A court in Dendermonde, Belgium, today found Internet company Yahoo guilty of withholding personal account information linked to Yahoo e-mail addresses. The court told the company to cough up a €55,000 fine right away and an additional €10,000 for each day it keeps refusing to hand over the user data. (or $69,197 and $12,590, respectively)
(Update: statement from Yahoo below)
Yahoo got fined for its unwillingness to cooperate in a cyber-criminal investigation which prompted Belgian authorities to subpoena detailed account data for a number of e-mail addresses used by a gang of alleged internet cons. Yahoo’s defense was that it would only respond to requests from American authorities, while the Belgian investigators claim it should turn over the data at their request too because the company operates its services in Belgium. Also worth noting is that the judge is being quoted as saying that this procedure for requesting data “poses absolutely no problem with Google and Microsoft”.
The court ruled in favor of the investigators: Yahoo got the maximum penalty.
We’ve contacted the company to get an official statement about the court’s decision, which was made public just a couple of hours ago. In an interview with a Belgian news magazine, a Yahoo spokesperson apparently said it’s going to appeal the decision, and that it has every intention of cooperating with national authorities as long as the standard procedures are being put into practice.
Update: statement from Yahoo:
We strongly disagree with the court’s ruling and plan to file an immediate appeal.
Yahoo! Inc., a U.S. corporation, does not have business operations in Belgium and does not maintain the customer information at issue in Belgium. The United States and Belgium have a formal international treaty which the prosecutor should have followed to properly seek information from a U.S. company.
Yahoo! is not withholding information from the Belgium government. We have a legal and policy basis for not disclosing information in this type of case until the recognized international legal process is followed. We have raised this issue with the U.S. Government.
This decision could have negative implications for all foreign companies by unduly expanding the application of a law that should not apply to a company organized outside of Belgium and without a presence in Belgium.
You may remember the ruckus that was raised when Yahoo complied to Chinese authorities and gave up personal account information that ultimately led to imprisonment of a political dissident back in 2007. The company received a mountain of criticism over that decision, with some people even calling Yahoo management moral pygmies and drawing comparisons to a company trading with Nazi Germany.
Perhaps this is still sour grapes in Sunnyvale, and the company now simply thinks twice before handing over user data at simple request.
(Image from Engadget)
How can you compare Belgium to China?
If the information requested would help with the prosecution of criminals, Yahoo should have complied long time ago.
The comparison is based on the fact that the requests are the same.
And as to your second claim, that’s the point of contention, now isn’t it?
How can’t you compare this situation to the China one in 2007?
The info they gave to the chinese gov helped them prosecute a criminal in their country. That’s the same thing the belgium gov is asking for here.
@Roy and Eric. This is the difference: Belgium is a *civilized* country, China is anything but, typical of a communist regime. Sorry but you both are not able to realize this from your cozy office and your keyboard…
I lived in Beijing for 6 years and was detained once in my office and another time on the street, for no reason. In china you are guilty of what the authorities say you are guilty of. If you go to trial, you will be guilty again if the “authorities say so.”
On both instances, I was in jail in solitary confinement for about 10 days, and was released with not explanations of any kind, with no recourse of any type.
BTW, my wife called the US embassy and someone came to talk to me and although many promises were made, nothing, *NOTHING* was done to help me.
I was released because my Chinese father-in-law, a wealthy, well-connected businessman, was able to “buy” my release from jail after paying $50K to a corrupt government official.
Hope you think hard and see the difference –Here in Belgium, we can go about our business without fear of being arrested on the streets for no reason at all. In China, anything goes.
So, the situations are not the same.
Belgium is a rogue regime. When a government forces an entity to hand over data, they are not respecting private property right and privacy.
Who say Belgium is better than China? You might want to check your fact.
you’re funny
@tom
you are ignorant. the US is rogue regime…. here in the states, they just stole billions and billions of dollars, and handed it over to wealth business men. This is not any better
The situation is pretty much the same in India (as mentioned about China above).
