Tuesday, July 7, 2015 from 1:00 to 2:00 p.m. ET – Tune in to hear Brad Holcomb, Committee Chair of the ISM Manufacturing Report on Business put into context the Institute for polupply Management’s Purchasing Managers Index number for June 2015 at 53.5 released July 1, 2015.
Then stay tuned to hear how every manufacturer in the U.S. could be adversely affected by the outcome of the Microsoft case and the Dublin emails. Learn why ten briefs have been signed by 28 leading technology and media companies, 35 leading computer scientists, and 23 trade associations and advocacy organizations that together represent millions of members on both sides of the Atlantic from Senior International Correspondent Professor Adriana Sanford as she explains what this case is about and why it could negatively touch every manufacturer across America.
Resources
There is currently a struggle to maintain privacy in a world increasingly dependent on digital intercon-nection. Although there are con-flicting security threats and privacy protection issues in the U.S. and Europe, it’s clear a global consis-tent approach is needed. Cyber war is one of the biggest threats of the 21st century, and as businesses continue to confront boundary-less crimes and terrorism, the need for collaboration on both sides of the Atlantic and a focus on long-range goals and principles is necessary. There has been intense global interest in the European Commission’s new data pro-tection proposal and its effect on non-EU businesses and their global supply chains.
In 2012, the commission proposed a major reform of the EU legal framework on the protection of personal data. The new proposals will strengthen individual rights and tackle the challenges of globaliza-tion and new technologies. The new EU legislation is expected to address current vulnerabilities of companies’ business IT systems, including payment, ERP and cus-tomer relationship management systems, as well as some of the other challenges currently facing our information society. It’s anticipated the reform leg-islation will provide a basic frame-work for data privacy legislation to other regions and countries around the globe. Supply management practitioners will see a major shift in business leadership attitudes regarding the protection of all personal data. That’s because the binding nature and extraterritorial reach of the upcoming EU reform will affect any business that pro-vides goods or services to EU citi-zens, as well as those that monitor the activities of EU citizens.
The reform legislation is good news for EU consumers because it holds all third parties accountable for data breaches and will stream-line the current data protection requirements and procedures for all 28 EU countries. The privacy framework is expected to provide a uniform set of guidelines for all the European countries, assuring Cybersecurity Collaboration Needed Between U.S., EU Upcoming European Union privacy reform highlights the need for consistent, global legislation to help businesses protect customer and supplier information. By Adriana Sanford, J.D., Dual LL.M., and Wilfried Grommen 2. www.ism.ws 31 businesses and EU consumers consistent legislation and adequate protection.
Multinational companies, such as Hewlett-Packard, that supply data services to large enterprises wel-come this unified regulatory frame-work because it offers consistent regulation for all its European data centers. Many multinational com-panies already employ a dedicated data privacy officer who handles the compliance requirements with the various data protection author-ities. They are also in close collab-oration and discussion with the EU regulatory committees in Brussels regarding the proposed regulation. Not surprisingly, the request by the U.S. government for per-sonal data processed by Microsoft outside the U.S. is creating serious concerns for the cloud computing industry. The July 2014 U.S. court ruling upholding a warrant and requiring Microsoft to deliver data from a Dublin, Ireland, data center to prosecutors in a law enforcement investigation case bypasses the existing formal procedures that are agreed upon by both nations. The Mutual Legal Assistance agreement was designed to manage foreign government requests for access to information and ensure certain safe-guards in terms of data protection. Additionally, in the recent Google Spain case ruling, the Court of Justice of the European Union ruled that, as regards the issue of territoriality of the EU rules, these rules apply “even if” the physical server of a company’s processing data is located outside Europe. The Court of Justice clearly stated that EU rules apply to search engine operators, if they have a branch or a subsidiary in an EU member state.
The need for collaboration between the United States and the EU has never been greater for multi-national companies and technology businesses. Consumer cloud service providers are concerned about the ramifications of conflict of laws where inconsistent or conflicting data privacy legislation could hinder their ability to do business and store data in centers in Europe or other locations. In a world where cloud computing is rapidly expanding, a modern, multinational, cross-boundary approach to privacy and data protection would help global businesses. Companies want to expand globally without the added burden of penalties for non-compli-ance due to conflicting country laws. Over the next few years, the EU will be preparing for Horizon 2020, one of the biggest publicly funded worldwide research and innovation programs to date with a budget of nearly 80 billion euros.
