Cloud giants demand overhaul of America's privacy rules on overseas servers
Everyone except Google wants reform
Technology trade organizations have urged the US Congress to replace the country's antique privacy protection laws – after a New York court stopped American prosectors from seizing emails from servers offshore in Ireland.
A Second Circuit Court in the so-called "Irish Warrant" case, brought by Microsoft against the US government, ruled that the Feds could not use the 1986 Stored Communications Act (SCA) to retrieve messages on a Microsoft server in Dublin.
To put it bluntly, American prosecutors can't use American laws on an American company to obtain information about a non-American on non-American soil – they should have gone to Ireland and asked an Irish judge citing Irish law.
The US government wanted to get its hands on data concerning a non-US national, data that was stored or passed through a US company's property overseas. However, that doesn't make the data US property. The New York court ruled that the SCA was never intended to "go around the world and hoover up emails pursuant to a search warrant," in the words of Microsoft's CEO and chief legal beagle Brad Smith.
Cloud companies and organizations backing a new bill, the International Communications Privacy Act (ICPA), include Amazon, Apple, Facebook and Twitter; the Consumer Technology Association, the Internet Association, CompTIA, and the Association for Competitive Technology.
Smith likes to demonstrate how out-of-date the 1986 Act is by pointing out that it protects US citizens' email from snoops for 90 days. Thirty years ago, an account that harbored email on a server for longer than that was deemed to belong to a dead person, so the privacy protection expires after three months. After that, law enforcement doesn't need a warrant at all to access the information.
Google, which has closer ties with the state than any other technology company or trade association, has yet to back the privacy measure. ®