Apparently emails are business records of the service provider, according to some lawyers in this case. If this case comes down in favor of LE, it would be the end of US cloud computing. I can't see how any pesky foreign company, government department or educational institution could possibly fulfil its fiducial and data protection obligations while using a US service provider.
This case promises to be closely watched. Legal idea: Maybe M$ and other large providers could setup their systems to necessitate an encrypted Admin key that can only be used locally, such as in a foreign country. Hotmail users (account owners) could access accounts with their credentials, but to use Admin (escalation) the system would be forced to have a local (foreign) jurisdiction worker provide access. A USA warrant would mean that M$ would not be able to provide access since the entity with the only access key is outside of USA jurisdiction and would refuse to comply with the order.
The best option, I think, is splitting off business in each country into it's own distinct firm. And each does business only in its own country. So there's no cross-border liability. No?
Either way, but the point is that there has to be an ORDER of non-compliance with out of jurisdiction warrants. e.g. - offshore Trusts such as a Nevis asset protection trust for a US citizen. Not only does a US order mean nothing there, the trust officer by "terms defined in the trust itself" is prohibited with complying even if they wanted to. The US Gov would need to go there and beat their court system to accomplish compliance. I know this isn't a trust class but the similarities for what I am communicating are well equated. Set up properly, a US court order means NOTHING at all unless the one who received the order is short on toilet paper. LOL!!
A pre-emptive "first-strike": The United States District Court for the Southern District of N.Y. Strikes Again (Same court that has jurisdiction over the Microsoft case.): US District Judge Richard Sullivan ruled that he has ‘jurisdiction’ over one of the biggest banks in mainland China, Bank of China (BOC), and demands that the bank turn over financial records to his court. http://www.zerohedge.com/news/2015-10-08/us-government-just-crossed-rubicon http://www.scmp.com/news/china/poli...unterfeiting-ring-about-crack-us-judge-orders
Now that is a scary precedence. The question is what happens when a Chinese company pulls the same stunt on say a company like Apple. Hypothetical Example Nearly one quarter of Apple revenue is in China. If they were faced with the ultimatum of handing over US data on Falun Gong followers (illegal in China) or face removal from the country. Would Apple be forced to comply and what would be the reaction from the US.
Maybe Apple would just leave the Chinese market. Google did. But it would be a bigger deal for Microsoft to leave the European market.
Well, they could split into genuinely different companies (one per power bloc), bound by trading and development contracts so they could offer a seamless service. Splitting by subsidiary-per-country would not have the requisite effect because the group company has control. The market might even like the unbundling of these mega-corporations because that provides more transparency and market flexibility.. My feeling is that that's not going to be necessary for them because I think (as evidenced by TPP, TTIP etc), the corporates are more powerful than the governments or law. It was gratifying to hear on the BBC Panorama programme with Snowden (not a particularly good programme IMO), that the social media companies were not cooperating with providing backdoors/encryption weakeners.
Well, that makes some sort of sense, I suppose. But on the other hand, anything can be viewed from anywhere else, pretty much, with enough ingenuity and persistence. So hey.
I wonder IF M$ would be open to allowing for a system like Protonmail. Each user could generate a key that only they would know the password for and that the provider has no access to. Could they handle the "loss of control" emotionally? This approach is not as good as full gpg on the user end, but its idiot proof and they handle the protocol well. Of course it assumes the user knows the value of a "good" passphrase, which is usually not the case.
Right. Riseup is implementing that, since their latest encounter with the FBI. But it's not a replacement for GnuPG. They complement each other. And whatever you do with email, you have the metadata leakage from headers. So you just make sure that no headers identify you in meatspace.
"Supreme Court to consider major digital privacy case on Microsoft email storage... The case began in 2013, when U.S. prosecutors got a warrant to access emails in a drug trafficking investigation. The data was stored on Microsoft servers in Ireland. Microsoft turned over information it had stored domestically but contended U.S. law enforcement couldn’t seize evidence held in another country. It said if forced to do so, it would lead to claims from other countries about data stored here. A judge upheld the warrant, but a panel of the U.S. Court of Appeals for the 2nd Circuit overturned the ruling. The full circuit then split evenly on whether that decision was correct. The Justice Department asked the Supreme Court to reverse the lower courts. It said the decision conflicts with past decisions in lower courts that “a domestic recipient of a subpoena is required to produce specified materials within the recipient’s control, even if the recipient stores the materials abroad...” https://www.washingtonpost.com/poli...e74936-b278-11e7-be94-fabb0f1e9ffb_story.html