Horizon 2020 will not only raise the level of excellence in Europe’s science and technology base, but also ensure a steady stream of world-class research along with major invest-ment in key industrial technologies. It’s an attractive program for mul-tinationals searching for cyberse-curity information, consistent data protection laws and those who believe privacy is (or should be) a basic human right. ISM Adriana Sanford, J.D., Dual LL.M., is an ASU Lincoln Professor of Global Corporate Compliance and Ethics, a clinical associate professor in the W. P. Carey School of Business, and a College of Liberal Arts & Sciences residential college faculty fellow at Arizona State University in Tempe, Arizona.
Her current academic research focuses on comparative law regarding cybersecurity, privacy and data protection. Wilfried Grommen, located in Brussels, is chief technologist of public sector and European institutions for Hewlett-Packard. For more information, send an email to author@ism.ws. Capital, government, currency and religion: Cardiff; the British pound sterling; Wales is a consti-tutional monarchy as part of the United Kingdom. Mind your manners: Politeness in communication is highly valued. Expect to hear a lot of “please,” “thank you” and “sorry.”
The Welsh tend to be indirect communicators. Down to business: Being on time for meetings, and fol-lowing schedules and deadlines, matter in Wales. Decisions tend to be made from the top down. Humor is often used in negoti-ations, sometimes as a defense mechanism or in the form of self-deprecation and/or irony. Avoid hard-selling and any sort of conflict or confrontation. What to wear: For men, conser-vative, dark or medium-colored suits with shirts and conserva-tive ties; for women, stylish yet classic business suits or dresses and blouses. Jeans or busi-ness- casual attire may be appro-priate depending on the industry. Source: www.culturecrossing.net/ basics_business_student.php?id=240 Around the World Wales © Institute for Supply Management®. All rights reserved. Reprinted with permission from the publisher, the Institute for Supply Management®.
Technology companies including Apple, Amazon, Cisco, eBay and Verizon all filed in support of Microsoft. As have two of the US’s largest business organizations, the US Chamber of Commerce and the National Association of Manufacturers, as well as media organisations including ABC, CNN, Fox News and the Guardian. The unusual level of cooperation among often fiercely competitive organisations comes as privacy advocates argue the US is overreaching its authority in a manner that will set a dangerous precedent for government access to online information across the world.
“We believe that when one government wants to obtain email that is stored in another country, it needs to do so in a manner that respects existing domestic and international laws. In contrast, the US government’s unilateral use of a search warrant to reach email in another country puts both fundamental privacy rights and cordial international relations at risk,” Brad Smith, Microsoft’s general counsel, said in a blog post. At a press conference organised by Microsoft, Victoria Espinel, president and chief executive of the software industry trade group BSA (The Software Alliance), said: “We need to think carefully about the precedent that could be set here.” She said that allowing the US government to use the US courts to access emails stored in Ireland would allow other governments to make similar moves and demand access to information stored in the US. Such a move would damage trust in the technology sector, reduce productivity worldwide and harm privacy, she said. News organisations, including the Guardian, have expressed concern that a victory for the US would allow Washington to go after information stored by newsrooms in the cloud.
“We have stuff governments around the world want. This case may not be about digital journalism but the next case will be,” said Bruce Brown, executive director of the Reporters Committee for Freedom of the Press. The case centres on a drug investigation currently being conducted by US authorities. Smith said the legal system already had practices in place for international crime investigations and that using the US courts to reach documents stored overseas was unnecessary and dangerous. He said in most cases Ireland already handed over documents to the US when asked through its own courts. “The US has well-established treaties with countries around the world that allow them to seek the information they need while ensuring that citizens of other countries retain the privacy protections offered by their own laws and courts. And there’s ample opportunity for work to modernise these agreements further,” he said.
http://www.theguardian.com/technology/2014/dec/15/microsoft-email-warrant-lawsuit-tech-media-companies-join
This post gives a quick update on the background and key issues raised by the case so our clients and readers can be informed as new information develops. Facts Refresher In December 2013, the US DOJ successfully applied for a search warrant ordering Microsoft to produce the contents of the email account of a Microsoft user who the government suspected to be a drug trafficker. In complying with the request, Microsoft discovered that while metadata related to the email account was stored in the United States, the main contents of the account were stored in Ireland.
Microsoft agreed that it needed to turn over the US metadata, but refused to turn over the content stored in Ireland on the grounds that a US search warrant held no authority in Ireland. The US DOJ disagreed with Microsoft’s decision, and an ongoing legal battle ensued. The Battlefront The legal issues in the Microsoft Ireland case are relatively straightforward; Microsoft claims that a US judge has no authority to issue a search warrant for records stored in a foreign jurisdiction. The US DOJ’s argument centers around two points: (1) the “search” pursuant to the search warrant would not occur until an agent located in the United States reviewed the email account’s contents, so the search would not technically be occurring in Ireland, and (2) a search warrant for data should be treated more like a subpoena, which is not subject to territorial limitations.
