Microsoft fights US effort to 'break down the doors' of its Irish datacentre

Microsoft fights US effort to 'break down the doors' of its Irish datacentre

Summary: If Microsoft wins its fight against a search warrant for email on Irish soil, it could deliver a windfall to all US cloud providers.

SHARE:
Microsoft's Dublin datacentre
Microsoft's Dublin datacentre. Image: Microsoft

Microsoft is resisting demands from the US government for it to cough up email hosted in its Irish datacentre in a case that could have dramatic implications for US cloud providers.

With suspicion of US tech companies already running high over the US government spying revealed last year by whistleblower Edward Snowden, Microsoft faces another battle that could — if it loses — undermine trust in US cloud providers.

The Washington Post yesterday reported that Microsoft is pushing back against a search warrant issued last December by a magistrate judge in New York that demands Microsoft hand over emails stored in its Dublin, Ireland datacentre.

The emails being sought by the government relate to a drug trafficking investigation, according to the paper. Microsoft announced its opposition to the government's efforts in April

In documents filed with the court on late last week, Microsoft outlined objections to a magistrate's order that denied the company's previous motion to cancel a search warrant for customer information located outside the US.

"The government cannot seek and a court cannot issue a warrant allowing federal agents to break down the doors of Microsoft's Dublin facility," Microsoft's lawyers argued, noting that Congress has never authorised US courts to issue warrants that reach outside of US territory.

Similarly, it can't force Microsoft to hand over the emails stored abroad when the government doesn't have the authority itself to do so.

At the heart of battle in Microsoft's view is a disagreement over the interpretation of the term "warrant" under the US Electronic Communications Privacy Act (ECPA).

According to Microsoft, the court says it hasn't actually issued a search warrant but some "hybrid" between a warrant and a subpoena under the ECPA — and therefore knocked back Microsoft's attempt to vacate the warrant.

Microsoft says the two are distinct: a warrant can't be issued for evidence located in foreign territory; if it's a subpoena, the government is required to order the target of the investigation to hand over the information, not Microsoft.

"The government takes the extraordinary position that by merely serving such a warrant on any US-based email provider, it has the right to obtain the private emails of any subscriber, no matter where in the world the data may be located, and without the knowledge or consent of the subscriber or the relevant foreign government where the data is stored," Microsoft's lawyers argued.

The New York Times noted in its report, the hybrid warrant was created under the ECPA to limit the disclosure of stored communications and place rules around how government could obtain it. Microsoft meanwhile argues that rules that apply in the physical world should apply online too -- which the magistrate who knocked back Microsoft's attempt to dodge the warrant clearly disagreed with.

In April, the judge explained why the hybrid warrant doesn't overreach US jurisdiction:

"It is obtained like a search warrant when an application is made to a neutral magistrate who issues the order only upon a showing of probable cause. On the other hand, it is executed like a subpoena in that it is served on the ISP in possession of the information and does not involve government agents entering the premises of the ISP to search its servers and seize the e-mail account in question."

Still, Microsoft argues that rather than issue a warrant, the court should conform to the Mutual Legal Assistance Treaty negotiated between the US and Ireland if the government wants to access data on Irish territory.

As noted by the Post, Verizon lawyer Michael Vatis submitted a friend of the court brief warning of dire consequences to US cloud providers.

"If the government's position prevails, it would have huge detrimental impacts on American cloud companies that do business abroad," wrote Vatis.

Should Microsoft lose this battle, the case could further harm already strained relations between Europe and the US following the revelation of the latter's PRISM surveillance program -- and of course damage Europe's perception of US cloud providers more than what's already been done.

In a bid to restore trust in US cloud providers, Microsoft, Google and others have stepped up encryption programs and have become more vocal about resistance to government warrants for access customer data.

Microsoft's chief counsel Brad Smith last week detailed in a blog post the challenges Microsoft faces in Europe.

