The Anglo-American Data Empire
In a piece for Salon today, I note that both in US domestic warrants for Stored Communication and in the law the UK will push through, DRIP, the US and the Brits are asserting they should be able to demand data stored anywhere in the world. Here’s the US part:
The U.S. data grab started back in December, when the Department of Justice applied for a warrant covering an email account Microsoft held in Ireland as part of a drug-trafficking investigation. Microsoft complied with regards to the information it stored in the U.S. (which consisted of subscriber information and address books), but challenged the order for the content of the emails. After Magistrate Judge James Francis sided with the government – arguing, in part, that Mutual Legal Assistance Treaties, under which one country asks another for help on a legal investigation, were too burdensome — Microsoft appealed, arguing the government had conscripted it to conduct an extraterritorial search and seizure on its behalf.
As part of that, Microsoft Vice President Rajesh Jha described how, since Snowden’s disclosures, “Microsoft partners and enterprise customers around the world and across all sectors have raised concerns about the United States Government’s access to customer data stored by Microsoft.” Jha explained these concerns went beyond NSA’s practices. “The notion of United States government access to such data — particularly without notice to the customer — is extremely troubling to our partners and enterprise customers located outside of the United States.” Some of those customers even raised Magistrate Francis’ decision specifically.
[snip]
The government’s response, however, argued U.S. legal process is all that is required. DOJ’s brief scoffed at Microsoft for raising the real business concerns that such big-footing would have on the U.S. industry. “The fact remains that there exists probable cause to believe that evidence of a violation of U.S. criminal law, affecting U.S. residents and implicating U.S. interests, is present in records under Microsoft’s control,” the government laid out. It then suggested U.S. protection for Microsoft’s intellectual property is the tradeoff Microsoft makes for complying with legal process. “Microsoft is a U.S.-based company, enjoying all the rights and privileges of doing business in this country, including in particular the protection of U.S. intellectual property laws.” It ends with the kind of scolding usually reserved for children. “Microsoft should not be heard to complain that doing so might harm its bottom line. ”
Click through to find out why the UK data grab is even worse.
Effectively, both English speaking behemoths are arguing that borders don’t matter, they can have any data in the world. And while we know NSA and GCHQ were doing that for spying purposes, here they’re arguing they can do it for crime prevention.
Breathtaking claims, really.
the question of pressing interest to me is – who are the individuals behind this pusht for american dominance (with british tag-a-long a happy consequence of the u.k.’s weak laws governing government overreach).
You can start with President Barak Obama, Senator Diane Feinstein, AG Eric Holder and go down (or up depending on how you view it) the chain of command from there. The names may have changed, but the policy is the same. Sedition and treason are what they are. That has not changed since 2001.
I know there’s a whole body of law on the issue of extra-territorial application of US laws. It’s odd to think that this question hasn’t come up before. Ah, the power of the Internet!
This is worrying. But I also worry about the unintended implications of embracing the other side of the argument. Much of the justified outrage at large multinational corporations today is that they use borders in a cynical and arbitrary way to avoid positive, justified legal responsibilities. While maintaining all the effective benefits of being a single entity, they dodge massive amounts of tax obligations by shuffling cash and ownership titles across borders that are otherwise meaningless to them. They cut corners on labor and environmental standards in “overseas subsidiaries” to obstruct central enforcement of basic ethical conduct. And so on.
.
I’m not going to pretend that there isn’t a very serious issue here: respecting borders is also potentially about respecting the democratic rights of sovereign populations to regulate what goes on in their territories. Even if data being physically “in my territory” has almost no practical or economic significance, that principle of sovereignty is still an important thing to deal with. And it’s a natural part of the suite of ideas that we instinctively reach for when we want to object to government overreach on surveillance.
.
But we need to be discerning here rather than jumping into a full embrace of this concept just because it happens to fall on the anti-surveillance side in this particular case. Imagine if this government motion had been filed against JP Morgan, scolding it like a child for hiding behind the “foreignness” of some documents or cash they were holding overseas that was vital to some US legal process on Financial Crisis shenanigans. I daresay we’d be cheering it with barely a second thought, and we’d be pleased at the DoJ’s willingness to call out a company for wrapping itself in the flag, filling US politics with money, and then hiding from obligations across a “border” that means nothing to the company but convenience.
“…(company) wrapping itself in the flag, filling US politics with money, and then hiding from obligations across a “border” that means nothing to the company but convenience.”
.
