Agreed. Hopefully this encourages more people to stand up to unreasonable violations of privacy from our government.
> And for perhaps the first time ever: bravo Microsoft! I don't even care if you did if for the PR, it's still a brave stand.
The question of whether a company is following principles or motivated by profit/PR is so strange to me. The question is nonsense and the answer irrelevant.
Microsoft is not a person with principles. It's 90,000ish people with different principles. I'm sure some people really believe in the right to privacy, some want to avoid angering customers, some don't care, etc. The reasons and motivations behind a company's actions are as diverse as the actors involved.
We could argue about motivations all day, like the responses to your comment are doing, but it's pointless and irrelevant. Unless you want to hone in and talk about individual people there's no answer to the question, and we're just trading vague meaningless opinions. It's like arguing whether a mountain is rocky or sandy. Chances are that I can find both, so we should either get more specific or talk about averaging via a survey. It happened, and the results are the same.
> Microsoft is not a person with principles. It's 90,000ish people with different principles. I'm sure some people really believe in the right to privacy, some want to avoid angering customers, some don't care, etc. The reasons and motivations behind a company's actions are as diverse as the actors involved.
No, they really aren't. It's not even true for a democracy, where "we the people" get to vote for a small elite, which in turns will enact laws taking into account lobbying pressure, pressure from political allies, personal interests, likelihood of being re-elected, and occasionally the interest of the people and personal convictions.
A company, especially at this size, is not a democracy. Maybe the janitor believes in privacy, and the clerk trusts the government, but at the end of the day, strategic decisions like this one rest in the hand of a small group at the top. Some of them may occasionally put their principles before "shareholder value" or "next week's bonus", but it looks pretty rare in practice.
What I can't believe is that people seem to be seriously suggesting taking power away from the justice system.
Are we truly that insane ?
Wasn't the whole problem with "spying" that there wasn't judicial oversight ? Here we have a case where federal prosecutors went for judicial oversight, were put in the right by a judge. Isn't that exactly what you'd want ?
Laughable comment in the article:
> Let there be no doubt that Microsoft's actions in this controversial case are customer-centric.
Really ? Have we truly forgotten this quickly what happened ?
Btw : keep in mind that this case is also about setting precedent. That is why both parties want it to go to appeal, and don't care about the outcome of this particular trial. It is beside the point. Both the US federal police and Microsoft want the American justice system to decide this issue, and well, the current judge can't make that decision (well, technically it wouldn't be final).
So keep in mind this judge is mostly doing the minimum her job requires and trying to be home in time for dinner here. There is no decision made, nothing like what the article claims has happened, legally speaking.
>Wasn't the whole problem with "spying" that there wasn't judicial oversight ?
There was judical oversight... the FISC... aka the rubber stamp
That is the problem with the judiciary today, they have abandoned their responsibility to be a check on government power and instead take the government at their word and rubber stamp everything unless there some defense (which is often not even allowed as these orders are given ex parte in many cases) proves they should be denied
Seriously, I can't even count the amount of times I read about a company doing something good/bad/neutral in a day and reading comments about said action that boil down to "they only did it for money". Who fucking cares what their motivations are, a business is an entity designed to make money and they are made up of multiple different people with different morals and convictions. I wish these people would comment on the actual events and not the "corrupt money grubbing motivations" behind said events.
Because, examining the motivations of the decision makers at Microsoft in this case, allows you to better predict what their actions in the future will be. Seriously, I can't count the number of times on HN, both in this instance and in the past, people have missed this basic principle. Sure, it's great that Microsoft did it in this case, regardless of their reason, but how you should perceive the safety of your data with Microsoft going forward, depends entirely on why they did it. If they did it purely for fiscal reasons, or some combination of fiscal, public relations, and moral reasoning, then how will they act when there is no monetary benefit to be gained by safeguarding their customers' data?