"With the advent of mobile devices and cloud services, technology has never been more powerful or more personal. But as I encountered in virtually every meeting during a recent trip to Europe, as well as discussions with others from around the world, people have real questions and concerns about how their data are protected. These concerns have real implications for cloud adoption. After all, people won’t use technology they don’t trust," he said.

Commenting on the current dispute with the court, Smith added: "The US government should stop trying to force tech companies to circumvent treaties by turning over data in other countries. Under the Fourth Amendment of the US Constitution, users have a right to keep their email communications private. We need our government to uphold Constitutional privacy protections and adhere to the privacy rules established by law. That's why we recently went to court to challenge a search warrant seeking content held in our datacenter in Ireland. We're convinced that the law and the US Constitution are on our side, and we are committed to pursuing this case as far and as long as needed."

Topics: Security, Data Centers, Government US, Microsoft, EU

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

36 comments
Log in or register to join the discussion
  • But this cant be true

    All the "experts" on internet have assured us that NSA have plenty of backdoors in everything from Microsoft - so why the need for a warrant?

    And all the "experts" on the internet have told us that Microsoft is working for the US government and thus doesn't care for protecting the users data.

    I wish those "experts" who states these opinions could come forward and tell us all how this whole story is a fraud... ;-)
    brhorv
    • A warrant is necessary to take legal action

      What NSA obtains via undisclosed means is not court admissible. Once informed, the proper authorities must go through the process of obtaining a warrant, collecting data, filing charges, ...

      NSA is simply playing the role of an unknown tipster.
      Programmer1028
    • There's a difference between intelligence and evidence ...

      I suspect that the NSA has a lot of data that can be used for intelligence work but would not stand up as evidence in court. Or they may not want to reveal how much data is actually being hoovered up by their taps and backdoors.

      They may end up passing "tips and pointers" to law enforcement agencies so that they can turn around and ask for a warrant or subpoena to get admissible evidence. Technically that is a violation of the "fruit of the poisonous tree" doctrine, but courts have been ignoring or gutting most exclusionary rule protections for thirty years now since the New York v. Belton case.
      terry flores
  • But doesn't "evil" Microsoft spy for the US already?

    I've been told that MS provided direct access to its data to the US govt. If so, why is a warrant necessary?

    I'm just waiting hear from some MS-haters how this is all a show...
    NMaren
    • You know how it will go

      "This is just a scam to fool people into thinking that it's safe to host on MS servers, so that they when they do, MS can give it to the NSA more easily", or something along those lines....
      William.Farrel
    • Backdoors, etc.

      The spooks are very good at compromising people to do their will. I would not be surprised if many of the backdoors were inserted by lowish level programmers who were being threatened by some spook group.

      Back to the article; MS is correct in fighting the warrant/subpoena. Nothing good can come from it. The US continues to slide into a totalitarian state with a veneer of elections if this is allowed to stand. Also, trust in US companies will be hurt again affecting US domestic employment as others start to strongly favor local solutions. The Chinese government has a push on to avoid W8 by the Chinese and would expect other governments to do something similar if this type of warrant is allowed to stand.
      Linux_Lurker
      • So the nameless backdoors were created by nameless programmers..probably?

        Talk about tinfoil hat theories.

        Probably some low level programmers inserted the backdoors that no one every cites with any credible proof by nameless government agents who somehow compromise these emloyees.

        I'm sure there are plenty of "low level" programmers around here. Some even working on Linux and Linux sure is a gateway to plenty of information seeing how it powers so many web servers. Any low level Linux programmers care to share their experiences with the NSA or other government agencies trying to get them to build back doors into Linux? Or any operating system for that matter?


        See how ridiculous things like this sound?
        Emacho
        • "inserted"

          not build
          Gr8Music
        • I have an uncle

          who has a friend, and that friend told him his cousin's son's girlfriend's brother's next door neighbor was forced to install a backdoor into a software program he created.

