Microsoft urges law rewrite to keep US govt's mitts off overseas data
Dublin warrant case is a fight for trust, says Brad Smith
Microsoft today badgered the US House Judiciary Committee for changes to the law following Europe's safe harbor collapse and Redmond's data center search warrant battle.
Microsoft wants legislation governing America's ability to seize data on overseas servers modernized. It's resisted a US Department of Justice (DoJ) warrant – granted by a judge in New York – on its data center in Dublin, Ireland, and is taking that case to trial in the States.
The Windows giant wants the Stored Communications Act (SCA), passed in 1986, replaced by the LEADS Act (Law Enforcement Access to Data Stored Abroad), and it wants the ECPA (Electronic Communications Privacy Act) overhauled as well.
Brad Smith, Microsoft president and chief legal officer, popped up at the judiciary committee's snappily titled "International Conflicts of Law Concerning Cross Border Data Flow and Law Enforcement Requests" hearing on Thursday.
Addressing the House reps, he said the law overhaul was necessary because "we store emails in data centers close to our customers ... in Europe that's Dublin or Amsterdam."
"The government is using power that Congress never gave it: the ability to go around the world and hoover up emails pursuant to a search warrant," Smith continued.
"It's in effect saying to the people of Ireland, their law doesn't matter ... that is not a recipe for the success of the US technology sector, and not a recipe that people have trust in technology."
Smith said conversations with government officials in Europe confirmed this:
In the UK and Germany, I increasingly meet people in Government who say, unless you win your case in New York [the Dublin warrant case], we're not going to trust American technology, and we're not going to be able to move our content to the cloud.
Smith added that technology would get more expensive as a result, with cloud giants being obliged to build "more data centers than the world needs." (In January, Microsoft's deputy general counsel, John Frank, explained the company's legal strategy in detail for us here.)
Smith said US cloud providers were also under pressure from foreign states to disclose data on US servers. Microsoft had been hit with a criminal fine in Brazil for refusing to do so.
The US Department of Justice's David Bitkower said he was happy to tweak the SCA and appreciates the difficulties of US companies in authoritarian regimes. But he insisted the SCA was vital, citing emails fished from Canadian servers to arrest a conspirer in a suicide bomb attack in Tunisia, for example, as well as a global child pornography ring, Ukrainian money laundering, and a Pakistani drug ring organized from Europe. All had saved the US going through the much lengthier MLAT (mutual legal assistance treaty) process.
Congressmen and women were alert to this too – the bright line here is probable cause, a legal standard that distinguishes between reasonable warrants and fishing expeditions. Not every country in the world has an analogy for probable cause.
One might be surprising: the UK.
"Britain is our ally," complained House rep Zoe Lofgren (D-CA) "but they don't have a first amendment. They don't protect freedom of speech. They don't have judicial review. They don't have probable cause. Britain is moving away from basic [rights] and it's cause for grave concern in this country."
Microsoft reemphasized the need for replacing safe harbor, and its support for Apple in its fight with the FBI on decrypting a killer's locked iPhone. "I think Apple is making an important point," said Smith.
The most surprising statement came from witness Michael Chertoff, co-author of the Patriot Act. House rep John Conyers (D-MI) wondered whether the balance between ensuring citizens' privacy and giving police the ability to investigate serious crime has tipped in favor of the bad guys – effectively shielding them from the law.
No so, said Chertoff, who had overseen mafia indictments in the 1980s while the US Attorney in New York. Even though the Mob was wise to jamming signals intercepts ("by turning the radio up ... or going for a walk in the park," he said), the cops still managed to put quite a few behind bars. There are always other ways of getting the evidence you need, he said.
Finally, Lofgren pointed out that the TPP (Trans-Pacific Partnership) prohibits governments from requiring people to disclose their keys to law enforcement officials. We suspect that few opponents of TPP, who maintain that the agreement is the work of shadowy, SMERSH-like (an acronym for the Russian phrase Smert Shpionam, or "Death to Spies") Bond villains, actually realize this. ®
Sponsored: Global DDoS threat landscape report