Microsoft is not a person, but it is an organization, and like every organization has a corporate culture. For me, it's absolutely like having a character, exactly like a person has. It certainly starts with the founders, but grows with the company through years of hiring decisions, personal example, and internal communication.
A company, as an organization, can be intelligent or stupid, creative or conservative; it can have social intelligence (Facebook), or it can never get it right with people, but be an excellent engineer (Google). So I don't see why we shouldn't treat an organization as being moral, or immoral, humane or inhumane. By these lines, it's certainly a valid question whether Microsoft is showing character, and high moral standards, or is it simply doing it for personal gain.
I'm really shocked so many people see this as even a question.
I work for a company very similar to Microsoft. If this happened to us, we would do the same thing, for the very same reason.
We would lose every Cloud customer from another country immediately if this was followed. All our work investing and building data centers in the world would be wasted. Companies would pull away all contracts for Cloud work, and we would gain no new ones. It would be the end of the Enterprise Cloud.
Treating Microsoft like "a" person, hmm. I think that works, but we have to consider that persons are rarely 'plain', exhibiting simplistic behavior. If we are to consider Microsoft as person, like we are, we ought to consider it can exhibit truly good and truly bad behaviors sometimes.
That being said, have Microsoft's past mistakes been too big that (what some consider) the good behavior exhibited lately regarding privacy issues is a drop of pure water in an ocean of oil? I'm not implying anything, just asking to provoke thinking.
Can people change? Can large companies change their character? Is Microsoft changing or we are seeing some schizophrenic good actions lately? Food for thought :)
Violating the EU data protection directive would make microsoft liable for a fine of up to 5% of global turnover. Microsoft has been the recipient of EU fines before, so they are likely to wish to play it safe. On the other hand, violating a court order will find them in contempt of court, which may also lead to coercive fines. Since they're facing fines either way, can we assume they are actually making a moral stand here?
No, we can't assume that, for the simple reason that the logical financially motivated conclusion to that is take whichever path will result in less fines. I'm not experienced in this area but I doubt the US would fine Microsoft anywhere close to 5% of it's global turnover for contempt of court while an appeal is pending.
As others have pointed out, the prospect of fines is not the only factor motivating Microsoft. There is also the dwindling trust of potential customers in Europe. If they roll over to the US government on this one, it's another strong argument for anyone in Europe to avoid the MS cloud.
That's incorrect. European governments are "just taking it" when it comes to some areas; in particular anything to do with security is left to the US to do as they please, because they bear the brunt of our defensive needs (something that is not going change anytime soon); and multinational companies are powerful because of their money, regardless of where they come from.
In this case, EU data-privacy laws emerged as a way to harmonize EU trade and law enforcement practices. They were then made compatible with US laws through various international agreements and treaties. Things were working, more or less.
Then the US Congress passed the PATRIOT Act in haste, and broke everything. It took years to sketch out a way to make these incompatible laws work together, sort of. Grey areas were swept under the carpet, in hope that particular circumstances they covered "would never happen". Now they are happening, due to a combination of factors (the emergence of cloud computing, NSA revelations, differences in foreign policy stances, etc).
Until Microsoft keeps this stance and the US legal landscape allows them to, EU governments simply don't have to do anything - the Data Protection Directive holds, US law enforcement yields. If MS is actually forced to hand over the data, then a response will be required from our side of the pond.
I don't think the US ever "rushed in" to attack Russian forces; even in the heated 1960s, people thought long and hard before pushing those nuclear buttons. There are many ways to provide military aid, not all of them involving your own troops; and with the rise of a strongly anti-Russian EU Commission, I bet all these options will be considered sooner rather than later. At the end of the day, it took years for NATO to intervene in Yugoslavia, a situation far less problematic than Ukraine (from the point of view of Russian engagement); but then they did intervene, twice.
