Who owns your data?

[Norman]

I found this article interesting and it may pertain to those of you who choose cloud storage over onsite storage. The Supreme Court is taking the case so I would think it should be of interest to many. The camel's nose is in the tent. Do you actually own your data or is it the property of the company that owns the server it's stored on?

http://thefederalist.com/2018/01/23/supreme-court-decide-whether-data/

 

[Everskyward]

I don’t get the concept of “owning” data to begin with. You have a certain amount of control over it, or not. But I’m not all in about the concept of owning property either.

 

[steingar]

I honestly don't think you have an expectation of privacy when you store your stuff in another's house unless said other gives you specific security guarantees (post office boxes and safe deposit boxes come to mind).

 

[flyingron]

This court case has nothing really to do with ownership of the data, nor does it seem to have any implications for such. If you read the article, it is mostly factually correct. It's the headline that is bogus (it seems the editor who wrote the headline didn't read or understand the article).

First off, the case at hand is about stored email messages. The privacy of this is already provided by federal law, and this isn't really up for discussion. The feds have a warrant that would be valid had it been directed against a US site.

What happens is that Microsoft is hosting an email account that the feds want into. The account is in Ireland. Microsoft essentially told the feds to take a hike on the warrant as it's not valid outside the US. The first federal court disagreed. The second circuit, however, stated the laws that allow such warrants to be issued or enforced can not be applied to entities outside the US.

 

[paflyer]

I don’t get the concept of “owning” data to begin with. You have a certain amount of control over it, or not. But I’m not all in about the concept of owning property either.

You don't believe in private property?

 

[Everskyward]

You don't believe in private property?

I don't believe you really own it, you're controlling it, for a price. Your ownership is all on paper and determined by laws, that could be changed.

 

[paflyer]

I don't believe you really own it, you're controlling it, for a price. Your ownership is all on paper and determined by laws, that could be changed.

So is everything else, including you life and liberty.

 

[Everskyward]

So is everything else, including you life and liberty.

True, but we were talking about ownership.

 

[paflyer]

True, but we were talking about ownership.

Who owns your life and freedom?

 

[JOhnH]

I don’t get the concept of “owning” data to begin with. You have a certain amount of control over it, or not. But I’m not all in about the concept of owning property either.

Careful! We don't have a spin zone to take this too any more.

 

[Gerhardt]

Maybe the article is accurate, but I'd find it hard to believe that MS really believes that users own their data, not companies. I'd be inclined to wager everything I own that MS really believes that if I store my email or other data on one of their servers that they can do anything with it that they want.

 

[Everskyward]

Careful! We don't have a spin zone to take this too any more.

True, so I will bow out of the discussion.

 

[paflyer]

True, so I will bow out of the discussion.

"After all, we are not Communists."

Data is intellectual property owned by its creator unless legally assigned. Which if you've ready any "ToS" - so called, you've given up all of your rights.

 

[Everskyward]

True, so I will bow out of the discussion.

"After all, we are not Communists."

LOL, I see you are not doing the same.

 

[Matthew]

For some reason, I find Supreme Court decisions fascinating:

Here is the US case to the Court:
http://www.scotusblog.com/wp-content/uploads/2017/09/17-2-cert-rb.pdf

Here's the whole history:
http://www.scotusblog.com/case-files/cases/united-states-v-microsoft-corp/

A non-lawyer take: A federal warrant can be issued for a company to turn over records, it happens all the time. Microsoft says they have no problem doing that, but these records (emails) are stored outside federal jurisdiction. US says, "So what? The warrant applies to whoever is in control of that information and Microsoft is a US company."

 

[flyingron]

Maybe the article is accurate, but I'd find it hard to believe that MS really believes that users own their data, not companies. I'd be inclined to wager everything I own that MS really believes that if I store my email or other data on one of their servers that they can do anything with it that they want.

The article didn't say anything like that and neither did Microsoft. Again, the issue is not data OWNERSHIP. It's whether search warrants in the digital domain should be limited to international borders as tangible items would be.

