Cookies are used for the best experience on my website.

Accept Cookie Policy

No internet detected

Check your connection and try again.

Logo Image

No match found

Buy a coffee

I launched this blog in 1995. Since then, we have published 1603 articles. It's all free and means a lot of work in my spare time. I enjoy sharing knowledge and experiences with you.

Your support

Have you learned something new by reading, listening, or watching my content? With your help, I can spend enough time to keep publishing great content in the future.

Or, select an option below:

A small slice of my data processing time each month

It's ongoing work running this site and what's really great is ongoing support. Here's a sense of what goes into this site: research topics for discussion. Manage the Tech stuff: website, SEO, graphics, email, back-end servers, DNS routing, edge servers. Create advertisements and load the campaigns in Google Ads. Manage the social media forums (Facebook, Reddit, Twitter). Write updates to the blog. Keep GitHub up-to-date.

$4.50 — A large cappuccino at my local

Things just work better with coffee! I like to take the kids to school then grab a cappuccino from my local on the way home before beginning the things that take mental energy.

$8.99 — A month of Netflix for some quiet nights in

A lot of the work on this happens after hours when I should be relaxing on the couch. Help me make it so and I promise to keep off the devices for a bit!

$11.50 — Fund a month of email delivery

This site sends out thousands of emails every month. For that volume and to ensure deliverability, I need to pay MailChimp.

$20 — Pay for one month of AWS storage fees

Websites are not free. The storage alone takes some cash. If you are willing to lighten the burden, we can keep this site up online.

$30 — One hour's pay for a graphics artist

Art doesn't create itself without a hand to guide it. I can't draw, so I need to pay others to help.

$45 — Pay a full-stack web developer for one hour

Much of the work on this site happens on weekends which means giving up time with the kids. Help me pay the developers so I can give my kids more time.

How One Judge Single-Handedly Killed Trust in the US Technology Industry



  • 1517

  • 8189

  • 1

  • 0

  • 0

Richie Bartlett

I see more job growth for foreign datacenters and security experts as EU will probably want to keep more data at “home…”

US Judge Loretta Preska ruled Microsoft must hand over data it stores overseas Image: Federal Bar Association

Some people volunteer at shelters. Some people play video games. Some work tirelessly for 80 hours a week for the sake of their startup.

Some destroy the global trust in the US technology industry.

In a single two-hour courtroom session on Thursday morning – just in time for lunch – US District Judge Loretta Preska ruled on a case that has massive global implications for US technology giants.

It’s not like there was much left in the wake of the Edward Snowden disclosures, which threw nine Silicon Valley giants under the global surveillance bus more than a year ago. But we were coming to a point where our collective trust levels in these companies, which are fighting for their right to disclose government data request figures, were slowly rising – at least in the US.

To the outside world, lack of trust was still a big issue. Particularly for Europe. As the closest continental friend to the US, there was a lot of work that needed to be done.

But as relations were beginning to improve, the US judiciary decided that, for the purposes of its own law enforcement and intelligence agencies, the world was its oyster and data stored outside of its jurisdiction was fair game.

US to Europe: We’ll take what we want, when we want it 🔗

The US has a relatively long recent history of exercising its laws “extraterritorially” – from drone strikes in Pakistan to overseas military activities, and in recent times, the bulk acquisition of data from foreign (and often friendly) states for intelligence purposes.

So it’s little wonder that with this collective mindset, Preska decided to make the world’s data available to the US government, in spite of foreign nations’ own judicial and legal regimes, supra-national fundamental values, and even public international law.

US Judge James Francis

Microsoft contends that courts in the United States are not authorized to issue warrants for extraterritorial search and seizure, and that this is such a warrant.

The ruling on Thursday follows from an earlier lower court, in which U.S. Magistrate Judge James Francis in New York ruled that a search warrant can be applied outside the country.

The theory was that because Microsoft, named in this case, owned and controlled a foreign subsidiary company based in Dublin, Ireland, any data stored in its overseas offices or datacenters still fell within US territory – albeit loosely.

The official channels between countries that allow cross-border law enforcement operations to work, called mutual legal assistance treaties (MLAT), are “generally… slow and laborious,” Francis said in his ruling . He added that the “burden” on the US government to work with other nations would be “seriously impeded.”

Naturally, Francis did what any US judge would do and put the US population – and the government – first and foremost. It’s not his, or any other justice’s job, to worry about the effects on other states or nations outside his jurisdiction.

The Redmond, Wash.-based software giant was quick to challenge the ruling, pushing the case to a higher court.

