1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Microsoft loses overseas data privacy case

Discussion in 'Article Discussion' started by Gareth Halfacree, 1 Aug 2014.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
  2. RichCreedy

    RichCreedy Hey What Who

    Joined:
    24 Apr 2009
    Posts:
    4,698
    Likes Received:
    172
    and no doubt, the EU will bring in laws making it illegal to release data to governments outside EU control
     
  3. Gambler FEX online

    Gambler FEX online What's a Dremel?

    Joined:
    17 Jun 2002
    Posts:
    21
    Likes Received:
    0
    So even if I choose a non us (nsa) or non uk (gchq) I must also be careful of any that has owners in the US?
     
  4. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    I doubt the EU will do anything to prevent the release of data to governments outside the EU, if anything they will pass a law to reflect US law. It tends to be the way of these things, when one government infringes on peoples civil liberties others tend to follow.
     
  5. Dave Lister

    Dave Lister Minimodder

    Joined:
    1 Sep 2009
    Posts:
    880
    Likes Received:
    12
    Completely agree. The EU is just another US puppet.
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
    Not even owners; operations would be enough. Your Swiss cloud provider has a single US customer? That'd be enough, arguably. (Enforcing a ruling against a foreign company that doesn't care if you ban it in your own country would be a challenge, mind.)

    The solution, as always, is strong client-side encryption: never upload anything to your cloud provider in-the-clear. Assuming your chosen encryption method isn't crackable and/or hasn't been back-doored by the spooks, all your provider will be releasing will be the encrypted data. There are several cloud storage providers, like SpiderOak, that build this directly into their software - so-called 'zero knowledge' systems, where the provider couldn't expose the plaintext even if they wanted to.
     
  7. impar

    impar Minimodder

    Joined:
    24 Nov 2006
    Posts:
    3,109
    Likes Received:
    44
    Greetings!

    Does this affect, or could affect, the Microsoft accounts for login in Windows OSes?
     
  8. Nexxo

    Nexxo * Prefab Sprout – The King of Rock 'n' Roll

    Joined:
    23 Oct 2001
    Posts:
    34,731
    Likes Received:
    2,210
    That data should be encrypted, so I doubt that it would be of any use.
     
  9. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    Isn't there a law that says you have to provide the encryption key, or something like that.

    Personally i think all requests for data should be handled the same way we do in the real world, a warrant should be served to the individual who owns it. (at least i think that's how it works)

    Can TPTB serve a warrant on a company like Big Yellow Self Storage without first contacting the owner ?
     
  10. RichCreedy

    RichCreedy Hey What Who

    Joined:
    24 Apr 2009
    Posts:
    4,698
    Likes Received:
    172
    that's the problem, Microsoft takes ownership of data on its servers, so as to help with data protection laws
     
  11. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
    The Regulation of Investigatory Powers Act (RIPA), which allows for a jail sentence if you refuse to divulge passwords and/or provide decryption keys when requested. That's a UK law, though, and would be very difficult for a US court to enforce on a UK citizen. In other words: encrypting your data before uploading it to the cloud will protect you from other countries, but not your own (assuming "your own" is the UK, or a country that has similar laws regarding encryption.)
     
  12. schmidtbag

    schmidtbag What's a Dremel?

    Joined:
    30 Jul 2010
    Posts:
    1,082
    Likes Received:
    10
    So first of all - who the hell feels the need to get info on Ireland? They're one of the most helpful countries in the world proportionate to their population and income. I don't see what the US government could possibly want from them.

    This situation is just so annoying. I'm not a fan of MS but I personally appreciate how they don't want to give away customer data to governments. I'm not sure if this means just cloud data or all data (including searches).

    It won't be long until the US makes some serious enemies in the world that used to be allies. I really hope to move out of the country before that happens.
     
  13. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    I don't think it's info on Ireland, it's info that is stored there or any other non US countries. I think (not sure) that when a warrant is served to Microsoft to provide the data it holds on a particular user account it can no longer say the warrant is invalid because the servers are outside US jurisdiction.
     
