Ireland is not our enemy … yet.
But if President Obama’s Inspector Javert-like Justice Department isn’t reigned in by cooler heads, it just might become one.
Here’s the skinny:
Microsoft has some servers in Ireland. The feds wanted — demanded — that Microsoft to give them access to the data on those servers, which it claimed it needed as part of a drug investigation it was conducting. Microsoft balked, pointing out to the Department of Justice’s Javerts that American law doesn’t apply in Ireland. And, that acceding to the DOJ’s demands would put Microsoft in the awkward position of acting illegally under Irish law.
DOJ didn’t like this.
Neither did the Irish — who were not happy about what they viewed as the Feds’ overstepping not just their authority but international boundaries.
Irish soil — Irish law.
Understandable — and not just to the Irish.
If the Feds could suborn Microsoft to violate Ireland’s laws (the tech company was subsequently held held in contempt of court for refusing to cooperate) why should Ireland respect American laws?
Why should the Russians — or the Chinese?
This is no small thing.
Maybe the Irish government will decide it has “interest” in data stored on servers inside the United States; maybe the Russians and Chinese will, too. Maybe they will decide their “interests” outweigh legal protections afforded under American law — and apply heavy pressure to the targeted company to hand it over contrary to American law.
How could we possibly object?
Kettle — black.
Right?
And while Irish law may be more or less similar to American law, Russian and Chinese law — particularly as regards privacy protections — isn’t. Among other things, there is no Fourth Amendment in Moscow. No “probable cause” requirement in Beijing. The only thing holding Russia’s and China’s Inspector Javerts back from doing as they like to U.S. companies with operations in their countries is fear of quid pro quo.
But if we do it to them, why shouldn’t they do the same to us?
You see the problem.
As did the U.S. Second Circuit Court of Appeals, which in July ruled against the DOJ — and in favor of Microsoft (and Ireland). Also the rule of law.
Which brings up the broader problem.
There isn’t any. Nothing to cover such international exigencies.
The “applicable” law used by the DOJ to hound Microsoft is a Reagan-era relic called the Electronic Communications Privacy Act, which is air-quoted because it hardly applies to anything in the digital (and international) age. Because it was written decades before the digital age; before there was an internet, before emails … before personal data on servers existed … here or abroad.
The laws and international protocols governing online privacy never caught up with technology — leaving a loophole big enough for the DOJ to drive a jacked-up digital Hummer through.
Under the Electronic Communications Privacy Act, the usual warrant and probable cause requirements that applied to physical documents such as letters either didn’t apply — or applied less — to digital data. For example, data older than 180 days could be accessed without a warrant.
The reason being that before the advent of servers with effectively unlimited capacity, emails and so on would be routinely purged after 180 days to make space for new data. It was thought (rightly) that warrant and probable cause issues were irrelevant after 180 days because you can’t search for data that no longer exists.
And of course, there were no overseas servers back when the Gipper occupied the White House; no issues regarding whose laws applied to data stored abroad.
Result? The Irish-Microsoft fiasco, and possibly, worse.
A new law, the International Communications Privacy Act, has been written to deal with ECPA’s shortcomings — including rescinding the “180-day loophole” for data mining without a warrant — and to tamp down the international kerfuffle over whose laws apply.
And, where?
Under its terms, countries would agree to a framework binding on all parties for dealing with issues that arise over extra-territorial/jurisdictional issues such as data stored on servers in one country, owned by a company headquartered in another country.
Rather than strong-arming a company to act contrary to the laws of another country in which it is doing business, the applicable procedures and protocols would be agreed to by both countries beforehand.
Everyone would know the rules before the game begins.
That way, no one would feel fouled unfairly when the whistle blows.
People’s privacy here — and abroad — would also be protected from arbitrary seizure.
States with sketchy histories of respect for due process and the rule of law — such as Russia and China — would be more inclined to play by the rules, when we agree to do the same thing.
We’d avoid an e-war with the Irish, too.
The lame-duck Congress could do a service by reigning in Obama’s Inspector Javerts at the Justice Department — and passing the International Communications Privacy Act.