That is already common practice, without much objection from the USG, and with many facets enshrined in US law. But, why should the Govt get to take the other side of the argument when it is convenient to get personal US citizen data?
.
You will get no argument from me that globalization has generated many horrors. The currently under negotiation trade pacts to expand global corporate power and to further insulate corps from national regulation are being pushed in secret by the same USG that is demanding location independent data about US citizens.
.
One side or the other, but not both. If Mittens can hide his millions from taxation overseas, why should your and my personal communications be any less shielded?
I’m not sure it’s exactly the case of “one side or the other” … there is some reasonable extent to which borders should be seen to matter or not matter, and finding the right balance across so many situations is difficult. I think the key is that both government *and* concerned individuals need to avoid the mistake of leaping onto whichever perspective helps their side in a given case.
.
I’ll make up a totally arbitrary Microsoft example. Say MSFT is storing some user data in Ireland, but the users and the revenue streams made on that data are really in the UK or US, and the data center is only in Dublin for tax purposes. Say we as citizens hypothetically get up in arms about that, and we decide to claim that they should be paying UK and/or US tax on those operations, because it’s *really* UK/US data for economic purposes.
.
Then a case comes around where we feel that the US government is issuing over-broad demands for user data from Microsoft, some of which is stored in Ireland. Yes, we can call “the system” out on its hypocrisy over borders, but we also have to apply the same standard to ourselves. Because we’re outraged over the surveillance demand, it’s tempting for us to throw the kitchen sink at it in opposing it. That would include suddenly caring about the sacred sovereignty of Irish jurisdiction, which means re-evaluating our own position on tax. It might also mean more restrictions on the ability to go after, e.g., the international trade in child pornography.
.
If our *real* problem is that the demand is over-broad — that the government shouldn’t get the data no matter which country it’s hosted in — then we should probably stick to that criticism.
I believe this is exactly why the big companies are fighting this, because it does have huge implications for their tax shenanigans. They couldn’t care less about our data concerns.
I suspect the most damaging aspect of the Snowden revelations is the extent to which it has forced corporations to fight the governments of 5 Eyes. Microsoft isn’t opposing this because they got the privacy religion. They oppose because the dolks who pay their bills, corporate America, is pissed off about the implications of the NSA snooping.
Of course, neither government would engage in such borderless theft of information to enhance its economic competitiveness. Both governments claim, after all, that the only legitimate economic system is unregulated capitalism, devoid as it is, by definition, of monopoly, government regulation, criminal behavior, and other restraints to the beneficent waving of the invisible hand.
DRIP is apparently now law, after a few hours debate. Note that its passage in the upper house was, in effect, by affirmation, that is, without identifying which peers voted yea or nea. One can only hope that this statute, too, will be successfully challenge by the European Court of Justice. Mr. Cameron ignored the last declaration of invalidity it issued concerning similar legislation, his Data Retention (EC Direction) Act 2009. Presumably, he would do the same again concerning DRIP, both because he wants to and owing to US pressure. The court and Mr. Cameron’s peers throughout the EU ought to be working out now how they will respond then.
The USG’s claim that only US law applies concerning requests to MS that it stand and deliver information requested by the USG, even or especially if that information resides solely in an offshore subsidiary, is hypocritical, short-sighted and self-defeating. One can only hope that Congress and the USG would take the same position with regard to taxation of foreign profits held offshore so as to avoid US tax.
Large multinational companies take great pains to contend that they comply with all applicable laws in every country in which they do business. Those subject to SEC disclosure rules tell the SEC and the investing public that they do so. It’s even occasionally true. An Irish subsidiary of MS would be legally bound to comply with Irish and EU laws. If delivering up information to the USG would violate violate those laws, that creates a conflict of law best handled on an interstate basis, not by whipsawing MS. Voluntarily breaking the law should land MS in trouble with its shareholders and Irish and EU officials.
Rather than work through these obvious conflicts in a rational fashion, the US is simply claiming that it’s member is the biggest one on the table and to hell with the rest of you. Readers in Latin America and Africa would find that familiar behavior.
On a related note, it’s unsurprising, post-Bush, that a federal magistrate would hold that a US treaty regarding intergovernmental assistance (binding federal law) is “too burdensome” to comply with and can be ignored when the government says so. Still, the legal academy should bark a little about it, if only thereby to assume a more restful position in the president’s lap.
The UK government’s defense of DRIP seems to be based on the idea that they are doing it all already (!)
e.g.
Thoughts? Does this mean the UK has been doing it all along?