29-04-2014, 10:29 #1
[EN] Juiz americano ordena Microsoft entregar dados armazenados na Irlanda
Microsoft previously said it planned to offer business and government clients control over where their data resided.
A judge in the US has ordered Microsoft to hand over a customer's emails, even though the data is held in Ireland.
The company had attempted to challenge the search warrant on the basis that the information was stored exclusively on computer servers outside the US.
Microsoft previously said it planned to offer business and government clients control over where their data resided.
This followed concerns about data privacy raised by whistleblower Edward Snowden's leaks about US spying.
But the ruling potentially undermines that pledge.
The judge said warrants for online data were different to other warrants.
The search warrant, which was issued to Microsoft by US authorities, sought information associated with a member of the public's email account including their name, credit card details and contents of all messages.
Microsoft said it would continue to oppose the release of the Dublin-stored data.
"This is the first step toward getting this issue in front of courts that have the authority to correct the government's longstanding views on the application of search warrants to content stored digitally outside the United States," it said.
Judge James Francis in New York said that this was true for "traditional" warrants but not for those seeking online content, which are governed by federal law under the Stored Communications Act.
He said the warrant should be treated more like a subpoena for documents. Anyone issued with a subpoena by the US must provide the information sought, no matter where it was held, he said.
Law enforcement efforts would be seriously impeded and the burden on the government would be substantial if they had to co-ordinate with foreign governments to obtain this sort of information from internet service providers such as Microsoft and Google, Judge Francis said.
In a blog post, Microsoft's deputy general counsel, David Howard, said: "A US prosecutor cannot obtain a US warrant to search someone's home located in another country, just as another country's prosecutor cannot obtain a court order in her home country to conduct a search in the United States.
"We think the same rules should apply in the online world, but the government disagrees."
A new data-protection law, currently being drafted by the European Union, aims to make sure companies no longer share European citizens' data with authorities of another country, unless explicitly allowed by EU law or an international treaty.
In response to the ruling in the US, Mina Andreeva, European Commission spokeswoman for justice, fundamental rights and citizenship, told the BBC: "The commission's position is that this data should not be directly accessed by or transferred to US law enforcement authorities outside formal channels of co-operation, such as the mutual legal assistance agreements or sectoral EU-US agreements authorising such transfers.
"Access by other means should be excluded, unless it takes place in clearly defined, exceptional and judicially reviewable situations."
Ms Andreeva also said that "the European Parliament reinforced the principle that companies operating on the European market need to respect the European data protection rules - even if they are located in the US."
Earlier this year German Chancellor Angela Merkel proposed building up a European communications network to help improve data protection and avoid emails and other data automatically passing through the United States.
Both of these actions were prompted by allegations of mass surveillance by the US National Security Agency.
Microsoft is hoping for a review of the decision from a federal district judge.
29-04-2014, 10:35 #2
Microsoft to shield foreign users’ dataJames Fontanella-Khan and Richard Waters
Wednesday, 22 Jan 2014
Microsoft will allow foreign customers to have their personal data stored on servers outside the U.S., breaking ranks with other big technology groups that until now have shown a united front in response to the American surveillance scandal.
Brad Smith, general counsel of Microsoft, said that although many tech companies were opposed to the idea, it had become necessary following leaks that showed the U.S. National Security Agency had been monitoring the data of foreign citizens from Brazil to across the EU.
"People should have the ability to know whether their data are being subjected to the laws and access of governments in some other country and should have the ability to make an informed choice of where their data resides," he told the FT.
Mr Smith added that customers could choose where to store their data from a variety of existing Microsoft data centers. For example, a European client could choose to have their data stored in the group's Irish data center.
The scandal over the NSA's illicit internet surveillance and the bulk collection of phone records has caused tensions between the U.S. and even some of its closest allies. The revelations sparked a global backlash, from calls for tighter privacy rules in Europe to a draft law in Brazil that would require all data about citizens to be held inside the country. Internet companies argue that this would balkanise the internet, turning it into a patchwork of national or regional systems.
Microsoft's gesture was immediately welcomed by privacy advocates, though it looked set to open a rift between the tech companies as they struggle to deal with the damage from the surveillance scandal.
"It's incredibly positive," said Jeff Chester, a U.S. privacy campaigner. "If they're really making a public commitment to store [data] locally then they will be breaking with the rest of the industry."
Some critics of the idea have questioned whether such a move would be effective in putting the personal data of non-Americans outside the reach of the NSA, since U.S. tech companies have to hand over information about specific users when ordered to by a secret U.S. court, regardless of where it is held.
However, keeping the information off U.S. soil and under local data protection rules should make it harder for the NSA to tap into illicitly, Mr. Chester said. "If the data are not being transported, then it does stop that kind of access."
Jon Gordon, Jon Gordon Companies CEO, explains why it will take a rare and special person to lead the tech giant to the next level of growth after Steve Ballmer's departure.
The Microsoft offer follows a joint statement from the main U.S. Internet companies last month denouncing any requirement to hold data locally, as has been proposed in a draft law in Brazil.
A person at one leading internet company, who refused to be named, said on Wednesday that being forced to set up data centers in every country would be prohibitively expensive, especially for start-ups that cannot afford facilities in multiple countries.