Other major US technology and telecommunications giants lent a hand in the second stab at the case. Verizon submitted an amicus brief in Microsoft’s support, concerned that its overseas data could also be at risk. Apple, AT&T, and Cisco also threw their weight behind the software giant.

But it’s a surprise so few companies joined in, considering how the legal precedence of Preska’s ruling would affect the entire US technology industry. When Preska was charged with handling the case, the burden landed on her shoulders to decide whether or not the US could legally (at least under its own jurisdiction) walk in to any foreign datacenter loosely associated with a US company and grab whatever data it wanted.

“It is a question of control, not a question of the location of that information,” Preska said in the court ruling.

And so the verdict was set, at least until a higher court can take the case. Preska stayed the verdict until an appeal can be lodged, but the court had its say. Foreign data was as up-for-grabs as domestic data was.

It wasn’t just a domestic case. The effects would hit the ceiling on a global scale. It was a very international problem.

Because Ireland is one of the 28 member states of the European Commission, the onus of responsibility for its laws falls between Dublin, and Brussels-based bureaucrats.

European law is relatively straightforward. Data must not leave Europe under any circumstances unless the country it’s going to can guarantee the data will be treated as if it’s still in Europe. Why? Because Europe’s data protection and privacy rules, brought into force in 1995, are the strongest in the world. Any data held by a company in Europe still ultimately belongs to the citizen who generated it. A citizen can request access to his or her own data, and when it’s no longer needed, it must be deleted.

That posed a problem for the US, which was at the time nurturing Silicon Valley-based startups, which would go on to be the technology giants who provide the services Europeans need – from business data, social networks, and websites dedicated to kitten pictures.

Europe’s data protection and privacy rules led major technology companies to build local datacenters in Ireland, Singapore, Australia, and elsewhere. It was a two-fold win: data would be stored locally, and it would reach their customers faster – and in case of a massive facility failure, companies could “geocache” data so it can be pulled from other datacenters.

Because Europe realized Internet data still had to flow without being impeded, the Safe Harbor principles were introduced in order to create a channel between the two continents. These rules meant that US companies must promise to treat European data like it’s still under European law, even when it’s in their US datacenters.

If they fall foul of that, Europe can cut off the data supply. That could mean Facebook suddenly not working in the 28 member states. It’s a worst case scenario, and largely unfeasible in this day and age, but those are the principles which the companies abide by.

It’s not like this wasn’t happening already 🔗

The US didn’t always play fair, as the NSA disclosures proved.

The US government has for years, according to documents leaked by Snowden, allowed the NSA and other US intelligence and law enforcement agencies to bypass MLAT and swipe the data it wanted or needed using existing US laws.

Remember the Patriot Act? The Foreign Intelligence Surveillance Act? Both are crucial weapons in the NSA’s arsenal because they can force the handover of overseas and domestic data and gag the companies from saying anything.

Both laws helped formed the basis of the NSA’s PRISM program, used to take US and foreign data as and when the NSA needed it.

EU Justice Commissioner Viviane Reding, charged with protecting the data protection and privacy rights of more than 500 million Europeans, went nuclear at her American counterparts when the PRISM scandal broke. And for good reasons. She wasn’t naive to think that friends don’t spy on each other, but the scope in which the US was snooping on her fellow countrymen was far beyond anyone’s expectations.

Reding said in the wake of the Snowden scandal that the US government must use the official MLAT channels if they want data in Europe.

But now, thanks to Preska’s latest ruling, the US government has yet another legal backup line to use in order to grab what it wants, when it wants it.

There goes the global neighborhood 🔗

Questions remain over what happens next.

Some have called for Europe to take affirmative action. Remember Safe Harbor? Suspend it, say some. Data must flow, but not to a country that uses your data for its global data mining needs.

The US government and the European Union may have to hash it out in the so-called World Court. Formally known as The International Court of Justice, it’s where governments take other governments to court, and remains the final arbiter of disputes between nation states.

European officials haven’t ruled it out. But for now, there’s little push from global governments, let alone the international court, to act. And at any rate, the US pulled out from the court’s compulsory jurisdiction in the late 1980’s, forcing any issue to be brought up at the United Nations – if any state cares that much.

As for you? If you’re based in the US, you may enjoy the freedom and the protections of the constitution. But you also know the risks (and are making the conscious decision) to live there.

As for the vast majority of foreigners not living in the US? The bottom line is simple, and it’s a question rather than a statement.

Based on this ruling, why should you ever trust a US technology company again?

This license allows reusers to distribute, remix, adapt, and build upon the material in any medium or format, so long as attribution is given to the creator. The license allows for commercial use. If you remix, adapt, or build upon the material, you must license the modified material under identical terms.