Electronic records outside US not covered by US warrants

The 2nd Circuit Court of Appeals ruled against the Government today in US Government vs. Microsoft. The government is investigating a drug dealer and want access to records held by Microsoft. Microsoft turned over metadata stored on US machines. But they refused to turn over the specific emails stored on machines in Dublin. The company’s position is that the federal government needs to follow the rules of the Mutual Legal Assistance Treaty between the US and Ireland.
This has been winding its way through the appeals court.
The court’s ruling today states “§ 2703 of the Stored Communications Act does not authorize courts to issue and enforce against U.S.‐based service providers warrants for the seizure of customer e‐mail content that is stored exclusively on foreign servers.”
An interesting ruling, and I see pros and cons to the ruling. It does complicate anti-spam enforcement a bit and make it easier for criminals to hide their data overseas while they might be in the US. But it’s already easy for them to do that. Many arrests of spam gangs and others for crimes committed on the Internet over email involve multiple law enforcement agencies across the world.
Full text of the ruling (.pdf link)

Related Posts

March 2016: The Month In Email

Happy April! I’m just back from the EEC conference in New Orleans, which was terrific. I wrote a quick post about a great session on content marketing, and I’ll have more to add about the rest of the conference over the next week or so. Stay tuned!
March2016_blog
Here’s a look at what caught our attention in March:
On the DMARC front, we noted that both Yahoo and mail.ru are moving forward with p=reject, and Steve offered some advice for ESPs and software developers on methods for handling this gracefully. I also answered an Ask Laura question about making the decision to publish DMARC. Look for more on that in this month’s Ask Laura questions…
Our other Ask Laura question this month was about changing ESPs, which senders do for many reasons. It’s useful to know that there will generally be some shifts in deliverability with any move. Different ESPs measure engagement in different ways, and other issues may arise in the transition, so it’s good to be aware of these if you’re contemplating a change.
In industry news, I wrote a sort of meta-post about how the Internet is hard (related: where do you stand on the great Internet vs. internet debate? Comment below!) and we saw several examples of that this month, including a privacy debacle at Florida State University. Marketing is hard, too. I revisited an old post about a fraud case where a woman sued Toyota over an email marketing “prank”. As always, my best practices recommendation for these sorts of things (and everything else!) really boils down to one thing: send wanted email.
Steve wrote extensively about SPF this month in two must-read posts, where he explained the SPF rule of ten and how to optimize your SPF records. He also wrote about Mutt, the much-loved command line email client, and marked the passing of industry pioneer Ray Tomlinson, who, in addition to his many accomplishments, was by all accounts a very thoughtful and generous man.
Finally, I occasionally like to take a moment and follow the twisty paths that lead to my spam folder. Here’s a look at how Ugg spams my email doppelganger, MRS LAURA CORBISHLEY. In other spam news, there’s a lot of very interesting data in the recent 10 Worst list from Spamhaus. Take a look if you haven’t seen it yet.

Read More

Google wiretapping case, what the judge ruled

Yesterday I reported that the judge had ruled on Google’s motion to dismiss. Today I’ll take a little bit deeper look at the case and the interesting things that were in denial of the motion to dismiss.
Google is being sued for violations of federal wiretapping laws, the California invasion of privacy act (CIPA) and wiretapping laws in Florida, Pennsylvania and Maryland. This lawsuit is awaiting class certification for the following groups.

Read More

Experian selling data to identity thieves

If you’re not following or reading Brian Krebs, you should be. He does some of the best investigative reporting in the email, security and internet space. Today’s blog post is a disturbing look into the data selling and identity theft industries. Brian details evidence that shows Experian (yes, that Experian) has been selling consumer data to identity thieves.
 
 

Read More