How a US court has just redefined universal justice
In a landmark decision that will have major consequences for international law, on Friday, US judge Loretta Preska ruled that Microsoft must handover emails it holds on a server in Ireland sent and received by the suspect in a drugs trial.
The usual procedure in such cases would be for Preska to request the data from the Irish government via the Mutual Legal Assistance Treaty (MLAT), which Microsoft had recommended in April, after it refused to comply on the basis that the United States has no authority to issue a search warrant outside its territory. But Preska dismissed this approach, describing it as “generally slow and laborious,” deciding that it was much easier and quicker to sidestep international law when US interests are at stake:
“It is a question of control, not a question of the location of that information”
Microsoft has appealed against the ruling, but for many companies around the world, this case will have destroyed any confidence they may still have retained in US technology firms after Edward Snowden’s disclosures over the last year of their collusion in mass spying carried out by the National Security Agency. To spell it out, what this ruling means is that if you use any US internet provider’s services, regardless of where you are, what nationality your are, and regardless of where your information is stored, a US court can require that company to provide it with all your data.
And of course we’re not just talking about accessing your business’ data, but that of your customers. European data privacy legislation, or that from any other country, means nothing to a US court.
Essentially, this is an extension of Washington’s policy of sending drones out to anywhere in the world to assassinate anybody it considers a threat: Pax Americana covers the entire planet, and its application requires nobody’s approval. Taking advantage of its technological supremacy, and effectively redefining the concept of universal justice, the United States has just established that any US company operating anywhere in the world is now at the behest of the US government, and must hand over data on foreign nationals and businesses. Needless to say, the same doesn’t apply to overseas governments who may be interested in what a US citizen or company has been up to: they will still have to go through the MLAT.
This decision will make a lot of companies around the world sit up and take notice. To all intents and purposes, from now on, service level agreements with US companies are not worth the paper they are written on, and can be overruled by any US judge: little wonder that the German government recently cancelled a contract with Verizon. US companies operating around the world will now find themselves under fierce competition from other players not subject to the dictates of the US government or justice system in cases where privacy or data access are key issues.
Meanwhile, we learn that, surprise, surprise, terrorist groups and organized crime are developing their own encryption systems using Android. Perhaps the time has come for companies that value their customers’ data to take a leaf out of the bad guys’ book and start doing the same.
(En español, aquí)
