It's a time-honored tradition: U.S. businesses find ways to skirt inconvenient or expensive laws by moving operations to other countries. Thus we have had U.S. corporations operating overseas to exploit child labor, run sweatshops or avoid taxes and rigorous health and safety inspections. Now the U.S. government says something similar is happening in regards to email.
At issue is the question of whether companies or individuals can keep the U.S. government from accessing their email by arguing that it resides on a server in a country that is hostile to such searches. The most recent development came last week (March 9) in a case that involves Microsoft, a U.S. citizen accused of narcotics trafficking and an MSN email server sitting in Dublin, Ireland. The case's supporting players read like the game "which of these are different from the others?": On Microsoft's side is Verizon, AT&T, Apple, Cisco -- and the Electronic Freedom Foundation.
From their point of view, they are challenging the federal government's ability to access email records if those documents are stored outside of the U.S. From the government's perspective, the question is whether a company can skirt legal inquiries by simply choosing to house records in a friendlier country. Think of Ireland in this case as the email equivalent of what the tax-avoiding Swiss bank account used to be.
The problem, of course, is that in 2015, the U.S. is trying to apply years-old, non-digital rules to digital situations. The reality is that companies like Microsoft, Amazon and Google can have servers of all kinds sitting in server farms in dozens of locations, some of them overseas.
Microsoft argues that it had a specific reason for placing the emails in question on a server in Ireland: proximity to the user. Or at least proximity to where it thinks the user is located. You see, MSN users can tell Microsoft they're in Ireland, and the company has absolutely no mechanism for verifying that -- not even checking IP address location.
"Email accounts are assigned to the Dublin datacenter, according to Microsoft, based on the user's own uncorroborated identification of his or her country of residence at the time the account is created. The stated aim of this policy is to reduce the geographic distance between a user and the datacenter that services the account," the government said in its federal appeals court filing last week. "Microsoft makes no effort, however, to verify the user's country of residence at the time of registration or at any time thereafter. Under this system, a U.S. citizen living in New York City could have his account hosted at the Dublin datacenter so long as he claimed to be a resident of Ireland."
Sign up for CIO Asia eNewsletters.