Microsoft rejects warrant to turn over emails stored overseas

by Mark Tyson on 1 September 2014, 11:00

Tags: Microsoft (NASDAQ:MSFT)

Quick Link: HEXUS.net/qacihr

Add to My Vault: x

Microsoft is taking a stand over email ownership and privacy as it refused a warrant by the US government directing it to turn over customer email data held overseas.

Initially, Microsoft had a deadline of 31 July to hand over the email data in question, which is held in a data centre in Ireland. The warrant was extended in order to provide the software giant enough time to work on an appeal, amid complaints from international companies arguing that the move to seize data held internationally was illegal.

However, despite the suspension being lifted on Friday, as the prosecutors convinced Chief Judge Loretta Preska of the U.S. District Court in Manhattan that her order was not appealable, Microsoft is still refusing to comply with the judge's order and said it would not release any emails during the appeal process. The judge has ordered both the federal prosecutors and Microsoft to advise on how to proceed by Friday 5 September, before the court forces a resolution.

"Microsoft will not be turning over the email and plans to appeal," a Microsoft statement reads, according to WindowsITPro. "Everyone agrees this case can and will proceed to the appeals court. This is simply about finding the appropriate procedure for that to happen."

Technology companies have increasing concerns regarding the US government's requests to extract data stored in foreign countries, fearing that this could damage their relations with these nations and/or their residents. Thus some large tech companies are actively trying to improve the privacy of customers.

Microsoft's move may force Judge Preska to find the company in contempt. Its rivals AT&T, Apple, Cisco and Verizon are all monitoring the case closely and have submitted briefs to support the firm's efforts to contest the federal court order.



HEXUS Forums :: 18 Comments

Login with Forum Account

Don't have an account? Register today!
Wow, that's a turn up for the books - big business being apparently concerned for customers privacy…
… or is it the thought of those customers walking away or, worse still, filing some kind of countersuit in an unfriendly non-US court!

My view on this is a simple one … Microsoft could (and perhaps “should”) freeze that remotely-stored data and in return the US prosecutors should present an appeal to an Eire court. After all - and I realise that this is probably naive of me - if the US case is a genuine one then there should be no objections from their Irish counterparts.

And yes, I realise that the downside of my view is if some unscrupulous company stores their data in somewhere where a US application for access is going to be bogged down, or outright rejected out of anti-US “spite”, e.g. Iran, Venezuela, Russia or China.

Good to see that other companies are coming in to support Microsoft, although I would have perhaps expected Google to be keen to support their rival. Unless they've totally gone over to the dark side of course.
re: Crossy

Pretty sure it is the latter - after all the data-security issues raised by the whole NSA surveillance thing and more ‘revelations’ about how much access the US law enforcement has to any data stored/passing through the US, many international companies are wary of using a US data services. What this court order would do is set a precedent such that the US law enforcement could demand any data held anywhere in the world if it is held by a US company, even if this would be (as in this case) a breach of local data protection rules.

As such, if they were forced to hand it over, companies world-wide would know they cannot use any data storage services provided by US companies for any commercially sensitive information, as no matter the local protections they currently can offer based on where it is stored, the US law intends to ride roughshod over these local rules and force the US company to hand it over. Microsoft (with google/amazon/etc.) being concerned about losing a huge chunk of the potential cloud computing market (not to mention email services etc.) are therefore having to challenge this in court or just walk away from a huge potential market.

Re: Your solution - I agree - this is something that was raised originally. There is an existing mechanism for the US court to request the data via the Irish courts. For some reason, the US court thinks it has the right to ignore that and demand the data directly. I'm pretty sure they'd have a lot to say about it if the Irish court did the same (via the EU wing of a company) and demanded data from American companies/individuals held on servers in America by the US wing of the company without any reference to US courts or data protection laws.
Tpyo
As such, if they were forced to hand it over, companies world-wide would know they cannot use any data storage services provided by US companies for any commercially sensitive information, as no matter the local protections they currently can offer based on where it is stored, the US law intends to ride roughshod over these local rules and force the US company to hand it over. Microsoft (with google/amazon/etc.) being concerned about losing a huge chunk of the potential cloud computing market (not to mention email services etc.) are therefore having to challenge this in court or just walk away from a huge potential market.
Good point - the cloud storage angle is a good one since everyone seems to suggest that this is a good future money-spinner. If I was “corporate America” then I'd be leaning on my tame senators hard to get that “US everywhere” idea dropped like a lead brick wrapped in concrete.
Tpyo
Re: Your solution - I agree - this is something that was raised originally. There is an existing mechanism for the US court to request the data via the Irish courts. For some reason, the US court thinks it has the right to ignore that and demand the data directly. I'm pretty sure they'd have a lot to say about it if the Irish court did the same (via the EU wing of a company) and demanded data from American companies/individuals held on servers in America by the US wing of the company without any reference to US courts or data protection laws.
Again a good point, especially that latter part. And building on that, I've got to wonder if it'd be possible for a company to end up in a Catch-22 situation. For example, if you'd got Google with servers in Germany and Homeland Security demands - and gets - personal data on some German national that perhaps they think a terrorist. Trouble is that said suspected terrorist could surely then file a legitimate complaint (i.e. a winnable one!) under German data protection law. So effectively Google would get US sanctions if they refuse, but German sanctions if they comply.

Maybe that US court needs to get a David Bowie/Pat Metheny track played to them by the Irish ambassador. That track obviously being "This is not America"
crossy
I've got to wonder if it'd be possible for a company to end up in a Catch-22 situation. For example, if you'd got Google with servers in Germany and Homeland Security demands - and gets - personal data on some German national that perhaps they think a terrorist. Trouble is that said suspected terrorist could surely then file a legitimate complaint (i.e. a winnable one!) under German data protection law. So effectively Google would get US sanctions if they refuse, but German sanctions if they comply.

"

Exactly, that is pretty much what could happen here - taking the data would be in breach of EU/Irish law if it didn't go via the Irish courts!
Tpyo
Exactly, that is pretty much what could happen here - taking the data would be in breach of EU/Irish law if it didn't go via the Irish courts!
And Irish law doesn't allow for divulging broad personal correspondence just for a fishing expedition/piling more hay onto the data mining hay stack. That's why the US prosecutor didn't bother petitioning the Irish courts.