I suspect that for organisations like Microsoft and Apple it's about profitability. If they can't protect their non-US clients' data they stand to lose those clients. That loss must surely be greater than the legal cost of "standing up to the US government".
An episode of the Cybersecurity Podcast with Peter Singer was recently talking about the Snowden leaks and how the west coast (Apple, Microsoft, et. al.) had to go to the east coast (Washington, Pentagon) and tell them to stop saying that the government spying was only on non-US citizens and foreigners since that demographic is still the vast majority of their business.
All corporations have a primary responsibility to benefit their shareholders. That they can combine it with a noble cause is an added bonus.
Quite honestly, I don't think they would lose that many clients. The USG has been trampling over the rights of non-US citizens for years. Snowden's leaks showed just how bad that is. The truth is that the vast majority of those people don't care enough to do anything about it.
Even people who do care (and are technologically minded) still have their Gmail, Yahoo and Hotmail email accounts and online file storage. The effort required to change is greater than the threat to their privacy.
That will not change until the loss of their privacy actually has a visible and impactful effect upon those people. I.e. people start being persecuted by the government for their beliefs or actions in private.
Modern western government's are too smart for that though. Those kind of non-subtle sledgehammer tactics don't work in a society where bad publicity can't be controlled. As an example, see the UK government's U-turn on immigration policy after the public's reaction to a photo of a two year old drowned immigrants's child on a Greek beach laying face down in the waves.
> All corporations have a primary responsibility to benefit their shareholders.
This is false. The mission statement of the company lays out its responsibility and what shareholders can expect. Shareholders choose to invest or not. A not-for-profit company is an example.
That national governments spy on their citizens and each other is immaterial. If cloud providers cannot adhere to the EU data protection directive, EU organisations will be legally bound to find services that can.
> Quite honestly, I don't think they would lose that many clients.
You're underestimating the amount of industrial espionage that the U.S. does to favour its multinational corps. MS, Apple et al. were fine to benefit from the fragments this might bring them when it was a fairly well guarded secret and it was assumed that the U.S. was on relatively equal footing with other countries such as France, UK, Germany, Japan in this regard. The Snowden leaks show that the NSA capacity is a couple orders of magnitude larger than any other country and suddenly the U.S. players would lose more business through distrust than they would gain through government espionage.
You're saying the parent is underestimating, and yet you provide zero proof of that underestimation. Without anything to go on, in regards that Microsoft or Apple (et al) benefit from NSA or similar derived industrial espionage, you're just slandering them with empty accusations.
All corporations have a primary responsibility to benefit their shareholders.
Wandering off-topic as I am, that's just an opinion that gained ground in the seventies. Not everyone thinks it's a good idea and with any luck it'll die eventually.
At the end society is build on cost-vs-benefit calculations, while you might not steal a car because it's morally wrong you most likely do so because you don't want to go to prison, if government could enforce internet piracy on any reasonable level whether you support file sharing or not you wouldn't be downloading anything if it meant getting a 100,000 fine a week later either.
I find it hard to believe the USG wasn't bluffing. There's no way Yahoo could hide a $250 per day fine on the balance sheets, and the government would not want that disclosed.
There's no way Yahoo could hide a $250 per day fine on the balance sheets,
$250 * 365 = $91250
Yahoo's latest quarterly revenue was a little over 1.2 billion dollars[0]. A little over $90k listed under "court fees" would probably not cause anyone to blink an eye.
Other companies as well as individuals paid similar fines, the fine is usually put on a "contempt of court" charge rather than on the actual case being brought up, so no they weren't really bluffing.
To be fair, responding to a warrant for stored information and installing a backdoor in your software are two pretty different matzah balls.
If the servers in question were on US soil, Microsoft would comply with the warrant in about a second and a half. They're not "sticking it to the man, man" by refusing this particular request. It's just a question of legality.
Absolutely. For anyone to believe otherwise is a bit ridiculous, especially considering how this same company has built backdoors for the very same government into their flagship products over the years. Microsoft is just crossing t's and dotting i's. Nothing to see here.
Unless of course the whole article was meant to make everyone think how much Apple cares about your privacy, a day before the new iPhone is launched, and for law enforcement people to mislead people into thinking using iMessage can protect them.
Yeah, and when Apple updated their TOS to address "security concerns", their warrant canary disappeared and reading between the lines they admit to giving away user data to the government. Something about "we follow the law to protect our users - your data is safe".
There is a continuing theme here. It's not about warrants or jurisdictions or cooperation. Its secrecy. They don't want to ask for help from Ireland because they want to do things in secret. They don't really want to get a warrant either, but MS can and has required at least that much. End to end encryption bothers them, not because it's unbreakable, but because they'd need to get a warrant to search the persons stuff at the end node - and that would violate their ability to snoop in secret. Granted, once you search one guys stuff, the other bad guys will know you're on to them. But at the end of the day the agenda seems to be a desire for secrecy (and autonomy). There are pros and cons to that, I'm just pointing out what they're really after.
