Wednesday, 21 February 2018

The Microsoft Design Decisions That Caused this Mess

I do not need to spend much space on the merits of the United States v. Microsoft, the case on the extraterritoriality of the email search guarantees that the Supreme Court will decide this term, because Judge Lynch of the Second Circuit, in his concurring opinion in the court below, said almost everything he said.

This is a much closer case that Microsoft or its supporters particularly claim because all those who once litigated the Stored Communications Act ("SCA") understand that their orders operate more like citations than traditional search warrants. This supports the government's arguments, because the lower courts have imposed citations that order companies to present documents in their "possession, custody or control", even if they are stored in another country.

On the other hand, like Judge Lynch, I recognize that even if the Tribunal treats these orders as subpoenas, it could still fail against the United States. The rule that the Court has established in the past (which is free to change or abandon in this case) would seek the "focus" of the SCA, an outdated and notoriously complex statute. In fact, the Court would be more successful in seeking the "focus" of a pile of mulch. There is a high likelihood that, under this focus analysis, the United States will lose and, if so, Congress will have to respond to preserve the ability of law enforcement to access e-mail in many major criminal investigations.

I want to make two comments on the broader context of this case. First of all, it is important to highlight the technical design choices that Microsoft made and could have prevented that led directly to this turbulent international conflict. Second, Microsoft's actions can be read as a secondary declaration of independence from the rule of law, a statement that recruits us all as unwitting revolutionaries.

Microsoft caused this disaster

Like many others who have commented, what I think ultimately about this specific case revolves almost entirely on facts that the judiciary has so far ignored: the nationality and residence of the owner of the email account. If it is a suspicious US drug trafficker operating within the territorial limits of the United States, which is being investigated by the US authorities, using the email provided by a US corporation, then the fact that the owner clicked on a Check box when you created your account should not raise this case to the international incident level. On the other hand, if this case involves an Irish citizen, sitting in Ireland, who clicked on that checkbox honestly, then this becomes much more complicated and more important.

I understand why the courts have not insisted on knowing the answer to the question of nationality. The procedural position of this case - an appeal of a contempt judgment that results after a denial of an annulment motion - means that the proceedings are tentative, wrapped up in the necessary secrecy and without the participation of the person whose nationality and residence we want know, and who, after all, has not yet been accused of any crime, and may never be.

The Supreme Court or Congress could feel differently. Anyone could elaborate a new rule insisting that in cases like this, the parties would be forced to share their best assumptions about the country where the owner of an email account is located, perhaps as part of a multifactorial balance test that try to account for interests of international courtesy.

I hope this happens, as it will shed light on the fact that Microsoft intentionally designed its service in a way that allows users to decide where to store their records and led directly to this disaster.

In the debates on technological and political law, we tend too much to consider the current state of technology as fixed, static and not subject to debate by politics. It is just the product of an intimate and secret conversation between corporations and the invisible hand - pillow talk for the whole Chicago School. This attitude reflects, in part, the hard work of libertarians who continually intimidate the rest of us with the idea that we have to think that technology is "granted to" instead of "created by" ordinary human beings.

Microsoft could have taken some very small steps when it created its first data center outside of the United States that could have told us with much greater certainty the location of the target in this case. If it had, the company could have avoided what is correctly understood as a crisis of manufactured international relations. More importantly, instead of letting users choose the data centers where they store their email messages, Microsoft could have answered that question by making a guess based on the user's IP address, the configuration of language and measured network latency. After all, the company continues to proclaim that its only goal was to reduce network latency. If that is true, why did not the company choose to place each user in the data center with the least network latency?

By not making this simple architectural choice, Microsoft made this case much more difficult than it could have been, even if that was not their intention. If Microsoft had designed to hinder its location in one part of the world while storing communications in another, then a legal rule for access to e-mail could have been designed that would better balance the need to investigate crime while respecting the user. rights and international relations. Under such a rule, first, FBI agents would use a citation to learn from Microsoft the data center used to store a particular account. If this throws a response that the data was within the United States, I would suggest a search warrant. If it were answered that the data were in Europe, a mutual legal assistance treaty (MLAT) request would be in order.

Declare the independence of Microsoft's declaration of independence

There is another issue at play here. The corporate globalists of today are not like yesterday's. Oil tycoons and railroad magnates traded in atoms instead of bits and, as a result, were forced to pay attention to national borders and local rules. This does not mean that they always respected those rules, but at least they had to attend to them. Uber-for all its fundamentally corrupt practices-looks more like iron giants in this respect, fighting and trampling local rules wherever they expand. On the contrary, Microsoft (and Facebook and Google) circumvent the local rule and the rule of law in a much more subtle but equally destructive way: they act as if the global telecommunications network meant that the borders of the world simply do not apply to them , and design their services in ways that frustrate local oversight and transparency.

We know and can oppose what Uber is trying to do; It is more difficult to understand what bit providers do. If we do not start questioning the technological design choices of companies like Microsoft, as I tried to do in this blog post, they could get away with erasing the limits of our maps.

I think it's also useful to think about Microsoft's actions in this case in a different, even more pernicious, light. Microsoft's entire course of conduct - from setting up its remote data centers in a way that allows users to select where to place their data to sue the federal government for seeking an order to investigate a drug-related crime - could be considered a Tactic that is not about respecting the rules of Ireland or the United States or the rights of the Irish or the Americans. It is perhaps part of a much more cynical and pernicious movement to declare the independence of the "tired giant of flesh and steel", echoing the giant John Perry Barlow, who died the day I wrote these words. But the difference between Barlow and Microsoft is the person with the pen. Barlow wrote genuinely about a user's revolution against terrestrial states. That is something very different from being dragged into the revolution by benevolent corporate governors.

This seems more East India Company than Thomas Paine. Revolutions should not be declared by corporations, they should reflect the will of the people, in this case, the users. I am a user, like all of you, and I do not remember registering for the Microsoft revolution. I live in a (mainly) functional democracy; I choose representatives and pay taxes in part to ensure that my wishes are reflected in my society. For me, one thing I need to safeguard is a law enforcement agency with the power to investigate crimes and protect the rule of law. Microsoft also lives here, and could redesign its services to avoid thwarting local government and inflaming international conflict. Maybe Congress should force him to do it. But we, the users, we citizens, should not misinterpret who is to blame for this disaster.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.