Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Google Microsoft The Courts United States

Google, Unlike Microsoft, Must Turn Over Foreign Emails, Rules Judge (fortune.com) 91

Every year Google receives more than 25,000 requests from U.S. authorities for "disclosures of user data in criminal matters," according to a U.S. judge's recent ruling. But this one is different. An anonymous reader quotes Reuters: A U.S. judge has ordered Google to comply with search warrants seeking customer emails stored outside the U.S., diverging from a federal appeals court that reached the opposite conclusion in a similar case involving Microsoft. U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled on Friday that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure...because there was "no meaningful interference" with the account holder's "possessory interest" in the data sought.

"Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States," Rueter wrote... The ruling came less than seven months after the 2nd U.S. Circuit Court of Appeals in New York said Microsoft could not be forced to turn over emails stored on a server in Dublin, Ireland that U.S. investigators sought in a narcotics case.

Google announced they'd appeal the case, saying "We will continue to push back on overbroad warrants."
This discussion has been archived. No new comments can be posted.

Google, Unlike Microsoft, Must Turn Over Foreign Emails, Rules Judge

Comments Filter:
  • by Anonymous Coward on Sunday February 05, 2017 @09:47AM (#53806669)

    "no meaningful interference with the account holder's possessory interest" WTF?

    I'll just leave this here:
    https://www.youtube.com/watch?v=GyV_UG60dD4

    • by Anonymous Coward
      No your honour, doing it in the ass does not count as sex.
    • by lgw ( 121541 )

      "no meaningful interference with the account holder's possessory interest" WTF?

      I believe a federal judge just ruled that "copying isn't theft, since the owner still has his copy". I know I've heard that argument before somewhere. Interesting precedent.

      • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Sunday February 05, 2017 @12:32PM (#53807281) Homepage Journal

        I believe a federal judge just ruled that "copying isn't theft, since the owner still has his copy". I know I've heard that argument before somewhere. Interesting precedent.

        Only a minority of joe schmoes believe that copyright infringement is theft. Everyone else, including federal prosecutors, know that it is not. That's why we have laws addressing copyright infringement; if it were theft, you wouldn't need any new laws to prosecute offenders, because we already have laws addressing theft.

        • by lgw ( 121541 )

          It's almost as if we need laws protecting privacy, since if it were theft the 4th amendment would work properly here. Sadly, we seem to have lost the spirit of Constitutional Amendments.

  • by Anonymous Coward
    The only good and somewhat permanent solution to this would be for Google, Microsoft, etc to encrypt the e-mails end-to-end and in storage as well, so that nobody, not even them, can see what they contain. Unfortunately, doing so would remove their ability to data mine and monetize the contents of the e-mails and so they will never do this. Hence the ultimate answer will come from another direction, someone who takes over their roles as major e-mail providers but is not interested in mining the contents o
    • The only good and somewhat permanent solution to this would be for Google, Microsoft, etc to encrypt the e-mails end-to-end and in storage as well, so that nobody, not even them, can see what they contain. Unfortunately, doing so would remove their ability to data mine and monetize the contents of the e-mails and so they will never do this. Hence the ultimate answer will come from another direction, someone who takes over their roles as major e-mail providers but is not interested in mining the contents of the e-mails. This likely will have to be some form of non-profit entity or at least a non-free e-mail service.

      It is not the only solution. Likely the best solution, but since they won't do it, it is not really a solution at all in this case.

      So another possibility is, sort of like frequency hopping spread spectrum, don't put the email all in one place. Break it up into fragments and spread it all over. There are data centers all over. Spread the contents between them, all in different countries, scrambled, so that you can't read them unless you have them all. If any one country forbids the transfer of the portion in

  • by Anonymous Coward

    So the judge is compelling them to be complicit in commiting a crime? It would be interesting to see if the judge's immunity holds in that circumstance.

    • Complicit in what crime? Anyways, ever heard of sovereign immunity? That is in essence the parent to any immunity real or perceived that the judge may have.

  • by Anonymous Coward

    If it's on a foreign server, that pretty much sums it up right there.

    • It sure does. That means the US court would have jurisdiction if and only if the foreign country agrees to it first. If the foreign country doesn't agree to it, this is overreach.
  • by Sique ( 173459 ) on Sunday February 05, 2017 @10:26AM (#53806799) Homepage
    I wonder what happens if an E.U. court finds that the data transfer of personal data from an E.U. located server to the U.S. without E.U. judicary oversight is illegal. That was one of the arguments in the Microsoft case. If the U.S. judge then orders Google to ignore the E.U. court, he could be held in contempt of the E.U. court and face punitive measures.
    • Re: (Score:1, Informative)

      by Anonymous Coward
      US courts might have legal power over Google US, but it still has none over Google EU.
      • Corporations need to ensure that their data is held by legal subsidiaries that can only be hit with a warrant by their own country's courts and which have no ability to access data controlled by another legal subsidiary. Whilst not trivial, it is surely possible for the relevant security keys to be strictly under the control of the relevant county's board of directors. That board of directors would be protected by the courts of its domicile - though I guess members may end up being unable to travel to the U

    • by Solandri ( 704621 ) on Sunday February 05, 2017 @11:17AM (#53806995)
      That was the point of the Microsoft ruling. Rulings like in this Google case can put companies (and by precedent, people) in an impossible position where in order to comply with one country's laws, they're forced to break another country's laws. Kinda like the U.S. policy that U.S. citizens have to pay U.S. taxes on income earned abroad could hypothetically cause a U.S. citizen to owe more than 100% in taxes (if the combined tax rates of the U.S. and other country exceeded 100%).