  14. Locknload

    Locknload Jolly Good Egg

    Joined:
    28 Jun 2009
    Posts:
    241
    Likes Received:
    24
    If i personally had data which i considered private, and the government or (*LAUGH*) the USA asked to see it and compelled me to hand over passwords etc...They can go and kiss my big old ass, and give me a cell.

    Who the funk do they think they are?

    Screw them all...... Nonces!
     
  15. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
    You might want to re-read the article; you appear to have confused "data in Ireland" with "data on Ireland."
    There's at least one person in prison right now who believed that. For some, it's actually a smart way of reducing their sentence. Let's say, for example, that Joe Madeupname is a criminal. He's a child pornographer, or a terrorist, or a spy. He has pictures, videos, whatever kind of data that would result in a hefty prison sentence were they to be found, so he encrypts them. He gets raided, and his decryption keys are demanded under RIPA. "No," he says. Et voila: a potential 15-to-life sentence just became five years (two if they can't convince the judge that the case involves child endangerment or national security.)

    Then there's the flipside of the legislation: if Steve Differentmadeupname is innocent but suspected of a crime, and he can't prove that the chunk of seemingly random data they pulled off his hard drive isn't an encrypted volume, or can't unlock a genuine encrypted volume because he's honestly forgotten the password or deleted the key, that's two year's in chokey regardless of his innocence relating to the original crime.

    Then there's hidden volumes: TrueCrypt, backdoored or not, had the ability to have multiple levels of encryption. Create a 50GB encrypted volume, protect it with PasswordA, store a few files in it. Create a hidden volume on that encrypted volume, encrypt it with PasswordB. If raided, give LEO PasswordA; there is, in an ideal implementation, no way for them to prove that there is a second password that unlocks an additional layer of data. Get-out-of-RIPA-free card, basically.
     
    Last edited: 1 Aug 2014
  16. Alecto

    Alecto Minimodder

    Joined:
    20 Apr 2012
    Posts:
    134
    Likes Received:
    1
    For real ? Every computer with a hard drive installed (including, among others, those used by the judge, jury and court officials ...) has some unused space left on its hard drive(s), lest the OS would get into trouble. Who gets to decide that they don't have to prove there isn't an encrypted volume hidden there and consequently serve 2-5 years in jail because they couldn't possibly disprove something that doesn't exit ?

    Even if that space was nothing but binary zeroes it could (in theory) still contain a hidden volume, with data and encryption key coming out as series of 00000000 purely by coincidence. So one woudl end up in jail even when there never was any hidden data container ... absurd.
     
  17. kHAn_au

    kHAn_au What's a Dremel?

    Joined:
    12 Dec 2005
    Posts:
    21
    Likes Received:
    0
    Have any of you read the Azure T's & C's? It states clearly that data will be given to the US up on a valid request.
     
  18. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    No they don't.
    They state...
    And of most relevance to the above article...
    AFAIK warrants are only applicable to the country they are issued in, it's why someone like Julian Assange is held up in an embassy, because the arrest warrant isn't enforceable outside the jurisdiction that it was issued from, and why extradition orders are agreed.

    This ruling in the US courts makes a mockery of international law (imho).
     
    Last edited: 2 Aug 2014
  19. Nexxo

    Nexxo * Prefab Sprout – The King of Rock 'n' Roll

    Joined:
    23 Oct 2001
    Posts:
    34,731
    Likes Received:
    2,210
    Hmmm... I read these T&C to carefully avoid the question where these legal requirements come from. The way they are phrased, "required by law" does not state which law (local to the region where the data is stored or not), or which legal requirements (local to the region where the data is stored or not). Sneaky.
     
  20. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    They don't have to state which law, AFAIK laws are only applicable in the country they are made in, if you want to apply a law that is outside its jurisdiction you have to go through the international legal system, or come to some form of agreement.
     

Share This Page