In the grand scheme of things, EU defense relies immensely on US forces and there are no signs that this is going to change anytime soon. The UK is struggling to just maintain capability, let alone expand it to replace allied resources. The French are now 100% integrated in NATO and have enough on their plate by caring for their African ex-colonies anyway. Italy and Spain can't pay state pensions, let alone expanding their military. The only country with some spare capacity would be Germany, which cannot do it for historical and political reasons.
In fact, what the Ukraine crisis is showing is how Europe still cannot say no to the US in security matters: it was the US administration that pushed for escalating Maidan (remember "fuck the EU"?), it was the US administration that pushed for sanctions (with Europeans going along grudgingly) and it's the closest US allies (UK, Poland) who are now leading the charge for further escalation... and finding no formal opposition, despite plenty of grumbling across the continent. Because in practice, nobody can afford to lose their US umbrella.
As a U.S. citizen, I have been extremely confused about why there has been no global response to Ukraine, especially from Europe. You seem to be implying that the EU does not care about Ukraine at all and is only responding to the crisis there to the extent the US is pushing for it (i.e., not very much).
Why not? Surely Europe doesn't want to set a precedent that Russia can foment and fund an "opposition", claim the existence of such an opposition means that the territory it is in should be annexed, and then annex it. I would have expected that Germany of all countries would recognize these tactics for exactly what they are: almost a direct replay of Hitler's pre-WWII tactics. It should be all the more galling because the proximal cause was that Ukraine was too "pro-EU". Yet the EU doesn't lift a finger. AFAICT, Obama doesn't do much because he is more concerned about ISIS, and sees Ukraine as a European problem.
> Then the US Congress passed the PATRIOT Act in haste, and broke everything. It took years to sketch out a way to make these incompatible laws work together, sort of. Grey areas were swept under the carpet, in hope that particular circumstances they covered "would never happen". Now they are happening, due to a combination of factors (the emergence of cloud computing, NSA revelations, differences in foreign policy stances, etc).
This is what judges are always complaining about. Congress/parliament wants to look good and votes stuff in with utter disregard to the legal implications and how it interacts with other laws.
There is still a big fight in EU law about equality between men and women interaction with divorce proceedings (you can imagine how long this has been going on). Before the equality vote is was okay to treat women differently when it comes to infidelity. Why ? Because in practice, offspring resulting from infidelity has rights (ie. inheritance + money) from both partners in a marriage. If a man has extramarital offspring, he can choose to not be known and he can choose not to be the legal parent. But men and women are equal, it's in the law.
So ... what do we do ?
a) can women deny legal parentage for kids (this would be a disaster for those kids) after giving birth ? The answer is no. Men, of course, can do this for obvious reasons.
b) will we force natural parentage to be registered ? (problem here is, of course, that in many cases it's simply not known. And if the woman doesn't know, gets it wrong (unintentionally or otherwise) or isn't talking, what are you going to do ?)
c) do you revise legal parentage during divorce proceedings (again, in many cases a disaster for the kids)
For obvious reasons, parliaments are not touching this with a 10-foot pole.
> In this case, EU data-privacy laws emerged as a way to harmonize EU trade and law enforcement practices. They were then made compatible with US laws through various international agreements and treaties. Things were working, more or less.
I wonder why this even needs to be stated, but of course EU privacy laws do not protect against search and seizure as part of a criminal investigation.
Criminal investigations in the USA have obviously no legal standing in the EU. What the US would have to do in that case would be to contact European law enforcement and ask them to help them.
Which they wouldn't do, because what they would ask would be against the law.
There is the Data Protection Law, which makes, as far as I understand, transferring data to the US as ordered by the judge illegal.
That said, why would you be surprised that the same governments happily collaborating with the NSA wouldn't do anything about privacy? We're pretty lucky as it is to have a privacy protection law at all.
The job of a judge is exactly to NOT see "what is wrong with this". Activist judges are very, very bad.
Congress, and to a lesser extent POTUS, are the parties that have voted in these laws and are controlling the agencies doing this, and have the power to change them. Judges should NOT attempt to do so. That is the very definition of what a judge does.