          With that kind of solid proof, it has to be true. :)
          William.Farrel
          • Cisco

            I guess you missed Cisco's complaints about its hardware being intercepted by customs and being tampered with. If you want to listen to stories from your inbred family, be my guest.
            davidr69
          • I guess you missed ......

            the "NSA Strategic Partnership" powerpoint slide here:

            http://www.theregister.co.uk/2014/06/05/how_the_interenet_was_broken/?page=2

            Isn't MS on there?

            Can you say "damage control"?
            Economister
          • I guess you misread

            The article you mention does not say there is a back door by Microsoft, Google, AT&T, Yahoo, HP, a total of 80 companies. It does say it intercept the line of communication. It mention Cisco, because they are a maker of communication equipment. But in no way mention these companies made a backdoor in their software or hardware equipment.

            Beside with a budget of only $225 million it won't get very far. Now if you are talking billions that is another story. But $225 million won't allow then to buy a toilet seat, even less for employees, equipment, work orders, etc. It's just trying to make something big out of nothing. Snowden papers while damaging to the US image is not something new to any government. The US spy on almost all government, other government also spy in everyone else including the US. Wasn't a few years ago, Israel was caught spying on the US, a strong ally of Israel? A lot of noise and nothing happen. We are still friends of Israel and spent billions of dollars in supporting them.

            The article states "describing broken crypto and hardware and software "backdoors" as a much-desired NSA goal". A much desired NSA goal, meaning they have not done it. It also states "The identity of NSA's and GCHQ's corporate industrial and international partners are amongst the Sigint agencies' most closely guarded secrets. There are strict internal prohibitions in the US and the UK against revealing the true corporate identities behind covernames like FAIRVIEW or STORMBREW". So if is a most closely guarded secrets, why writers from the Registry and other blogger can say who is on the list? How do they know Microsoft, Google and others are in the list? They don't know! They are just guessing. You should know better then believing everything on the internet.
            jazzy2945
          • I see the ABMers's are out in force

            I can just picture you guys calling each other - "OMG! a positive MS article. Exterminate! Exterminate! Ex-term-in-ate!!!"

            And davidr69, I guess you missed the part in which sarcasm was injected.

            Though I can see why you had an issue with that, and yes, even though your parents divorced and are not husband and wife anymore, they are still cousins.

            Guess MS has to be doing something right if Economister took the time to spin it.
            William.Farrel
          • How dare anyone avoid MS?

            NT
            John L. Ries
          • Noting...

            ...that I've long publicly embraced the title of "ABMer" and stated in another talkback to this very article that I think MS is doing the right thing by fighting this.
            John L. Ries
          • That's an interesting way of reading something, John L. Ries

            to assume that chastising someone who is basically an "ABMer" for purposely spinning article after article because he doesn't like what is being said, as meaning that people are chastising them for "not wanting to use non-MS software".

            Seriously, where is the connection between the two trains of thought?
            William.Farrel
  • Illegal

    So, the US Government is too lazy to "go through channels", so they just tell Microsoft to "go break the law" in Ireland and hand over the data illegally.

    If MS hand over the data, then they open themselves up to prosecution under EU data protection law for handing over the information to a third party outside the EU with either the written permission of every person named in the data (i.e. the account holder and every person he had contact with and any names mentioned in the emails) or a valid EU warrant. The owner of the account could also be prosecuted for allowing Microsoft to hand over the data.

    If the US Government wins the case, it will pretty much make using any cloud service with a US presence illegal in the EU. That would mean no US cloud company could do business in Europe and no European cloud company could do business in the USA - at least they couldn't have any servers or a branch office there.
    wright_is
    • illegal

      not too lazy to "go through channels" but just too arrogant.
      bd1235
    • Only if the EU enforcers find out...

      Since they did, MS would publicly be "resisting"...
      jessepollard
      • IF the EU finds out

        IF, a big IF. How do you know EU found out. You don't, but you like to spin the story to you liking.
        jazzy2945