 

[James331]

So is everything else, including you life and liberty.

Somewhat, actually your liberty and rights, those are two things only YOU can give away, now it might involve loosing your life, but in that case you will still die with your rights and Liberty intact.

 

[Sundancer]

I don't have enough personal data that renting space from MS or Amazon to store it is worth my trouble, or the time to research the implications. Might be convenient for others.

 

[cowman]

I don't believe you really own it, you're controlling it, for a price. Your ownership is all on paper and determined by laws, that could be changed.

I think that's kind of what ownership is, you have control and responsibility for a thing which you presumably paid some price for and it could be sold or, after due process of law taken away. It's still yours and not somebody else's, the latter part of that being significant. On data though I sort of agree- it's not a thing you can really have control over, it's just a pattern of bits in the case of computer files or just knowledge or printed word otherwise. In any case it can be infinitely copied.

IMO privacy is dead. Our ability to collect, store, and most importantly search for information has become too good. Most of the things big data collects aren't anything that was private before it's just that the scale of it has changed. A lot of stuff you'd have had to physically go to a government office or send off for is now available with the effort of a search. Clerks at stores you frequented have always known- or been able to know your purchase habits but now that's all collated into a large database that is again easily searchable. You can't stop it, it's not even a matter of choice at this point. The technology exists, it's cheap and easy, and someone IS going to use it.

What I sincerely hope we do as a result of this is rethink how we handle what we can know about a person- how we treat someone based on things in their past, what criteria are acceptable to judge people on and which are not? Can we learn to become more forgiving when all of our sins become public knowledge for anyone who wants to look?

 

[coloradobluesky]

The NSA.

 

[paflyer]

Somewhat, actually your liberty and rights, those are two things only YOU can give away, now it might involve loosing your life, but in that case you will still die with your rights and Liberty intact.

Amen to that. Freedom!!!!

 

[Lachlan]

Somewhat, actually your liberty and rights, those are two things only YOU can give away, now it might involve loosing your life, but in that case you will still die with your rights and Liberty intact.

Are you the same James who is always railing against the slow erosion of our rights and personal freedoms? Or are you a different James? Because the James I know stands firmly behind his beliefs that we are losing our rights and freedoms more and more every year. That James often cites interactions between the police and the populace for evidence of said diminution of liberty and rights.

 

[James331]

Are you the same James who is always railing against the slow erosion of our rights and personal freedoms? Or are you a different James? Because the James I know stands firmly behind his beliefs that we are losing our rights and freedoms more and more every year. That James often cites interactions between the police and the populace for evidence of said diminution of liberty and rights.

Lol

Well the government keep making more illegal laws, but as a citizen it's on you to follow them or not. Just like how in many many counties it's against the law to say anything bad about he government, yet if everyone followed that law you'd never have any change.

 

[Vince R]

Here’s the issue.

Let’s say you have a traditional datacenter filled with some sort of information, and the government wants it. They go get a warrant, but since the data is physically stored on devices in your offices, the warrant needs to be served to you, and your lawyers can fight it. If the data is, say, protected healthcare records or attorney-client data, you can probably keep it out of the government’s hands.

Now let’s say the same data is stored at a service provider. The government takes its warrant to the service provider, and unless you’ve negotiated otherwise, your data gets handed over and you don’t even know it happened. If you don’t know it’s being sought, you can’t fight it in court, so the government gets data they otherwise might not.

The moral of the story is that anytime sensitive data is stored outside your physical control, you better be protecting it cryptographically so the government still needs to come to you for those encryption keys if they want to read your data.

 

[James331]

Here’s the issue.

Let’s say you have a traditional datacenter filled with some sort of information, and the government wants it. They go get a warrant, but since the data is physically stored on devices in your offices, the warrant needs to be served to you, and your lawyers can fight it. If the data is, say, protected healthcare records or attorney-client data, you can probably keep it out of the government’s hands.