Mr. Smith acknowledged that it would be expensive but added "does it mean that you ignore what customers want? That's not a smart business strategy."
Following revelations made by Edward Snowden, the former NSA contractor, EU companies and consumers have become concerned about the way U.S. tech groups such as Google, Facebook and Microsoft share their data with U.S. authorities.
Although all major U.S. tech companies have denied giving American security agencies a "back door" into their networks, overall trust among many of their service users in Europe remains low by their own admission. "Our entire industry is concerned that some customers outside the U.S. are feeling less confident with [American] online services today," Mr. Smith said. "Technology today requires that people have a high degree of trust in the services they are using . . . The events of the last year undermine some of that trust [and] that is one of the reasons new steps are needed to address it."
Mr. Smith also said that the U.S. and EU should consider signing an international agreement that ensures they will not try to seek data in each other's territory via technology companies.
"If you want to ensure that one government doesn't seek . . . to reach data in another country, the best way to do it is . . . an international agreement between those two countries. Secure a promise by each government that it will act only pursuant to due process and along the way improve the due process."
He argued that the existing "Mutual Legal Assistance Treaty" mechanism used by the U.S. and EU to protect individuals' rights from the two blocs is outdated: "It needs to be modernized or replaced."
29-04-2014, 10:37 #3
One step on the path to challenging search warrant jurisdiction25 Apr 2014
Posted by David Howard
Corporate Vice President & Deputy General Counsel, Microsoft
The U.S. government doesn’t have the power to search a home in another country, nor should it have the power to search the content of email stored overseas.
To protect this principle, we filed a formal legal challenge months ago to a U.S. search warrant seeking customer email content that is located exclusively outside the United States. Today we received an initial decision that maintains the status quo but is a necessary step in our effort to make sure that governments follow the letter of the law when they seek our customers’ private data in the future.
When we filed this challenge we knew the path would need to start with a magistrate judge, and that we’d eventually have the opportunity to bring the issue to a U.S. district court judge and probably to a federal court of appeals. Today the Magistrate Judge, who originally issued the warrant in question, disagreed with our view and rejected our challenge. This is the first step toward getting this issue in front of courts that have the authority to correct the government’s longstanding views on the application of search warrants to content stored digitally outside the United States.
While the law is complicated, the issue is straightforward. It’s generally accepted that a U.S. search warrant in the physical world can only be used to obtain materials that are within the territory of the United States. A U.S. prosecutor cannot obtain a U.S. warrant to search someone’s home located in another country, just as another country’s prosecutor cannot obtain a court order in her home country to conduct a search in the United States. That’s why the U.S. has entered into many bilateral agreements establishing specific procedures for obtaining evidence in another country. We think the same rules should apply in the online world, but the government disagrees.
To be clear, we respect the critical role law enforcement plays in protecting all of us. We’re not trying to frustrate any government investigations, and we believe the government should be able to obtain evidence necessary to investigate a possible crime. We just believe the government should have to follow the processes it has established for obtaining physical evidence outside the United States.
Bringing these types of jurisdictional challenges is one of the data privacy commitments we made in December, and we’ll continue to pursue this issue because we believe we’re right on the law and because our customers have told us they value our privacy commitments.
29-04-2014, 16:23 #4
US judge: our digital search warrants apply ANYWHERE
Azure looking less lovely as Microsoft ordered to hand over e-mails held in Dublin
Microsoft has been told by a US District Court that it must hand over e-mail details to an unnamed law enforcement agency, even though that data is held offshore.
In a case that will exacerbate concerns in non-American countries about the extra-territorial reach of US laws, a magistrate in the District Court of Southern New York, Judge James Francis has ruled that the tech giant “cannot refuse to turn over customer information and emails stored in other countries when issued a valid search warrant from U.S. law enforcement agencies,” according to Reuters.
The ruling will be a blow to Microsoft's attempts to assure non-US customers that their cloud data is safe from American spooks' demands for access. The company has criticised countries like Australia for policies that require government data to be stored locally: now, it will be fighting a ruling that extends US search warrants' reach into offshore data centres.
The judge's reasoning is based on an efficiency argument: if Microsoft isn't obliged to hand over the information the warrant seeks, the unnamed US law enforcers seeking the identity of (and other information about) the unnamed target of the warrant would have to coordinate with bodies in other countries (in this case, Ireland, since the data is held in Dublin).
A requirement for such coordination would mean that “the burden on the government would be substantial, and law enforcement efforts would be seriously impeded”, Judge Francis stated. He also ruled that the US Stored Communications Act is not bound by the same law as restricts search warrants to US territory, since the SCA covers digital communications.
That's because Judge Francis chose to treat the warrant as the equivalent of a subpoena, in which documents demanded by the court must be produced, no matter where they're held.
Microsoft has responded by saying that customer data outside America shouldn't be subject to search and seizure by US authorities, and is seeking a review of the decision. Reuters says a Microsoft statement says “A US prosecutor cannot obtain a U.S. warrant to search someone's home located in another country, just as another country's prosecutor cannot obtain a court order in her home country to conduct a search in the United States. We think the same rules should apply in the online world, but the government disagrees.”