      Other countries avoid the problem by accepting that their laws end at their borders, and if they want something from another country they have to work with that country for joint law enforcement action or extradition. But for some reason politicians and judges in the U.S. keep thinking U.S. law should apply all around the world.
    • The reason is: Google doesn't guarantee that EU email data is only stored in the EU. They store the data on servers worldwide for performance reasons, including the US.

      MS stores EU email data on EU servers only.
  • That appears to mean that the person who used gmail lives in the US, and Google just randomly decided to store part of it in Ireland.

    Since data stored in the cloud isn't *really* yours anymore, you disclosed the contents of the message to a 3rd party in the US. I can see why the Magistrate ruled the way he did.

    • That appears to mean that the person who used gmail lives in the US, and Google just randomly decided to store part of it in Ireland.

      Then the US needs to have laws which do not allow companies to do this because once the data has left the US and entered the EU it is subject to EU law. You would not want data in the US related to chinese citizens to be subject to the chinese government accessing it would you? The same principle applies here.

      • by Nutria ( 679911 )

        the US needs to have laws which do not allow companies to do this

        That would simplify things.

        once the data has left the US and entered the EU it is subject to EU law.

        You'd think. But the judge didn't seem (according to the fortune.com article) to rule on that, only that the alleged fraudster gave up any right to privacy by giving his email for storage by a third party.

        I wonder what the rules are in the tangible world. If I gave you evidence of a crime, and you flew to Ireland and put it in a storage unit, could the US government order you to go and return it from Ireland?

  • That's some twisted logic that to "seize" something it must not be available to the owner any longer.

    Rulings like this will KILL US cloud providers. trying to sell services outside the US.

    • I wonder how that logic works with IP other than email.
    • That's some twisted logic that to "seize" something it must not be available to the owner any longer.

      What? That's precisely what it means. It's the same reason why copyright infringement is not theft. It's not seizure unless you're depriving someone of it.

    • As opposed to everyone knowing the NSA is spying on everything you do being bad for American business.
  • I don't know if there is such a thing as 'data extradition', but surely working with Ireland would be the best approach? Anything else should surely outside of the immediate jurisdiction of US law enforcement? Maybe Google should invesigate the flip question: would the US accept e-mails on a foreign national stored on a US server to be handed over without the necessary legal paper work?

    • This exists ( https://www.state.gov/document... [state.gov] ). A sizeable volume of requests are processed every year. However, some US judges don't want to use the official channels, I suspect because they are egotistical enough to think that their writ applies outside US territory. I don't mean to knock Americans, this is just human nature. An Irish policeman recently was recently in the papers for cooperation with the FBI to get Facebook to do something that could have been done much quicker by just asking the comp
  • Protonmail is a foreign and heavily encrypted Swiss email service that uses two passwords, one for account and the other for the mailbox itself. They don't store the passwords or anything else to decrypt emails, or at least the mailboxes. For man in the middle, I have no idea. But any way, if Micro$oft doesn't have to disclose like Google does, know that Protonmail uses Azure, which is M$ owned. They have it for all desktops and smart phones, or you can just log with a web browser that supports JS.
  • Twitter dropped API keys for government spy programs a few months back because of Muslim witch hunts. However, they just partnered with Google to help them build parts of their software. Funny how Google didn't get exempt but Micro$oft, the platform that a whole bunch of our government decided to use for some reason, does. Wonder why (sarcasm) ? Duh. And now they will go after Twitter next since Google lost and is working with them. Revenge for saying no. Just something to be aware of.
  • That's why you always choose a zero knowledge provider. Someone that provides you a service but doesn't have access to read the content.

    I'm pretty happy with ProtonMail [protonmail.com] in that area. They are not only located in Switzerland, with much stronger privacy laws, but also, they encrypt end-to-end, and therefore, have no access to the content. Mail between users in ProtonMail are automatically encrypted, while mail to someone outside the system can be sent as a URL the receiver has to have a password to access
  • ...did not qualify as a seizure...because there was "no meaningful interference" with the account holder's "possessory interest" in the data sought.

    I think this judge is sort of missing the point of why people fight against having their personal data seized. It's not that we don't have access to the seized data, it's that other parties have access to something that I want kept private.

    I'd like to see this same argument used when I demand a bunch of classified documents from the government:

    "No, no, it's OK, I just want a COPY of the classified stuff. You guys will still have your 'possessory interest'"

"Someone's been mean to you! Tell me who it is, so I can punch him tastefully." -- Ralph Bakshi's Mighty Mouse

Working...