Why Is This a Big Deal?
The Microsoft Ireland case raises a lot of important legal issues in the technology (including outsourcing) and cross-border transactions space. A few of the key issues are summarized below:
If the US government is successful in its attempts to gain access to data located overseas pursuant to search warrants, US companies may be forced to host data only in those jurisdictions where the local law permits such disclosure, in order to avoid serious conflicts of laws issues. On the other hand, if the US government is unsuccessful in its attempts to gain access to data located overseas through search warrants, it could significantly limit the government’s ability to catch criminals, especially considering that picking a data host location/country is often a trivial choice unrelated to where a US company (or the host’s users) are located. Faced with such a situation, lawmakers may consider broader regulation of the space.
This case also raises the question: Is the United States willing to expose itself to the reverse situation? That is, is the United States willing to honor search warrants issued by foreign judges? What if the foreign jurisdiction has a history of not “playing nice” with US politics? Supreme Court Bound? Whatever the outcome of the Second Circuit’s decision, it is unlikely that the case will be resolved there. The stakes are too high. On the government side, the threats to policing power are generally considered real and every court so far has agreed with the government’s arguments. Meanwhile, the oft-maligned Microsoft Corporation has become the unlikely standard bearer for a substantial consumer privacy dispute and has gained some unlikely allies along the way, such as: Government of Ireland, European Parliament members Telecommunication/broadband carriers such as Verizon and AT&T 28 tech and media companies such as Apple, Amazon, eBay, Cisco, and HP 23 nonprofits/trade organizations such as EFF, ACLU, Brennan Center and the Software Alliance Because the stage is international, the stakes are high for both Microsoft and the US DOJ. It is likely that this case will not be resolved until 2016 or later. That said, it should be the topic of much debate for the remainder of 2015. We hope this is a helpful primer for our clients and readers to prepare them for the inevitable flood of questions once the case hits the news again. http://www.natlawreview.com/article/microsoft-ireland-case-status-and-what-s-to-come
“Ireland does not accept any implication that it is required to intervene into foreign court proceedings to protect its sovereignty,” the brief read. But the Irish government also said it would consider allowing access to data in its country. “As minister for data protection, I have given detailed consideration, from an Irish perspective, to the issues raised in this complex case,” Ireland’s Dara Murphy said Tuesday in a statement. “There are important principles of public policy at play. Having engaged in detailed consultation with my colleagues in government, it was agreed that Ireland should submit an amicus curiae brief to the US court that focuses on the principles involved in this case and that points to the existing process for mutual legal assistance in criminal matters.” The brief notes that the US and Ireland signed a treaty in 2001 that allows them to transfer case evidence to assist in law enforcement activities. The brief has pleased Microsoft, which has called on Ireland to chime in on the issue before any decisions are made by US courts. The US and Microsoft have for the last year been waging a legal war over whether the software company can and should hand over emails from users involved in the narcotics case. Last December, a New York judge said that Microsoft would be required to provide the US government with user emails in connection with a criminal investigation. Microsoft discovered that the emails were residing on one of its servers in Dublin and subsequently refused the request, saying that the US doesn’t have the right to obtain private emails without the “knowledge or consent of the subscriber or the relevant foreign government where the data is stored.” Microsoft says that the stored communications provisions of the Electronic Communications Privacy Act (ECPA) do not apply outside of the United States. Despite Microsoft’s concerns, a court ruled in July that Microsoft must hand over the emails. Microsoft again refused, saying that the US doesn’t have the right to access email communications from people who are not living in the country. While Microsoft General Counsel Brad Smith stopped short of going that far with his statement on the matter on Tuesday, he did write in a blog post on the issue that “the Irish government’s engagement underscores that an international dialogue on this issue is not only necessary but possible.” Smith went on to say that Microsoft has long desired collaboration between governments and not for one to “exercise” any “authority” over another. Microsoft declined to provide additional comment beyond what Smith wrote in his blog post. http://www.cnet.com/news/ireland-says-it-might-help-us-recover-e-mails-from-microsoft/
12/15/14 Today represents an important milestone in our litigation concerning the U.S. Government’s attempt to use a search warrant to compel Microsoft to obtain and turn over email of a customer stored in Ireland. That’s because 10 groups are filing their “friend of the court” briefs in New York today.