Now let’s say the same data is stored at a service provider. The government takes its warrant to the service provider, and unless you’ve negotiated otherwise, your data gets handed over and you don’t even know it happened. If you don’t know it’s being sought, you can’t fight it in court, so the government gets data they otherwise might not.

The moral of the story is that anytime sensitive data is stored outside your physical control, you better be protecting it cryptographically so the government still needs to come to you for those encryption keys if they want to read your data.

Also a good reason to use servers in countries with strong privacy laws and a no logging policy, also zero reason anyone shouldn't be using a GOOD VPN for all data.

 

[flyingron]

That's not the issue. There's no requirement to "serve" a warrant before commencing a search. All is required is one be issued. You're no better off if you have it under your bed than in Amazon's data center. They will come snatch it up.

 

[Matthew]

Here's one of the scenarios mentioned in the court filings:

Say MS puts your emails on a foreign server, and there's a warrant for copies because of a drug smuggling case (the actual deal). MS says it can't, or won't, honor the court order because the email physically resides offshore, even though a MS employee in Redmond can retrieve it with a mouse click.

What prevents MS from selling copies to the highest offshore bidder?

 

[denverpilot]

IMO privacy is dead.

You can pay big bucks to have folks build privacy shields around things you own with shell companies. There’s people who specialize in it. Beyond that, you have to keep offline for the data mining you’re talking about, and it’s possible to control what’s online about you.

Extremely wealthy families often live this way and severely limit their online and government record ”presence”. Nothing bought in their names ever, and nothing online that wasn’t run past or created by their marketing/social media staff person.

FAA and other government agencies cow-tow to this, with the “hide the tailnumber” games for official data feeds of radar data, etc. Not nice to bother the Senator’s friends and donors, you know.

You can buy privacy. I guarantee it. It ain’t cheap though.

 

[Gerhardt]

The article didn't say anything like that and neither did Microsoft.

Second sentence of the second paragraph.

" Microsoft’s position is that users, not companies, own their data..."

Yes, I know what the suit is about, but my comment was about this line in particular.

Here's one of the scenarios mentioned in the court filings:

Say MS puts your emails on a foreign server, and there's a warrant for copies because of a drug smuggling case (the actual deal). MS says it can't, or won't, honor the court order because the email physically resides offshore, even though a MS employee in Redmond can retrieve it with a mouse click.

What prevents MS from selling copies to the highest offshore bidder?

That's kind of what I was getting at.

 

[bflynn]

A non-lawyer take: A federal warrant can be issued for a company to turn over records, it happens all the time. Microsoft says they have no problem doing that, but these records (emails) are stored outside federal jurisdiction. US says, "So what? The warrant applies to whoever is in control of that information and Microsoft is a US company."

"So what"? At least one question is, can the US courts force a US Microsoft employee to violate the law in Ireland. Irish law is different. They have adopted the European Convention on Human Rights Act of 2003, which in part assures each individual the right to privacy in their correspondence.

It seems to me that a US employee who accesses an email server in Ireland in order to share the information with a US law enforcement agency probably violates Irish privacy law. I have no idea how serious that is, but I don't believe a court can order someone to break a law.

But that is also a non-lawyer take on it.

What prevents MS from selling copies to the highest offshore bidder?

See above

 

[James331]

It's a shame that our "free" country is so far behind the times that fricking Ireland has better online 4th amendment like laws than we do.

Also I'd say another thing that keeps MS from selling your stuff is the free market, a article about them selling you data makes the front page, see how many companies or individuals will keep paying for their server services.

 

[Matthew]

"So what"? At least one question is, can the US courts force a US Microsoft employee to violate the law in Ireland. Irish law is different. They have adopted the European Convention on Human Rights Act of 2003, which in part assures each individual the right to privacy in their correspondence.

It seems to me that a US employee who accesses an email server in Ireland in order to share the information with a US law enforcement agency probably violates Irish privacy law. I have no idea how serious that is, but I don't believe a court can order someone to break a law.

But that is also a non-lawyer take on it.



See above

And that's why I think SC cases are so interesting.

