Who does your email belong to?
BY
JIMMY SONI
DECEMBER 22, 2014 | 5:00 AM

What does a search warrant for an email get you? It doesn't get you an email
- an email isn't a physical object. What it gets you is access to the server
where the email "lives." Does it matter, then, where the server is located?
Are some servers, and the emails in them, outside the reach of U.S. law? 

Those are the hard questions confronting the 2nd U.S. Circuit Court of
Appeals in United States v. Microsoft Corp. As arcane as it may sound, the
case has a great deal to tell us about the tech sector's views on privacy
and surveillance - and about the ways the landscape of privacy law may be
about to change irrevocably. 

In December 2013, federal agents conducting a drug investigation issued a
warrant to Microsoft: Turn over emails from an Outlook account belonging to
a suspect. Microsoft refused: The emails weren't within U.S. jurisdiction,
because the server farm hosting them was housed in Dublin. A magistrate
judge and a federal district court both ordered the company to give up the
emails. Both times, Microsoft refused and appealed. 

The company's argument is simple: The search warrant is illegal because
American warrants are unenforceable outside American borders. Courts have
long presumed that federal statutes - including the Electronic
Communications Privacy Act, the law in question here - do not apply outside
the United States unless Congress explicitly dictates they do. In the view
of Microsoft's lawyers, the "ECPA's text and history show Congress believed
the law would only apply domestically." 

By Microsoft's reckoning, it is Irish law, not American law, that governs
the emails in question. If the U.S. government does indeed require the
emails, it must go through the Irish government, using well-established
protocols and bilateral instruments. The U.S. government, Microsoft argues
in its appeal, would expect the same treatment from a foreign government:
"The Golden Rule applies as much to international relations as to other
human relations. If the Government prevails here, the United States will
have no ground to complain when foreign agents - be they friend or foe -
raid Microsoft offices in their jurisdictions and order them to download
U.S. citizens' private emails from computers located in this country." 

Here, as in all things, context matters. What context? The prior years'
troubling revelations regarding National Security Agency surveillance. The
PRISM data mining program. Edward Snowden's disclosures. Take your pick.
What they add up to is a picture of a U.S. government run amok surveilling
and spying - an image that threatens real damage to the interests of tech
companies, whether or not they were complicit in the spying. 

"A perception exists in foreign countries that your data is only a heartbeat
away from being given to U.S. law enforcement," Jennifer Archie, a partner
with law firm Latham & Watkins, told the Christian Science Monitor. 

So for Microsoft and its tech allies, this case is only partly a struggle
over the specifics of the ECPA and U.S. jurisdiction. Microsoft's position
is really a shrewd piece of international marketing: reassuring foreign
clients and customers that their information is safe from Big Brother's
prying eyes. That is perhaps why Microsoft General Counsel Brad Smith
considers the outcome of the case "fundamental to the future of global
technology." And why Microsoft enlisted the support of tech heavyweights
last week to file amicus briefs in defense of its position. Apple, Amazon
and eBay joined 25 other technology and media companies and 23 trade
associations and advocacy organizations in standing with Microsoft and
against the government. 

For the government, on the other hand, the case is about the shortest line
between the information it needs and the servers that hold it. The bottom
line, from the feds' perspective, is that the emails in question were sent
by an American, and that the servers housing them belong to an American
company subject to American laws - an area covered by the Stored
Communications Act, which the government argues gives it the right to
retrieve the information it needs. Emails in the cloud are not gold bars in
Swiss bank accounts: Wherever the data are stored, the service provider owns
the information and can disclose it. Going through the Irish government
would undeniably add time, effort and expense to an already complicated
case, setting a precedent that would make future prosecutions more
difficult. 

Whatever the outcome of the appellate case, it is likely that it will go all
the way to the Supreme Court, and that Congress will be forced to revisit
both the ECPA and the SCA. It's too soon to predict the outcome of this
legal wrangling. But it's frightening that our government is openly staking
a claim to data anywhere in the world. It's equally frightening that the
tech companies that have emerged here as the protectors of privacy have been
just as willing to abuse and monetize user data when it suits their own
interests. Scariest of all, this conflict, as consequential as it is for the
future of privacy, is taking place largely below the radar and out of sight.


http://www.washingtonexaminer.com/who-does-your-email-belong-to/article/2557
609?utm_campaign=Washington%20Examiner:%20Opinion%20Digest%20PMI&utm_source=
Washington%20Examiner:%20Opinion%20Digest%20PMI%20-%2012/22/14&utm_medium=em
ail


    VICUG-L is the Visually Impaired Computer User Group List.
Archived on the World Wide Web at
    http://listserv.icors.org/archives/vicug-l.html
    Signoff: [log in to unmask]
    Subscribe: [log in to unmask]