False, activist judges can be good or bad, but are usually good. Unless you are anti-abortion, anti-gay marriage, anti-desegregation, then yeah, you might think it's terrible.
I prefer the term "pro-democracy" and pro "having a law".
Both parties have mastered using presidential appointments to the supreme court to "change" the law. This is very bad, as they're not supposed to be in control of that. The judiciary's "check and balances" check is mostly to prevent congress from going against the constitution (ridiculous example: voting slavery back in with 51% of votes). That is their function.
Because if you believe they did it on principles, then you will have misplaced your trust and be worse off in the future. Microsoft has also turned over user information to the government. That doesn't sound like principles - at least not the same principles that I care about.
Well, we can say that every company does everything only for money, and that's probably not far from the truth. However, exactly because this can be taken as an universal truth, it's generally advisable to not ponder on this while discussing what and how they do, because it does not add anything to the conversation. In this case, we can agree that it's the right thing (for us). Similarly, if you buy a good car, you don't always think on that 'they made this only for money'.
Huh? Of course it makes sense to ponder on the reasons behind a particular companies decision? That is what we call "the stock market". Theres such a thing as strategy.
What I'm saying is that there are companies that care about your data for it is their strategy, and then there are companies like Microsoft that will happily steer the ship given whatever wind is blowing at them on any given day.
There isn't any pondering needed. They are doing it because if they follow this request it will destroy their enterprise cloud computing entirely. That's reason alone to do it.
It would destroy an entire business of theirs. It's vital to their very survival to stop it. It's not even a question, this is as large of an attack on their business as there could be.
Good question. I'd say they're barely distinguishable. If MS relents, they're allowing a breach of trust that will make current and potential customers shop for non-US-based competitors.
I'm guessing this is inevitably already going to happen over time....
You can't have people unlearn what they have learned. If your wife cheats on you, even if she manifestly passes on an opportunity to do it again in a well publicized display, you are going to have a hard time trusting her from then on and if fidelity is important to you, you may start to examine your options...
Microsoft isn't going anywhere soon. They are embedded. But they are not going to be generally trusted again by many, and I don't believe this can be fixed by a couple of high profile PR schemes. This isn't MS hatred nor NSA rejection. Just stating the reality of the situation. Alternatives are going to be looked for and this case won't change that.
On #2, they do tell their customers that, in fact it's even a significant component of their cloud marketing. One of their attempted selling points vis-a-vis Google Apps for Business is that going with Microsoft for things like hosted email is safer from an EU-compliance point of view.
Well, I'd rather say all of these are valid reasons. Plus, not breaking the law in other places. Complying with this court order may get you sentenced in where you took the data from.
> Also it would be interesting to see if someone would be criminally liable in Ireland.
That's the most principally interesting thing here IMHO... Can the government of one country compel a citizen to commit a crime in another country? At least in Sweden it could easily be considered a form of espionage to hand over emails to a foreign government.
A few years ago I would have ended that question with !?!?!?, now I'm not so sure... :(
> Judge Preska of course feels differently, and she has consistently agreed with the prosecution argument that the physical location of email is irrelevant because Microsoft controls the data from its base in the United States.
I find this bit very interesting. As opposed to Microsoft being a US company, it is that it's operations are located in the US. I wonder what effects this decision could have on the US labor market if companies relocate operations in the same way they relocate certain things for tax avoidance.
> if companies relocate operations in the same way they relocate certain things for tax avoidance.
They already do. Umpteen companies run servers in this or that country for specific legal reason which are not necessarily related to taxation. Classic case: companies with dubious stands in regard to copyright law.
The PATRIOT Act already forced a number of companies to open European datacentres to satisfy particularly-picky customers; it's just that this particular threat was considered mostly theoretical... until Edward Snowden proved the opposite. Now all cloud-services providers must prove their virginity or risk losing sizeable chunks of lucrative European markets, hence why Microsoft is making a stand (on this case, at least).
