The U.S. Government, currently in a legal battle against Microsoft, wants the latter to turn over a customer's emails stored overseas that is suspected to be linked to a case of narco-trafficking. While the software editor denounces a flagrant infringement of privacy rights, the U.S. Government took refuge behind the argument that although the offending mail is located abroad, it is under the control of an American company and thus U.S. laws.
A victory for the United States Government could have serious repercussions for the Bitcoin industry where large amount of private keys (and thus of bitcoins) remain stored online, through hosted wallet providers.
For the U.S. government, the situation is quite simple: Microsoft is an American company, the place of storage of the data is therefore irrelevant. One point that refutes the company, saying instead that it makes all the difference. Indeed, the place of storage can have some importance, as highlighted by the FISA (Foreign Intelligence Surveillance Act), which allows to retrieve data pertaining to foreign users if it is stored in servers located physically within the American boundaries.
However, Washington has also recalled that the mandate must be applied by Microsoft because Cloud computing (and therefore Microsoft online mailling platform, Outlook) is not covered by the fourth amendment of the Constitution related to the protection against searches and non-motivated seizures.
Nevertheless, U.S. Justice has validated the arguments of the American executives twice this summer, July 31 and August 29, after a first trial in May. It wondered today on ways to compel the multinational to execute its decision. The contempt order is an option. Microsoft, who wishes to use the judicial process, could drag on. A bitter battle with global repercussions is profiled with the next deadline decided by judge Loretta Preska on September 5 to comply with the decision.
A Threat to Bitcoin?
In the name of anti-terrorism and the fight against crime, the American federal government considers legitimate to gain access to data stored on the servers of global data center operators, nevertheless of the location, if the business is active or incorporated in the United States. "It's a control issue, not a matter of information location" said the late July judge Preska of the Federal Court for the Southern District of New York.
While many Bitcoin hosted wallets and bitcoin exchanges continue to store wallets' private keys on their servers in order to automate the transfers of their clients funds through hot wallets, such government rights could significantly threaten the funds their customers: The private keys (and therefore, the entire property of one's wallet) could be seized, as seen during Silk Road's case. The difference being that American justice can now act regardless of the location of servers or of the company which owns them, in the world.
It could be even tempted to consult all the information about a Bitcoin Business’ customer (which, for example, has submitted identity information (Also known as KYC) to the platform), for judicial purposes, and why not in a near future, for tax investigations?
This problem is not without recalling one posed by Ben Lawksy’s Bitlicense, which section 200.15.g.2 recommends:
Enhanced due diligence for accounts involving foreign entities. Licensees that maintain accounts for non-U.S. Persons and non-U.S. Licensees must establish enhanced due diligence policies, procedures [...]
Many bitcoins figures rose up against the various proposals of this license, like Eric Vorhhes, author of a virulent article against the Bitlicense, or Anti Money Laundering specialist Sian Jones, who indicated:
The [BitLicense] regulations will apply not only to virtual currency businesses in New York State but also to anyone anywhere in the world engaged in virtual currency business activity involving New York or involving someone who resides in New York or is located there or has a place of business or is conducting business there regardless of where she or he is at the time. And that doesn't just mean clients. It applies equally to payees, recipients and counterparties. Even if a virtual currency business outside New York decides not to do business involving New York or with New Yorkers, it will nevertheless need to know the identity of all parties to a transaction in order to be aware of any New York connection.
Fortunately, It seems that Microsoft knows a similar support from peers in the computer industry: other companies, including AT&T, Apple, Cisco and Verizon support Microsoft's case, concerned that customers will no longer trust them.
The German government, for example, is reported to have told Microsoft that it won’t use data storage from US companies unless this kind of ruling is overturned. Microsoft explained in June :
In some instances, potential customers have decided not to purchase services from Microsoft and have opted to instead for a provider based outside the United States that is perceived as being not subject to US jurisdiction
If this trend continues, the US technology sector’s business model of providing ‘cloud’ internet-based services to enterprises, governments, and educational institutions worldwide will be substantially undermined.
Identical threats would be likely to weigh on Bitcoin industry, when we know that privacy concerns are crucial for the average Bitcoin user, a 32.1-year-old libertarian male according to a research conducted by a Bitcoiner.
Let us hope that the extended Bitlicense comment period will give Ben Lawsky the opportunity to rewrite a proposal more appropriate to the reality of the market, and its users.