 

[wsuffa]

You can pay big bucks to have folks build privacy shields around things you own with shell companies. There’s people who specialize in it. Beyond that, you have to keep offline for the data mining you’re talking about, and it’s possible to control what’s online about you.

Extremely wealthy families often live this way and severely limit their online and government record ”presence”. Nothing bought in their names ever, and nothing online that wasn’t run past or created by their marketing/social media staff person.

FAA and other government agencies cow-tow to this, with the “hide the tailnumber” games for official data feeds of radar data, etc. Not nice to bother the Senator’s friends and donors, you know.

You can buy privacy. I guarantee it. It ain’t cheap though.

You can limit intrusions on privacy but you cannot buy complete privacy. Unless you become a hermit, that is.

Severely limiting online and government record presence or restricting how things are purchased will not guarantee you privacy, not given current (and coming) technology. Even OSL learned that.

There's too much tracking, facial recognition, data fingerprinting, traceability of corporations and agents to guarantee privacy. Some of the stuff that can be done is scary if you understand and think about it. And I'm not just talking about what the three-letter-agencies can do: Google has as much, if not more, data than they do & better technology to mine it.

Privacy is dead.

 

[Sundancer]

Yep, US gov't ain't the real boogey-man; there are enough eyes-on that Uncle Sam gets called out and restricted to a large degree. Google and company much bigger threat. But it's still easy enough to keep important stuff private. Just a shame you have to do the work to make it so.

 

[X3 Skier]

I’m so old I don’t really give a flying f*** about who owns my emails, much less what I post on POA. If you worry about such cr**, get off the internet and my lawn, by the way.

Cheers

 

[Gerhardt]

I thought there was a ruckus umpteen years ago or so when people figured out yahoo and google were mining emails to target advertisers toward them based on what was said in the emails.

Since then I've always figured anything I wrote in an email on my yahoo or gmail accts weren't confidential.

About the only time I was really upset was when I started getting calls on my cell. "It's good to hear from you, but how did you get my number?" Apparently facebook had made that information available. THAT is why my cell phone has ZERO apps on it. Read the user agreement on almost every app and you'll see that it gives away your right to privacy.

I'm not thrilled about my own government spying on me. But I don't want private companies spying on me either.

The one thing I've always disagreed with is the fact that private companies can collect information on you w/o your consent. Take the Equifax debacle for example. I never consented to them collecting information on me. And I received notice that my information was part of the breach. But I have no practical recourse.

 

[Matthew]

The Justice Department wants the Supreme Court to consider the Microsoft case moot.

The CLOUD Act makes it possible to get a warrant on emails no matter where they are physically stored.

http://money.cnn.com/2018/03/31/tec...t-supreme-court-justice-department/index.html

https://www.cnet.com/news/cloud-act...overnment-access-to-email-internet-microsoft/

 

[denverpilot]

The Justice Department wants the Supreme Court to consider the Microsoft case moot.

The CLOUD Act makes it possible to get a warrant on emails no matter where they are physically stored.

http://money.cnn.com/2018/03/31/tec...t-supreme-court-justice-department/index.html

https://www.cnet.com/news/cloud-act...overnment-access-to-email-internet-microsoft/

Beat me to it. Yup. Your government made that legal problem for Microsoft disappear. Microsoft applauds their changes.

They were sued for not handing over emails stored off-shore in Ireland. No legal way to bring them back in without Irish government approval and no legal way for the Courty to have law enforcement to ask for them from Ireland.

All “fixed” now. For varying values of “fixed”.

 

[Matthew]

I have not looked too deeply for confirmation, but I think this was a situation where the Supremes didn't really want to waste their time and said, "If you don't like it, change the law." So Congress did.

 

[James331]

Since this got brought back, when it comes to picking servers, best to know where countries stand on freedom and not being creepy tyrants, also got to use a little common sense, hong kong obviously has some ethics issues, and Israel wouldn't make through the night without the US governments weapons and tax payer money, so despite not even being in the 14, I wouldn't trust countries like that.

https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/