I do applaud them: if anything, once this process is over, we'll have a clearer picture of what exactly the US government can or cannot ask from US-based cloud companies. We're currently in a fog where the law says certain things but practical experience says another. A realignment in one way or the other would be most welcome.
>The PATRIOT Act already forced a number of companies to open European datacentres to satisfy particularly-picky customers;
It's not picky customers, it's everyone. It's literally the first discussion that occurs. Any company in any part of the world wants their data in a datacenter near them, that follows rules they are comfortable with.
It cannot be overstated just how important this issue is to foreign companies.
> Despite a federal court order directing Microsoft to turn overseas-held email data to federal authorities, the software giant said Friday it will continue to withhold that information as it waits for the case to wind through the appeals process. The judge has now ordered both Microsoft and federal prosecutors to advise her how to proceed by next Friday, September 5.
> Let there be no doubt that Microsoft's actions in this controversial case are customer-centric. The firm isn't just standing up to the US government on moral principles. It's now defying a federal court order.
Whoever wrote this clearly didn't bother wondering if, just maybe, handing out customer data "overseas" ("overseas" apparently means Ireland) would be illegal under EU and Irish law. But let's not minor details like this get in the way of good PR.
Assigning noble motives to Microsoft's actions is ignoring the actual motives of a business. How do those same people explain why Microsoft has given the US government user information on other occasions? It's just a calculation of what's the best thing to do for the well-being of the business. Just as banks happily take a "record fine" for breaking the law because it's a small expense to making a lot of money.
We get in so much trouble trying to understand companies as if they're individual humans. Evolutionary biology for corporations needs to be taught.
I absolutely agree. On the other hand, the fact that ethics rarely seem to play any role in decision-making at large-scale organization is pretty telling about the sort of people who rise up to the top :(
It is illegal, but it also means you'd have no foreign customers. They would lose tons of contracts immediately. It would completely end the enterprise cloud revolution that is occurring.
Absolutely. They don't realize they will hurt the other companies this way. There are companies and institutes follow this thing very closely and when you try to close the sell with them, they would drop this Bomb, where are your servers and how they are not feeling comfortable with all this things going on.
Mercurial has the most clear-headed read on the situation. His comment should be upvoted to the top.
As for Microsoft, they have demonstrated time and time again they are not aligned with the user but with Big Brother. They are lawful evil, to use D&D parlance.
if the ruling is upheld, web services that face legal discovery like google, dropbox, facebook, microsoft, etc will face an amazing burden of data retention cost.
there is an amazing tax already on these services having to implement per government specific retention policies based on where they do business. for example in ireland, by law you need to be able to produce up to a year of content even if an account has been deleted. in the u.s. the period is much shorter. so if other countries create similar legislation after seeing a u.s. version of this law stick, everyone will have to implement a myriad of retention policies, or worst case retention, in every datacenter they operate. it drives up cost and complexity in the services.
this might not be popular to say, but microsoft taking a stand here is an amazingly good thing for our industry.
That said, I don't think this has much to do with protecting MS's customers, or for that matter standing up for them as it is presented. I'm pretty sure it's more about MS operations being able to continue to run in Ireland and the rest of the EU. If MS hands this data over, you can be assured that MS would face stiff penalties and restrictions to even be able to operate in the EU, and would likely have their Azure facilities shut down as a result.
MS is stuck between a rock and a hard place here, no doubt, and I think it's important for this stand to be made. Hopefully sanity will prevail here...
I don't think the U.S. government would appreciate if Google were forced to turn over the Google Apps data of scientific universities to China because of a court order there.
My work is very much involving this, and it does have to do with protecting customers, because those customers won't exist unless Microsoft stands up to this. It's very much an issue with all companies that are non-US.
That's why my company is putting datacenters everywhere. Chinese demand a Chinese data center for Cloud computing. This happens all over the world, and our strategy is all about that.
