Close window | View original article
With every new invention comes a new risk: whoever invented fire quickly discovered that flames can burn you as well as keep you warm.
We've recently looked at some of the problems of "net neutrality" for the Internet. Is it a good idea for the government to have the power to tell companies what they must charge and what services they must provide as they once did with airlines and railroads? On the other hand, when most of the Internet is controlled by a few giant corporations with a heavily biased political agenda, can it truly be said to be free?
If only the struggle for liberty were the only problem faced by the Internet! Unfortunately, the modern development of "the Cloud" has created a whole new set of difficulties.
For most of human history, everything in existence has been just that: a thing. If I have a horse and you don't, it's obvious who owns the horse, and if you steal my horse, it's fairly straightforward to figure out what happened when I see you riding off on it.
The concept of intellectual property made things slightly more complex - early authors quickly discovered that their books were being reprinted all over the world without any payments made back to them. But the books themselves were still physical things which can be counted, bought, sold, traced, stolen, lost, or found. ONce copyright laws came into effect, the amount due authors could be determined by the number of physical copies which had been manufatured.
This matters to more than to authors' bank accounts: many of our Constitutional liberties are based on an assumption of the physicality of ownership. The Fourth Amendment requires the police to get a warrant if they want to search inside our house; but on the other hand, they can't be prevented from looking in a window or from flying over your property and looking down on it.
What about using a nightscope, though? How about a telescope, or a camera from a drone to peer in your back window? Courts have had to address these issues, and so have created the concept of a "reasonable expectation of privacy." Basically, this means that if a normal person would think they are in private, then a warrant is required.
Yet there are exceptions and end-runs. Illegal marijuana farmers often put their plants in the basement under special high-intensity lights, free from prying eyes. Courts have ruled that the police are not allowed to drive down the street with an infrared camera seeking out basements that are unreasonably hot because an ordinary person wouldn't be able to tell.
But your records at the electric company don't belong to you, they belong to the company. So if the police can persuade the electric company to give them a list of residential addresses with massive electric bills - perfectly legally, as the records are their corporate property - they can use that evidence as probable cause to get a warrant and find your marijuana farm.
In
like manner, your "frequent shopper" records belong to the grocery
store and not to you.
Some years ago, police departments sought the records of customers who
bought unusual numbers of small plastic sandwich bags because those
were a common method of packaging illegal drugs for retail sale.
If we are to be a nation of laws, there has to be a way for the police to gather evidence of criminal activity; and if we are to be something other than a police state, there have to be limits on these police powers. Going to either extreme would result in a place nobody wants to live. That's why we have courts, due process rights, laws, and elected politicians to whom we grant the power to set the rules, hopefully based on the inputs of voters.
But what happens when they can't?
Thus we come to the concept of The Cloud - that vast, ephemeral network of data-storage computer servers that are in giant anonymous warehouses somewhere we've never been. Most of us, whether we know it or not, have a lot of personal data in the cloud somewhere - whether it be our iTunes music, or an Amazon-hosted website, or all our family photos on Facebook. Where are all these data, exactly? Nobody knows.
As with a personal computer, the police can apply for a warrant to search a suspected criminal's cloud account. If the server that happens to hold the account is in the United States, the warrant will almost certainly be honored.
But what if it's not? Microsoft is asking exactly that question:
Microsoft challenged a U.S. government search warrant seeking access to customer emails in our Irish data center. On July 14, 2016, the U.S. Second Circuit Court of Appeals ruled 3-0 in favor of our challenge, a decision that helps ensure information stored in the cloud receives the same protection as physical information, paving the way for modern solutions that enhance personal rights and public safety.
Like every other giant Internet company, Microsoft operates server farms all over the world. The U.S. government suspected that somebody had information relevant to a criminal investigation stored on a Microsoft server, and obtained a search warrant. So far, so good, except that the suspect wisely ensured that the particular part of the cloud where their data were stored was in Ireland, not America.
Are American search warrants valid in Ireland? Be careful before you decide.
It might seem reasonable to expect an American company to enforce an American search warrant on their equipment no matter where it is, but would a European or Chinese company be expected to honor an American search warrant against assets held in Europe or China? Of course not.