Seldom has a case below the Supreme Court attracted the breadth and depth of legal involvement we’re seeing today. Today’s ten briefs are signed by 28 leading technology and media companies, 35 leading computer scientists, and 23 trade associations and advocacy organizations that together represent millions of members on both sides of the Atlantic.
Collectively these briefs make one conclusion unmistakably clear. This case involves not a narrow legal question, but a broad policy issue that is fundamental to the future of global technology.
As we’ve said since this case began, tech companies such as Microsoft for good reason store private communications such as email, photos, and documents in datacenters that are located close to our customers. This is so consumers and companies can retrieve their personal information more quickly and securely. For example, we store email in our Irish datacenter for customers who live in Europe.
We believe that when one government wants to obtain email that is stored in another country, it needs to do so in a manner that respects existing domestic and international laws. In contrast, the U.S. Government’s unilateral use of a search warrant to reach email in another country puts both fundamental privacy rights and cordial international relations at risk. And as today’s briefs demonstrate, the impacts of this step are far-reaching.
Today’s briefs come from:
- Leading technology companies such as Verizon, Apple, Amazon, Cisco, Salesforce, HP, eBay, Infor, AT&T, and Rackspace. They’re joined by five major technology trade associations that collectively represent most of the country’s technology sector, including the BSA | The Software Alliance and the Application Developers Alliance. These groups raise a range of concerns about the significant impact this case could have both on the willingness of foreign customers to trust American technology and on the privacy rights of their customers, including U.S. customers if other governments adopt the approach to U.S. datacenters that the U.S. Government is advocating here.
- Two of the country’s largest business organizations, the U.S. Chamber of Commerce and the National Association of Manufacturers, that collectively represent millions of American companies. Their filing discusses the potential ramifications for the American economy at large and the ability of businesses in all sectors to take advantage of the efficiencies offered by cloud computing.
- Five of the country’s leading civil liberties organizations from across the political spectrum: the Center for Democracy & Technology, the American Civil Liberties Union, the Electronic Frontier Foundation, the Brennan Center for Justice at New York University School of Law, and the Berkman Center for Internet & Society at Harvard. Their brief focuses onthe significant implications for constitutional and privacy rights of the arguments advanced by the Government and endorsed by the District Court.
- Seventeen major and diverse news and media companies, including CNN, ABC, Fox News, Forbes, the Guardian, Gannett, McClatchy, the Washington Post, the New York Daily News, and The Seattle Times. They’re joined by ten news and media associations that collectively represent thousands of publications and journalists. These include the Newspaper Association of America, the National Press Club, the European Publishers Council, and the Reporters Committee for Freedom of the Press. These organizations are concerned that the lower court’s decision, if upheld, will erode the legal protections that have long restricted the government’s ability to search reporters’ email for information without the knowledge of news organizations.
- Thirty-five leading computer science professors from 20 of the country’s leading universities. Their brief seeks to help the court grasp the underlying technology so that it applies the law correctly.
- Digital Rights Ireland, an organization focused on the protection of privacy in Ireland and the European Union, joined by other European civil liberties groups. Their filing notes that the proper way for the U.S. to obtain the information is through use of the mutual legal assistance treaty agreed between the U.S. and Ireland, thereby ensuring fundamental privacy rights are respected.
You can see the entire list of signatories to today’s briefs here. On behalf of Microsoft, I want to convey our appreciation for each of these groups for their involvement.
Today’s filings also reflect the continuing growth in concerns about the issues raised in this case since the District Court’s decision just five months ago. At that time, five companies, one trade association, and one advocacy group filed briefs for that Court’s consideration.
As we said last week when Microsoft filed its own brief in this case, it doesn’t need to be this way. The U.S. has well-established treaties with countries around the world that allow them to seek the information they need while ensuring that citizens of other countries retain the privacy protections offered by their own laws and Courts. And there’s ample opportunity for work to modernize these agreements further.
Law enforcement plays a vital role in investigating crimes and keeping our communities safe. We are not trying to prevent them from playing this role, but we believe reforms are needed that ensure that they do their work in a way that promotes vital privacy protections and builds the trust and confidence of citizens in the U.S. and around the world. The challenges are not unique to the United States. But the U.S. government has the opportunity to help lead the way in devising and enacting much needed reforms. Even while the court case moves forward, it is time for the Administration and the U.S. Congress to engage in a holistic debate on the solutions to these issues and find a better way forward.
http://blogs.microsoft.com/blog/2014/12/15/business-media-civil-society-speak-key-privacy-case/