This is a very real issue, and if the US states that any US company has to turn over data, you can kiss every customer from another country goodbye.
This is a very real issue, and if the US states that any US company has to turn over data, you can kiss every customer from another country goodbye.
It's not as if Microsoft is selling access to the highest bidder, or considering a request from another company or a charity. Turning over specific data in the face of a court order is not going to drive every customer away, many will see that as acceptable, low risk, reasonable behaviour.
I've worked on many bid (on both sides of the table) where US based hosting was forbidden either by the bid process or by law (the new Australian privacy legislation makes it much simpler to keep data on-shore).
At the moment many companies just resort to using the Australian Amazon data centre, and everyone is ok.
If MS loses this case, I'd say 70% of those (enterprise) contracts using Amazon will use a non-US-owned provider simply because the risk is yet another things that has to be overcome.
I don't think the foreign country would care unless it was data that was owned or related to an entity in that country.
Its an american owned and operated data center in Irelend (where I live). Presumably the email is 'owned' by an american and the case involves all american actors(cant really make that assumption I guess) so there dosn't seem to be anything to spark the interest of the Irish legislature. Unless you make the leap to the point that now america can just demand ALL the data in that data center which you certainly could.
This isn't really the same as a warrant either is it? They are not demanding to be allowed access to or to search the data center. Microsoft in America is being ordered to hand over a document that they have access to, where that document is seems irrelevant (just playing devils advocate).
Also the chances of any small to medium sized nation (particularly Ireland) getting on their high horses about this is quite unlikely due to the amount of money these large multi-nationals bring here. In fact if this is upheld I imagine it would be another boon for Ireland as the american companies will have to set up even more infrastructure so that they can argue that its a completely separate entity that they simply funnel customers to or whatever. If the companies act first they could even get favorable Irish legislation passed to prevent the type of treaty talked about in the article (although this would be a pretty ballsy move for Ireland)
If data retention becomes a liability, will companies be forced to consider encrypting data or taking measures to ensure they don't ever see it, and thereby upend their business models? Or will governments require them to have a backdoor to the data?
The initial impact is companies from other countries will refuse to work with any company outside of their perceived comfort zone.
Take a company from Qatar. Perhaps they are comfortable with any datacenter in the middle east for Cloud Computing with a US company. If this becomes standard US law, they won't accept a US company for any reason. Thus every US company loses the customer, the profit, the business and it's replaced by others.
It's that simple. And what about companies that are from another country, but have US entities?
It's just a massive issue that could destroy corporate cloud computing.
I cancelled my Dropbox subscription several years ago for precisely this sort of situation. Not that any of my files are particularly wonderful, but the point being that I would no longer have control over other people having any and all access to them.
Not that I don't respect the decision, but something tells me that we would be less happy, in other instances, to see giant companies like MS decide when the law should apply to them.
Which law? They're being ordered to do something which they claim breaks Irish EU data protection law. It's a catch-22 situation; if they did comply with the court order they would be deciding that Irish law didn't apply to them.
Not only that, but the idea that a US person or company can dodge a court order just by transferring the data in question (or a physical object such as a server, or an item of disputed ownership) to another country seems totally unsupportable. I don't see how the judge has erred by issuing this order and expecting it to be followed.
As I see it, the judge had no choice but to issue the order, and Microsoft has no rational alternative but to defy it if they want to conduct business as an international provider of cloud services. The real problem is with Congress, not the courts. When they permitted intelligence agencies to run amok with absolutely no Constitutional boundaries, they thought very little about the long term consequences and cared even less.
Except that a customer of Microsoft Ireland purchased cloud based storage in the EU. Now the US is claiming that Microsoft USA should retrieve the data from Microsoft Ireland because Microsoft USA is the controlling entity.
The data was never in the US of A to begin with, and if Microsoft USA forces Microsoft Ireland to retrieve the file Microsoft USA can kiss their entire cloud offering Goodbye in Europe since no-one will use them because the data could potentially be accessed by the US government with no regard for EU laws.