It still seems as though Yahoo doesn’t know how to pick their battles wisely.
Worth much more than the fine in good publicity for them protecting users privacy
For once good decision Yahoo
Protecting user information is important for a consumer Internet company. It’s better to go down fighting than to rollover for the Belgium court. Handing over user information would set a bad precedent for similar cases.
Protecting the identities of cyber criminals and political dissidents aren’t the same thing.
Protecting the identities of cyber criminals and political dissidents aren’t the same thing.
Exactly. Cybercrime is just too big of a problem.
Free email and blogging services, provided by yahoo, google and microsoft are the biggest enablers.
Yahoo is right. This is utter BS. What goverments fail to realize is that users dont mind transparency as long as they are being open themselves, and release employees data.
You guys are forgetting one thing. Let’s take a senario that occurs daily in the United States.
Let’s say that a patient has a psychiatric history and that he/she is now a suspect in a crimanl investigation. With the help of the local judge, the police can issue a “Subpoena Duce Decum” to the physician of that patient since the patient has a history of phyciatric illness and that the investigators want to know if the illness had anything to do with what the patient did as a suspect.
Other types of cases include school principals having to give information about a student if the student is a suspect.
This is just a small example of how much power authorities really have once they get the permission from the loal judge. Basically, once you become a primary suspect, you will most likely lose some level of privacy.
And let’s not forget that any company that operates in any country must respect the local laws and regulations of each country they operate in. If there are cyber criminals running around in a certain country and they suspect that one company has the information they need to catch them, then with the order of the local judge they can get that information. Of course, that will only work if the company in question is operating in that country (which is so in the case of Yahoo and Belgium).
In that case, Yahoo was wrong to hold back that information. What if those cyber criminals operate here in the US as well? What if by holding back that information, the cyber criminals will be able to victimize more innocent people?
As for the case of China, that is the same case.
I would not say Yahoo is wrong. They don’t say that they will not comply, they just indicate that Belgium should follow the already established procedure for this situation, and with that I agree. Look at the bigger picture of establishing a precedence of bypassing the established treaty.
Sorrym but both you and Belgium are wrong. Yahoo does not “operate” in Belgium. The company resides and operates in the United States. Their web services can be accessed from Belgium, true, but over the internet. If they’re not physically present in Belgium, how do they “operate” there?
In european countries you “operate” in a country as soon as one tiny website is accessible from the place in question. “Operating” does not mean that you need a physical presence here, it’s sufficient that your products/services are available through the net.
A completely other question is what a court can achieve if the company responsible for the services is somewhere else. As Yahoo states, they should have followed the legal way of contacting US authorities.
BTW, Tom: In many european countries you can get free from jail by paying lots of Euros too. Bt you don’t need to pay them to a corrupt officer, you pay them officially and legally to the governmental finance institue.
If that’s how they handle things, in any country, it needs to change. Period.
Perhaps this is still sour grapes in Sunnyvale, and the company now simply thinks twice before handing over user data at simple request.
Please don t be so naive.
If the chinese gov ask again Yahoo to provide some ID. Do you think that they will claim that their users are subject to the US law, because the (chinese) user opened his mail account in yahoo.com instead yahoo.ch?
err.. please note that yahoo.ch is not Yahoo’s china website but Swiss since .ch is swiss gtld. China’s gtld is .cn so that’ll be yahoo.cn
LOL, exactly what I would expect from the Belgian government. I lived there for a year and I don’t recommend it.
They had the worst Internet service. Download limits were set at something like 12GB @ 40 euro a month.
Anyway, I am not surprised by any of this.
Finally, I agree with something Yahoo does.
I believe the difference is Yahoo! does not operate in Belgium, but did operate in China at the time the Chinese authorities requested information.
At the time when Yahoo! complied with Chinese authorities’ request, Yahoo! was operating in China (buildings, staff, facilities). Since the fiasco with user data in China, Yahoo! had ceded control of Yahoo! China to Alibaba group and is no longer running the business there (just an investor in Alibaba).
