Jennifer Daskal posted a note over on justsecurity which pointed out the continuing hilarious struggle the court system is dealing with when it comes to data and the nature of data.
To simplify the legal question beyond recognition, they are trying to answer whether or not the US Government can subpoena Microsoft for data it holds in the cloud, ostensibly in Ireland.
Microsoft's preferred answer is "No." and it "won".
I want to point out this is just one of many many places where our legal system is failing because data is nowhere. If I'm a cloud provider I can split the data with an XOR and store it in two completely different places. Or the data can (and usually DOES) move to the closest location it has been accessed recently, or all the closest locations. Or I can store the data in Vanuatu, with an agreement that they won't be subpoenaing me under any circumstances.
These are not scenarios for clever legal minds to pile spaghetti-language on to try to define their way around the problem. Since the first networked file system was installed on a Unix cluster, the only thing we've known about data is we have no idea where that data is really stored.
This is the ongoing continued schism between our legal system and reality: The Tallinn cyber policy lawyers, as their very first axiom, indicated that data must be stored somewhere geographically, and therefore the laws of war were simple to apply to it! We try to define our rules around surveillance based on if a IP Packet (or phone call) is foreign or domestic. We have the Rule41 extension, which runs into this very same issue. These are all examples of an inability to recognize the truth: The Data is Nowhere.
Even more importantly, the computation is nowhere. A real computer, and there are perhaps five in the world, is a massively distributed system, making parallel computations in what is almost an organic fashion. We have yet to have good examples of how this affects our legal system, but it will, and not in the ways we would like.
No comments:
Post a Comment