> When they permitted intelligence agencies to run amok [...] they thought very little about the long term consequences
I don't think intelligence agencies are involved here at all. In fact, them "running amok" would be easier in this case: they would have those emails already, process be damned.
In truth, this particular process would have happened at one point or another regardless of intelligence services, it's just a function of global internet services existing and laws having emerged to deal with them. Back before EU privacy laws were introduced, Microsoft would have just handed out anything they had to the FBI without really a second thought. Now they have to comply with two conflicting sets of laws.
It's not just a problem with the US Congress: it's a transatlantic (or rather global) conflict between incompatible laws.
It's like France had a law prohibiting a company from selling widgets at price X worldwide, and the US had a law forcing them to sell the same widgets at price X worldwide: you just couldn't obey both laws, since they both claim the same jurisdiction while mandating conflicting behaviour. You would need an international treaty to harmonize this, or one country to drop their law.
The involvement of intelligence agencies is indirect but very much relevant. Widespread disclosure of illegal domestic spying, including misuse of intelligence data for commercial purposes, incentivizes customers to keep their data out of the US. As a result, companies like Microsoft need to be prepared to maintain customer data outside the US, or they won't be able to compete with providers in other countries.
I'm not convinced it matters. Should Microsoft Ireland be allowed to print their own US currency, for example, as long as they never bring any of it into the US?
Here's the 64k dollar question. If Snowden hadn't dropped the dime on the douchebaggery going on not just at NSA, but also w.r.t. the complicity/cooperation by all the biggies(Google, FB, MS, etc), would MS be doing this?
I assert that the answer is clearly a big No....anyone else agree with me??
Impressive move by Microsoft, frankly i'm more enclined to use MS cloud services,if they challenge US court orders on a regular basis. do some people know what they risk?
So, I wonder if Microsoft wins this appeal, how practical would it be to stripe encrypted data across data centers in 2+ countries. The idea being that to obtain the data stored, would require legal authorization in each country?
A possible argument by the feds comes to mind: recall that in Lavabit, they argued that access to the SSL keys was a "necessary" part of implementing the court order. In such a case as you describe they'll just pull the same trick.
It's a very confusing article, I must say. On the one hand it seems to imply Microsoft is defying the law on behalf of its customers. If that is the case MS is in contempt of court and presumably the board of directors and other executives could face criminal sanctions. However there's certainly no mention of that and in other parts of the article it sounds like this is just one more round in an ongoing legal case ...
> The removal of the suspension legally requires Microsoft to hand over the email immediately
vs
> The judge has now ordered both Microsoft and federal prosecutors to advise her how to proceed by next Friday, September 5
Paul Thurrott is of course a relentlessly pro-Microsoft writer, and I can't help but get the feeling he's trying to take advantage of strategic ambiguity to put out a positive story here. I will stay tuned to see if indeed there is some kind of punishment meted out to Miscrosoft - otherwise my assumption would be that this is much less of a story than it sounds.
Huh, it does appear that officers are the ones who are locked up in the event that a corporation is held in contempt[1].
Which brings up another question. Instead of proposing that the officers be held in contempt, could the judge instead rule that the corporate charter get suspended? It seems like that would be more analogous to imprisoning a "person".
This case may be the leading edge of a huge wave with a global sweep.
The sticky point may be that the locality of data is impermanent and ambiguous. In the MS case, though the data is said to be stored on a server in Ireland, it could just as well be distributed, moved or duplicated anywhere, and for all we know it already has been.
Eventually laws will have to come to terms with the implications of the Internet: data, like a flock of migratory birds, for its own reasons goes one place to another and knows nothing about national boundaries.
one global country would probably fix that... or I guess you could end the Internet... but to tell you the truth, "cloud computing" needs to end instead.
