Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Where's the data?

Evan Schuman | March 18, 2015
The U.S. government wants access to an alleged drug dealer’s emails, but Microsoft says, sorry, they’re in Ireland and out of bounds. This is what happens when we apply non-digital rules to digital situations.

What started this case was a 2013 federal search warrant aimed at Microsoft and one of its MSN email customers. The U.S. Justice Department insisted that Microsoft turn over any messages from that customer "pertaining to narcotics, narcotics trafficking, importation of narcotics into the United States, money laundering or the movement or distribution of narcotics proceeds."

The case hits on several interesting issues. If a server is situated in Ireland -- or India or Japan -- should it be subject to the rules of those countries? Before you answer, what if the U.S. email provider that owns that server routinely accessed -- for legitimate IT purposes -- all of those messages from desks in the U.S.? As the bits zap across the globe electronically in a few nanoseconds, who is to say where they physically reside? Could a company routinely shift data from machines in a dozen countries and have that data governed only by where it resides at that moment? What if copies reside in all of those servers? Is this a global email version of musical chairs?

The feds last week said that it's not a matter of where the data sits, but who is playing the music. "Courts are empowered to exert authority on people and entities over whom they have jurisdiction, even if that authority has consequences overseas," the feds wrote. "The test for the production of documents is control, not location."

Another issue: Who really owns that subpoenaed data? Microsoft, which apparently never read its own MSN terms and conditions, said its customers own the data and that it's not up to Microsoft to rat on its consumers.

And Microsoft has countered with its own colorful example: "Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany. They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter's box with a master key, rummage through it, and fax the private letters to the Stadtpolizei. The U.S. Secretary of State fumes: 'We are outraged by the decision to bypass existing formal procedures that the European Union and the United States have agreed on for bilateral cooperation, and to embark instead on extraterritorial law enforcement activity on American soil in violation of international law and our own privacy laws.' Germany's Foreign Minister responds: 'We did not conduct an extraterritorial search -- in fact we didn't search anything at all. No German officer ever set foot in the United States. The Stadtpolizei merely ordered a German company to produce its own business records, which were in its own possession, custody, and control. The American reporter's privacy interests were fully protected, because the Stadtpolizei secured a warrant from a neutral magistrate.'"


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.