Forgot your password?
typodupeerror

Comment: Re:Reciprocity (Score 1) 95

by jbolden (#47956587) Attached to: Proposed Law Would Limit US Search Warrants For Data Stored Abroad

As a side note, I wonder about the legalities of passing a law that affects an ongoing case. How does this work in the USA?

Article 1 section 9 prevents ex post facto laws. But remember Microsoft isn't on trial here they are a witness not the accused. Generally though if the congress limited the scope of a court ex post facto the courts would voluntarily agree and dismiss a previous order.

If so why not do away with the judicial branch altogether? Why not just go straight to the politicians to have your problems solved, I mean you already vote for the judges.

You are being sarcastic here so I'm having a little trouble understanding what you are objecting to.

legislatures pass laws
judges interpret laws
executives enforce laws

If the legislature believes the judicial interpretation is incorrect they pass laws making the correct interpretation explicit. You seem to be objecting to the system working how it is supposed to work.

Comment: Re:How about (Score 1) 95

by jbolden (#47956559) Attached to: Proposed Law Would Limit US Search Warrants For Data Stored Abroad

Remember this case isn't about intelligence nor anything having to do with FISA. This is normal USA data collection during a criminal investigation under normal process.

When it comes to intelligence matters the goal isn't to prosecute crime but fight an enemy. Thus the courts have less ability to regulate because nothing ever hits the courts. So for example you don't have attorney-client privilege with respect to national security at all. What you do have though is an assurance that any information you give to attorney cannot be used in a criminal prosecution. If the government compels you to hand it over to an intelligence agency they can't give it to a prosecutor.

As for decryption keys. The courts have been split. Right now you can be forced to hand over decryption keys if the government knows you have committed a crime but are missing some specifics. They can't force you and then prosecute you for a new crime. This is clearly an are we could use some black letter law or that will ultimately have to go up to higher courts.

Comment: Re:Why purchase service from provider in US then? (Score 1) 95

by jbolden (#47956515) Attached to: Proposed Law Would Limit US Search Warrants For Data Stored Abroad

This boils down to can a US court force an american entity to break a foreign law.

That's not a complex question. The unambiguous law in the USA is yes.

it would be interesting to see if the US would allow extradition of a US citizen for charges based on this scenario.

Almost all extradition treaties, and in particular all signed by the USA, prevent extradition when the actions would not be a crime in the country doing the extraditing. Since obeying a warrant is legal, no the extradition request could be rejected under the treaty. The USA courts would reject it because they want to encourage Americans to obey court orders not encourage them to disobey them.

can the court force Microsoft to direct the foreign entity to comply.

Yes.

And the foreign entity (remember a Microsoft owned company) refuses, what can the court do to Microsoft?

At the extreme (assuming the executive were also onboard which remember they are the ones making the request) they could ultimately consider the foreign entity to be a criminal enterprise. If they did so, owning a criminal enterprise is racketeering which is a felony. So they could seize all of Microsoft's assets as well as arrest Americans involved (executives, board members, employees) involved in supporting MOIL.

I doubt things would go anywhere near that far, but they have done things like that to USA individuals who run foreign criminal enterprises. For example people involved in human trafficking, illegal environmental dumping, illegal arms sales or drugs outside USA borders.

The proposed bill presumably all about removing these ambiguities.

That's not the ambiguous part. The ambiguous part if what is the rightful scope for USA courts.

Comment: Separation of powers (Score 1) 95

by jbolden (#47956477) Attached to: Proposed Law Would Limit US Search Warrants For Data Stored Abroad

Congress has the express power to control the scope of what the courts have authority over. So if it creates black letter law taking an area (what resides on foreign servers involving non-citizens) outside their scope then that isn't a violation of separation of powers.

The 4th is a guarantee to the people that they cannot be searched without warrants. It doesn't say courts can do whatever they want with warrants.

Comment: Re:Black letter law (Score 1) 95

by jbolden (#47956419) Attached to: Proposed Law Would Limit US Search Warrants For Data Stored Abroad

The real issue is that if somebody in the US wants data from a foreign server then they should server warrants in that jurisdiction.

Why? Why should the location of the physical server be of any importance rather than the user? That seems nuts to me in a world of interconnected data. Obviously if they intend to physically grab the server then they need warrants in that jurisdiction, but to copy the data over? Let's say someone used a data lake which moved specific pieces of data constantly between locations while having the whole system available all the time, is it then unwarrantable?

The USA government is rejecting that and with good reason, that essentially eliminates warrants. It would allow USA companies and individuals to just hide their data in places where a warrant is not going to be granted.

Yes, but the US citizen accessing the data from the Irish servers might at that point be breaking Irish law.

So far those laws don't exist, though Ireland is treaty bound to create them. If you read the EU document that will likely drive the Irish law if and when it is created I would suspect the break in the law is when the data is uploaded to a service which is not run entirely from Ireland. The EU understands they can't regulate what non-EU people on non-EU systems, where non-EU means systems which aren't run entirely from EU member countries

Comment: Re:Why purchase service from provider in US then? (Score 1) 95

by jbolden (#47955563) Attached to: Proposed Law Would Limit US Search Warrants For Data Stored Abroad

Is is odd. Microsoft's literature couldn't be more clear about how Azure is organized and their privacy statements couldn't be more clear that all of Azure is subject to US court order. I can't explain how the EU keeps certifying a system which even Microsoft when forced to speak publicly says is structurally incapable of enforcing EU privacy mandates in and of itself.

Now I'm starting to think that EU /.ers may not understand EU law as it is currently practiced / enforced. For example they might just have a theoretical understanding of the law with some practical errors. That might come from EU politicians are talking out of both sides of their mouth. Telling EU voters that they are enforcing strong protections while telling companies not to worry.

The other possibility is that services like CloudLink (VM end to end encryption among other things) exist in Azure and thus Azure can be made compliant on a VM basis. That gets Azure certified and then Europeans run it without those services.

I don't know. What I do know is that what most European /.ers would need to enforce the level of protections they want is European hosting companies with no locations in the USA.

Comment: Re:Overreaching? (Score 1) 95

by jbolden (#47953869) Attached to: Proposed Law Would Limit US Search Warrants For Data Stored Abroad

Illegal for whom? If the server is connect to other servers abroad and the people abroad are the ones handing it over then no law in that country has been broken by the global cloud provider. The law might have been said to be broken when it was uploaded to the global cloud provider since that was when it was "handed over". So essentially that law would mandate regional or national clouds for whatever data you wanted to protect. Which isn't a bad thing. Except that everyone wants global information services.

A not bad outcome would be that Europeans use European only clouds for their private data and have their own services.

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson

Working...