This is a joke only up to a point. The current legal landscape emerged throughout the last few centuries mostly in response to commercial pressures: as commerce grew in range, volume and needs, so did laws, agreements and conflicts.
We now have a situation where global commerce is real, both in a physical and logical sense. The law, both at national and international level, just doesn't know how to deal with it. Companies design hardware in Massachusetts, produce it in China, sell it in Europe, and file their accounts in Caribbean islands. They develop software in Romania, run it on servers in Texas, sell it to the Brazilian market, support it from India, and file accounts in Luxembourg. This stuff could only be done by a handful of players back in the '70s, and we could deal with it on ad-hoc basis ("dude, we know your money is in Switzerland, just open a token factory in my constituency and we'll call it even"). Now it's just how business works everywhere, and we need real processes to scale up.
What rules can be defined and applied? How are they going to be enforced? Who is responsible for amending them? These big questions are the real challenge of this century for us "First World", and some harmonization will eventually have to emerge one way or the other.
I think it's going to be very hard for countries to work out how to deal with the issues. Pretty sure the Internet is going to continue to exist and provoke questions about what "national boundaries" mean in this context.
Predictions are dangerous, but probably the forecast for the future is that it will be even more "cloudy", whether we like it or not. Of course, can't do much about the weather anyway...
Not to be an Apple apologist, but do we know if Apple's faced a case like this? Or other companies? It's not like Microsoft chose to be targeted here. My guess is that this is so insanely overreaching that the major industry players would have done the same as MS if they were the ones hosting this one Irish email account in question. Plus, Apple and others have filed briefs in support of MS and have been lobbying against what's been going on.
I personally would have enjoyed listening to more of Tim Cook on this topic if Apple and MS swapped places. Earlier this year, he said the USG needed to cart employees out in a box before they can get access to Apple servers. Interesting quote for sure.
I don't see Apple mentioned in this article so why "against Apple" ?
But then again even Microsoft has been complicit with PRISM along with Apple and many other Silicon Valley companies. (Yes I know Microsoft is not Silicon Valley)
This is interesting but let's give the cheer leading a break. What were really talking about here is corporations testing the size of their stick versus the government's. The feds are pursuing a USA case against and american entity and the data in question is held by another american entity, which happens to have moved it to Ireland. Well why did they do that and when? Was is always there and will it always be there? In what country is the data chiefly accessed? If it is sent and received by Americans exclusively then perhaps the place where it is nominally stored might not even matter. In that case the place of storage would be just the kind of corporate fiction that courts are happy to pierce.
What if the data is striped among all the countries where Microsoft has datacenters? Do you get the union of all possible data protections? Or the intersection?
There are actual legal questions here and Microsoft's position is not neutrally good.
Am I the only one who's worried this may make the government less careful about giving orders in the future? (i.e. won't they figure "hey, let's just give the order; if they disagree then they'll defy it"?)
Good job for Microsoft being the first to stand up against a surveillance government. If only everyone else was brave enough to follow, we would see change.
And that is assuming this is more than a choreographed piece of theater attempting to restore trust in US cloud services. Which maybe it is. And.... maybe it isn't.
"The US government" is not a monolithic entity. Certain departments (e.g. NSA) might "log everything" already, they just don't (or can't) share it openly with other departments yet -- if anything, because revealing such capability is damaging in itself.
If I understand correctly, from some news I read [1], they are already sharing information with at least the DEA and the IRS. The DEA and the IRS were told to cover up the source of that information by coming up with their own independent leads to recreate the information obtained ("Parallel construction" is really intelligence laundering).
They give it to the NSA, and the NSA shares it with other govt. bodies through that search engine (and probably a dozen other ways).
Anyway, it always freaks me out a bit when people cheer a megacorp like MS. They're not fighting for you, they're fighting for your perception of them. The faster you cheer, the less they'll do.
The U.S. Gov has gone mad with power.
And for perhaps the first time ever: bravo Microsoft! I don't even care if you did if for the PR, it's still a brave stand.