We have this belief that law enforcement should protect us, but that belief has been sorely challenged this decade, both from the perspective of illegal police shootings and the Snowden disclosures that made it look like the entire US Government had gone rogue and decided it didn’t actually have to follow the laws it enforced.
Adding to this distrust was an apparent US government position, which Microsoft is fighting, that a warrant in the US was all you needed to get access to protected information held by a company doing business in the US anyplace else in the world. This was an incredibly myopic and self-destructive position because a quid pro quo response from any other government could easily do the same. And while we may trust our own law enforcement agencies to not abuse this power, we know that power is abused in a variety of other countries.
The impact to US companies has been particularly dire because this position makes it appear that confidential information contained on any US companies’ servers – regardless of where they are located – can be accessed by simple warrant. This should eventually force these firms to either exit markets or cut deals to have partners located overseas host the US firm’s data, so that it can be protected. But then it opens the door for these partners to go directly to the related domestic customers and cut the US vendor out of the middle, destroying much of the US’s international revenue generation capability.
Given the US government is funded by taxes and that technology is one of the biggest components offsetting a negative trade imbalance, it seems incredibly foolish to critically damage that industry, yet that appears to be exactly what is happening.
Let’s talk about what this is and why you should care this week. At the very least it’ll give you something else to talk about over the holidays other than Donald Trump. I’m not suggesting he isn’t enough, just that you might want a tad more variety.
Read the Electronic Communications Privacy Act, particularly the brief that says it protects privacy then refers to rules on seizing and searching computers. This is one of a number of laws that have names implying one thing but meaning the exact opposite, in this case violating privacy by providing that the US government can use warrants to obtain email from technology providers regardless of where that information is stored (an act that would typically require the involvement of the local government).
Current interpretation of this law, which is what is in dispute, allows law enforcement agencies to bypass Mutual Assistance Treaties and go directly after assets that are stored on foriegn soil. In fact the interpretation of this law is that the related warrant isn’t really a warrant at all but a combination of warrant and subpoena – an incredibly powerful tool, which could legally acquire information regardless of where it was located.
Worse, the interpretation of this law only protects privacy if the information isn’t disclosed overseas. In other words, were your private email obtained in the US but disclosed in China that would be legal where that same disclosure in the US would not.
At the heart of the problem is that the ECPA was created in 1986 – years before there was an Internet – and over a decade before we articulated the idea of a cloud service. It was created at a time when you might have hosting. Back when the ECPA was created, even pre-internet electronic mail services like AOL, Hotmail, or even CompuServe didn’t exist.
What is needed is either a new law or, preferably, a government that doesn’t want to sacrifice the long term viability of a promising new US market in order to get faster access to a few emails located on foreign servers.
The Questionable Part
The questionable part of this and that is that if we are talking about a criminal or terrorist organization they likely don’t use US company-based email services anyway, because they already believe the US government is monitoring them thanks to Snowden. In fact, back in 2011 the UN report on Terrorism indicated that these creative folks had already found a way to communicate without leaving any footprint. In effect there are no emails on any server that can be accessed because of the way they are gaming the email cloud services.
Granted there could be a few folks that didn’t get this memo. But given the amount of damage US service providers are taking as a result of the NSA leaks it would seem this opportunity is short lived and would be largely unsuccessful anyway.
Wrapping Up: The Fault Is With Congress
We are plagued with a Congress that seemingly can’t get anything done (ironically this week, their inability to get things done may stop anything else from getting done over the holidays). Unfortunately that lack of action is creating some rather nasty repercussions for tech companies. It isn’t the fault of law enforcement, they are simply trying to do a job. It is the fault of congress for not focusing on the big picture and protecting US businesses from outdated laws that destroy new markets and innovation.
In the end you care because this could make international cloud providers obsolete and even make domestic cloud providers excessively risky for anything that wasn’t public facing anyway. Think what that would do to your IT budget. Something to think about this week.
Photo courtesy of Shutterstock.