Ireland Becomes focus of Privacy Battle with US

Over the last decade, Ireland has become a popular destination for US tech firms to set up international operations, in part because of Ireland setting itself up as sort of a tax haven for tech firms via its "Double Irish" tax dodge. A bunch of tech companies have been criticized for this, though the response of "we're following exactly what the law allows" is reasonable enough. Either way, that tax loophole is closing, though others may show up instead.

But that’s not the only reason many hi-tech companies would rather stay in Ireland. The country is also seen as having some of the most company-friendly privacy laws in the EU, though those are also coming under some scrutiny. This allowed some firms to make changes in the last two months to their privacy policy and terms of service.

Twitter was the first to announce that all non-US users would technically now be managed under Twitter International Company, based in Dublin, Ireland. And, at the beginning of May, Dropbox made a very similar announcement, noting that all non-North American users were now technically under Dropbox Ireland, while users in the US, Canada and Mexico remain under Dropbox in the US. Twitter's new terms went into effect on May 18th, and Dropbox's on June 1st.

By claiming that users are now under the Irish company, it gives Twitter and Dropbox at least some power to try to say no to US government requests for information. So, depending on if you're more afraid of government intrusions in your data than corporate intrusions, then these moves are probably good for your privacy.

Far From Over

But the US and its NSA are far from rolling over and excepting the new steps companies are taking in order to protect their user’s privacy. In some ways, data inside the US has potentially more protections against the US government. Whether you believe it or not, the NSA cannot "hack" its way into US computer systems. It can only use the various other processes it has to demand information from companies. Overseas, however, there are no such restrictions. The NSA has interpreted Executive Order 12333 to mean that it can hack into anything overseas, and this was the justification it used to break into the data centers of Google, Yahoo and likely more companies. But, that still requires hacking into stuff. If US tech companies believe they can successfully fend off such hacks, putting non-US users under Irish law does give them greater protection from the NSA.

However, the battle is still on. There’s an ongoing court struggle between the US Justice Department and Microsoft, over whether or not the DoJ can issue a warrant demanding Microsoft hand over information stored in Ireland. Microsoft has resisted, but the courts have so far sided with the DoJ. Ireland recognizes this is an important fight, and has asked for the EU to come out in support of Microsoft's position.

Microsoft itself explained in one of its legal filings what legal magic the DoJ wants to do in turning a warrant into a quasi-warrant/subpoena hybrid:

The Government's interpretation ignores the profound and well established differences between a warrant and a subpoena. A warrant gives the Government the power to seize evidence without notice or affording an opportunity to challenge the seizure in advance. But it requires a specific description (supported by probable cause) of the thing to be seized and the place to be searched and that place must be in the United States. A subpoena duces tecum, on the other hand, does not authorize a search and seizure of the private communications of a third party. Rather. It gives the Government the power to require a person to collect items within her possession, custody, or control, regardless of location, and bring them to court at an appointed time. It also affords the recipient an opportunity to move in advance to quash. Here, the Government wants to exploit the power of a warrant and the sweeping geographic scope of a subpoena, without having to comply with fundamental protections provided by either. There is not a shred of support in the statute or its legislative history for the proposition that Congress intended to allow the Government to mix and match like this”.<