As Microsoft has pointed out as vehemently as they are able, the
problem
of courts needing data, objects, or persons which happens to be located
in other countries has been with us since
the days of sail. There are well-established procedures for the
legal authorities in one coutnry to present evidence of wrongdoing to
their oppsite numbers in another country and ask the judicial
authorities there for a warrant which would be legally enforceable in
the other country. Microsoft has suggested that if the evidence
of wrongdoing meets the Irish legal standards, it should be presented
to the Irish authorities who would, according to longstanding treaty,
be bound to issue a warrant enforceable in Ireland. Were such a
warrant to appear, Microsoft says, they would be more than happy to
hand the data over to the duly constituted Irish law enforcement under
whose laws their Irish server operates. The Irish authorities
would then convey it to their Americna colleagues.
Microsoft professes to be bewildered that the American authorities don't do that; we share their dismay. If an American company has to honor an American search warrant against their Chinese server but a Chinese company does not, what's the obvious thing for an American criminal to do? That's right - simply use a Chinese hosting company rather than an American one. The law-enforcement situation has gotten worse instead of better and what's worse form Microsoft's point of view, they've lost customers.
Taken to its logical extreme, the Internet companies of any nation would be at a grave disadvantage to companies of any other nation. Even non-criminal Americans would use European companies, and vice versa.
Of course, neither set of governments is going to be pleased with that outcome. Would they try to ban the use of offshore hosting companies entirely? But how do you enforce that, without each country creating its own Great Firewall and the Internet as we know it ceasing to exist?
More likely, they'd do what we already know the major countries are doing: snooping on everyone's Internet traffic no matter where it is, without worrying about warrants. Police like to catch criminals, and if we make it impossible to do so legally, they'll find a less legal way to reach that goal.
The problem with that, as we're seeing revealed ever-so-slowly, is that no government agency or bureaucracy ever knows when to stop. Given the power and ability to do so, they'll use that power against any politician who seems likely to cut their budget, authority, or independence. Once that happens, we no longer are a people with a government, but a government with a people.
On the other hand, if we just shrug and decide that's not a price worth paying, soon enough everyone will have all their data stored virtually out of reach of lawful government, and law enforcement being able to investigate any crimes more complex than a smash-and-grab will be a thing of the past. Is that what we really want?
In principle, there's another way, illustrated by England starting in the Victorian era through the middle of the last century. England had criminals, of course, some of whom did some very nasty deeds. It also had police who chased those criminals, sometimes caught them, and occasionally managed to have them convicted and executed.
But there were unwritten understandings between the cops and the felons, one of which was no deadly weapons. A thug could run from a pursuing bobby and try to get away, and he might even attempt to slug it out with one. He would not, however, generally knife the cop, and almost never were firearms involved.
As a result, for a hundred years the English police had no need to carry any weapon more deadly than a nightstick. Even today, most British cops are unarmed most of the time - which presents a problem when they encounter violent murderers who have never been part of England's culture or social agreement, especially when they're named Mohammed.
This lost understanding was obviously good for the cops - fewer of them got shot - but it was equally beneficial to the criminals who also were a lot less likely to get shot. They might get hanged, but that was only after a trial in a court of law where at least they had a chance to present evidence in their favor.
In America, far too many accused criminals die under a hail of bullets. Much of the time, it seems like they really are felons deserving of death, but many people believe otherwise. Without a public court trial where evidence is presented for all the world to see, such suspicious people can never be persuaded that justice was done. That leads to less confidence in the police and to more violence in both directions, in a vicious cycle that is tearing apart our social fabric.
Most Americans, even shady ones, once were willing to keep their secrets in this country where a legal warrant could obtain them because they knew that the authorities would generally respect their due process rights. For most of our history, our government respected the principle that they needed to obtain a valid, good-faith warrant before snooping around. Unfortunately, the latest revelations about how American federal agencies have been behaving has shown that neither is true anymore. It's unclear how we could turn back the clock even if we all agreed we'd be better off.
It's bad enough to have lawless streets, but a lawless Internet simply cannot function as a World-Wide Web. If we don't want to lose the benefits that this greatest of all inventions has brought to humanity, we're going to have to figure out a way to police it - fairly, justly, and in the light of day.