What's particularly worrying to me is that the US government has repeatedly applied very odd standards in cases like these. E.g. for a long time, government agencies upheld that they were allowed to read anybody's email without even obtaining a warrant, as long as the email is stored in the cloud.
Giving a country with such low legal standards and civil rights protection access to large swaths of all data is wrong.
(The government's view is that the Stored Communications Act, even with this exception, is much more protective than what would be constitutionally required, because of the third party doctrine, which says that constitutionally you don't have any expectation of privacy in information that you gave to a third party.)
What Microsoft should do is put a business moratorium on the US government and refuse to do business with them. Refuse to sell them any products, to equip them in any way whatsoever. All branches of government, all levels of government, should be denied access to Microsoft's product.
That would fix this and many other problems in one fell swoop.
It wouldn't. The US Government is extraordinarily dangerous and powerful. In the case of Microsoft taking such action:
1) The Feds have the guns. That specifically includes the general threat of guns-out federal agents storming the Microsoft campus for trumped up reasons to make a raw show of power. Microsoft's stock would plunge.
2) They have the IRS, Homeland Security, DOJ, FCC, FTC, SEC, and every other agency they could possibly need to break Microsoft's leadership and its board of directors. It would be done within a month and would be tragically easy.
Just the smallest potential of this type of scenario would have MSFT shareholders shitting their collective pants.
The US Government directly lords over all interstate commerce, in dozens of ways. They could, within the span of a few days, rule that Microsoft was impeding interstate commerce, posing a danger to national security, and they could order federal agents to take control of Microsoft; that wouldn't occur, it would merely be hinted at, at which point most of the board would immediately resign as would the CEO; the US Government would then watch as a new temporary board and CEO is installed. The US Government is able to force ports open - if need be - on the same basis they would use to force Microsoft 'open.' They could do it with either a soft touch, or be as forceful as necessary.
Also, you can argue that Google has been punished for daring to stand up to the US government (for example wanting to warn wikileaks about surveillance of its employees). Perhaps it's coincidence, but the Obama administration recently sided with Oracle in its litigation against Google. That is the sort of thing you can expect when going against the US government. Also, you give up help when it comes to things like antitrust lawsuits.
It wouldn't ever come to this, but even theoretically, you haven't thought through what would really transpire.
1) The Feds do have guns, but Microsoft has an extraordinary amount of goodwill, and media connections, and political connections, the foremost being the POTUS. He would not dare piss off one of the most powerful corporations in the world and risk the ensuing media malestrom that would have heads rolling from his office on down. They say our goverment has 3 branches, but it really has 4, the 4th being the intensely powerful news and internet media, which microsoft's tentacles even today spread very deep, and from which all politicians draw their votes. If it came to this, the president would face increasing scrutiny and actions of congress to block whatever he wanted to do (especially a republican congress) in order to save their own ass.
2) All these other agencies are enforcement angencies and fall under the jurisdiction of the POTUS. They would not act quickly (and would have to follow legal procedure, it's not as if these orgs just jump when the president says "sick em boy").
Men aren't men anymore. If I owned Microsoft I would dissolve it and blow its ashes to the four winds quicker than the Feds could wonder whether their holsters are fastened. After all it's my company and I'm still free to pulverize my own company in this country if I so choose, right?
I would not choose to continue making money and pleasing shareholders if it meant abetting the government in what they're demonstrating they're intent on pursuing.
It would be the end of Microsoft within 5 minutes. I'd be out of the country along with the Men (and Women of principles) that helped me pulverize it within 5 minutes.
There's always a way to do it. They could do it and put the government in its place. But no one thinks they are man enough to do it, and so it doesn't get done.
Yeh, we in Ireland have been a target for GCHQ for decades, long before PRISM and ECHELON. However, it doesn't negate the fact that the US, UK Courts don't have the right to violate our sovereignty as they see fit. Unfortunately politicians in Ireland would rather dig the head in the sand (as usual) on this sort of issue.
It is not easy to stand up to the US government. Many smaller firms do not have the clout nor the funds to do so.
In making this stand, it will hopefully set a legal precedent, to make sure that the USG abide by the rules of international law.
Here is the EFF's opinion on the matter: https://www.eff.org/deeplinks/2015/09/eff-applauds-apples-re...
Microsoft are not the only company batlling with the USG over user privacy, Apple (iMessage and other user data) is also making a stand: http://www.nytimes.com/2015/09/08/us/politics/apple-and-othe...