A long-running legal battle between the U.S. government and Microsoft has been dismissed by the Supreme Court (PDF) after the crux of the conflict was mooted by recent legislation. The company will now be forced to provide data stored on servers in Ireland that it had previously said should be obtained through that country’s authorities. The case dates to 2013 and has become a sort of landmark on the frontier between global politics and tech. American law enforcement sought data on a user of Microsoft services in relation to a drug trafficking case; Microsoft said that the data in question was located exclusively in a datacenter in Ireland, and as such they must work out access with Irish authorities. The U.S., of course, took issue with that since Microsoft is an American company, and the argument has gone back and forth for years. So far Microsoft has maintained a slight edge , to the delight of privacy advocates everywhere, who dislike the idea that global tech services should be so vulnerable to a single country’s whims. It was on its way to a judgment by the Supreme Court, but legislators decided to intervene. The CLOUD Act , tacked onto thousands of pages of mixed bills and budgets pushed forward in a “too big to veto” omnibus spending package, changes the law so Microsoft’s arguments essentially cease to exist. Under the CLOUD Act, companies must provide information properly requested by law enforcement “regardless of whether such communication, record, or other information is located within or outside of the United States.” Microsoft itself supported this bill , along with other tech companies like Google and Apple, so this outcome won’t be a surprise. And although the CLOUD Act has its shortcomings, privacy and human rights advocates have offered cautious praise for the way it streamlines the global data exchanges that are so common now in cross-border investigations of major crimes. The company issued the following statement on the decision: We welcome the Supreme Court’s ruling ending our case in light of the CLOUD Act being signed into to law. Our goal has always been a new law and international agreements with strong privacy protections that govern how law enforcement gathers digital evidence across borders.
Enlarge / Simplified figurative process of a Cryptocurrency transaction. (credit: Mikael Häggström / Wikimedia ) Researchers have defeated a key protection against cryptocurrency theft with a series of attacks that transmit private keys out of digital wallets that are physically separated from the Internet and other networks. Like most of the other attacks developed by Ben-Gurion University professor Mordechai Guri and his colleagues, the currency wallet exploits start with the already significant assumption that a device has already been thoroughly compromised by malware. Still, the research is significant because it shows that even when devices are airgapped—meaning they aren't connected to any other devices to prevent the leaking of highly sensitive data—attackers may still successfully exfiltrate the information. Past papers have defeated airgaps using a wide array of techniques, including electromagnetic emissions from USB devices , radio signals from a computer's video card , infrared capabilities in surveillance cameras , and sounds produced by hard drives . On Monday, Guri published a new paper that applies the same exfiltration techniques to "cold wallets," which are not stored on devices connected to the Internet. The most effective techniques take only seconds to siphon a 256-bit Bitcoin key from a wallet running on an infected computer, even though the computer isn't connected to any network. Guri said the possibility of stealing keys that protect millions or billions of dollars is likely to take the covert exfiltration techniques out of the nation-state hacking realm they currently inhabit and possibly bring them into the mainstream. Read 7 remaining paragraphs | Comments