Yahoo! is not running their business in Belgium. They do not have offices, staff and facilities on Belgian territory, so the Belgian govt has no authority over Yahoo!. Belgium needs to request a subpoena from the US Govt.
So, these are two different situations, you can not compare the two.
So, if China, today came and asked Yahoo! to hand over data for a Yahoo! user, who’s account and usage is on the Yahoo! US (not Yahoo! China), then Yahoo! does not have to comply, unless the US Govt files a subpoena.
I think Yahoo makes a valid point in their statement and is being missed or ignored by many commentors.
Yahoo feels that any request of this kind should have gone through the US Government. At this point – no matter the reason Belgium is making said request, or what the culture is like in Belgium – is fairly irrelevant.
Seems like the prosecutor should have followed proper procedure with the US Government before trying to fine Yahoo for non-cooperation.
I think Yahoo makes a valid point in their statement and is being missed or ignored by many commentors.
Yahoo feels that any request of this kind should have gone through the US Government. At this point – no matter the reason Belgium is making said request, or what the culture is like in Belgium – is fairly irrelevant.
Seems like the prosecutor should have followed proper procedure with the US Government before trying to fine Yahoo for non-cooperation.
Right on, Yahoo!
Cheers to Yahoo for holding the line on user privacy. Jeers to Google and Microsoft for not doing the same thing. Do no evil, my butt.
Wow. I applaud yahoo for what they are doing. I wish they could have stood up to China too, but it was a difficult situation. BTW, china just landed a probe on the moon. Their country ain’t shabby, for a “superpower”. Belgium ain’t shit compare to China, so don’t belittle another country until you have your fact straight. Go Yahoo!
Hold on to your property Yahoo then you can tell that idiot judge to go and jump off a bridge and commit suicide.
There is another issue at play here which I haven’t seen considered here and that revolves around a horrendous child abuse ring that operated in Belgium and left the whole population in a state of tremendous shock when it was uncovered.
It is possible that the thought of anything on this scale happening again trumps personal privacy concerns.
We had the same policy at a previous place of employment. Its very difficult to identify that someone calling or emailing from the other side of the world is legitimately entitled to that information. So if any one from another country contacted head office directly we would direct them to liaise through one of our subsidiaries in their jurisdiction; or if there wasn’t one, advise them to put an Interpol request through to the local police.
I don’t believe that Google or Microsoft would hand over information without following a similar policy.
And to those that think this is about Yahooo protecting privacy you’re only half right. If the US Authorities asked for it they would provide it.
I agree with you Allen. The only way Google or Microsoft gave up any information was through the proper channels and abiding to their company privacy policy.
The Belgium court has no jurisdiction to make such a fine. I am a bit shocked on how this was not looked into during a recess to make sure this was a valid action. It is almost like if you were a hired bounty hunter from Belgium and tried to make an arrest in the US without a warrant or vice versa (and this situation has happened many times and has been in the news too.) It cannot happen unless it is done in a legal and proper way.
Perhaps the court should go about it the right way instead of adding ridiculous fines that should have not been done in the first place.
Interestingly, this has been Yahoo!’s policy in the US forever – other Yahoo! offices/companies are less stringent about following this. The net effect is that if you are a criminal, terrorist or someone with a reason for using email covertly and you are not based in the US, your best bet is always to go for the @yahoo.com option when you sign up for an account. The company will invoke its policy and you are much less likely to have your details revealed to the authorities.
If they don’t like it they shouldn’t accept belgian adverts for their search and they should firewall belgian geo-ip data.
“Perhaps this is still sour grapes in Sunnyvale”
You probably should have looked up that phrase “sour grapes” before using it in your post.
They probably did the right thing on several counts. First, a firm like Yahoo! should not hand over data simply because it might be relevant in a case. Second, treaties and laws are structured so that a firm knows who the authority is. Work on the legal structure and solve the problem once instead of penalizing every firm that comes along. I use This digital security site for all my related questions.