns backing up their laws wins.

------
downandout
Of course this appeal will fail. The US believes that it has jurisdiction
essentially everywhere. One need only look at the FCPA (Foreign Corrupt
Practices Act) to see this firmly held belief in action. The US Government is
increasingly using it [1] to prosecute people and companies it simply doesn't
like by punishing conduct that occurs outside the US that in many cases has no
effect on any US citizen or company.

That said, if you're a high level drug trafficker, and you're not at least
using PGP, you deserve whatever you get. This is Darwinism at work. Even
normal, non-criminals should be using the strongest encryption they can get
their hands on, because no one knows what kind of conduct the government will
seek to punish going forward. Prosecutors get more creative every day in
applying our extremely broad laws to increasingly wide swaths of behavior.

[1] [http://www.fcpaprofessor.com/a-focus-on-doj-fcpa-
individual-...](http://www.fcpaprofessor.com/a-focus-on-doj-fcpa-individual-
prosecutions-3)

------
bitmapbrother
It's important to remember that this is the same company that snooped through
the emails and files of one of their users while looking for evidence of
piracy. They came clean about their snooping moments before court documents
were publicly released that detailed what they did.

------
walterbell
The pending TISA trade treaty may limit data sovereignty,
[http://www.zdnet.com/article/wikileaks-leak-shows-data-
sover...](http://www.zdnet.com/article/wikileaks-leak-shows-data-sovereignty-
threat/)

 _" 50 countries including Australia and the US may be signing away rights to
ensure sensitive customer data remains in its country of origin ... the draft
document reveals that the United States and the European Union are pushing to
prevent signatory countries from preventing the transfer of data across nation
borders."_

------
ewzimm
It's good to know there are people like Brad Smith standing up to government
demands for full access to people's data. It brings up an interesting privacy
contradiction. While storing data locally seems best for privacy, if it's on a
networked computer, there are still ways for people to get it, and unless you
have really good lawyers, nobody is going to challenge governments across the
world if they want to access it. By moving data to the cloud, we are creating
incentives for companies like Microsoft to fight against government intrusion.

------
amgine
It's great this article about Microsoft fighting for our privacy came put in
the midst of the upset over Windows 10 phoning home.

~~~
saraha
Microsoft aren't fighting for _your_ rights here. They are fighting for market
share. Not turning your data over to the FBI is now a product feature.

~~~
ihsw
I can't help but disagree -- they are caught between a rock and a hard place.
Following the demands of one Federal government (Brazil) will result in them
violating the laws of another (US).

They are fighting for a unified legal regime that spans across all
international boundaries.

------
serge2k
> Microsoft has lost twice

No kidding, they are trying to convince the US to recognize that they actually
have limits on their power outside of the country.

------
unics
Not to change the subject but why does this sound like Gibson Guitar all over
again? National law vs External laws = sovereignty?

------
skaushik92
Interesting side note... the author must have originally called this something
along the lines of: "As Microsoft takes on the feds, Apple and Amazon watch
nervously" or something like that, since the link to the article is "as-
microsoft-takes-on-the-feds-apple-and-amazon-watch-nervously".

------
snarfy
If they lose, the solution is of course to re-incorporate outside of the US.

~~~
dpark
Is that a working solution? Does the US government claim jurisdiction over US
corporations or over corporations operating in the US?

------
jheriko
this is sad. for all the misguided hate against the US there is a lot of very
justified hate that comes from these sorts of attitudes coming from its
government and enforcement agencies. they should have more respect for the
laws of other countries, especially somewhere like Ireland which could, not
unreasonably, be called a crime free paradise compared to the US.

its terrifying when law enforcement doesn't understand the difference between
right and wrong...

------
doguozkan
First thing that came to my mind when I read the headline: "Google has to go."

