Chelsea Manning, Democratic U.S. Senate candidate for Maryland, Wikileaks contributor, and felon, registered a campaign web address that connects to a computer in Iceland. One potential explanation: putting data on a server overseas can help you hide it from authorities.
When Manning’s campaign committee registered with the Federal Election Commission on Jan. 16, it listed the official website as xyChelsea.is. A quick domain-name lookup shows that it connects to a computer (IP 22.214.171.124 ) in Iceland. There’s nothing illegal in that. But it might matter if Manning tries to evade a warrant for data stored on that computer.
Manning did not reply to multiple requests for comment, so it’s difficult to say why her campaign elected to go with a server in Iceland. But one possible explanation rests the 1986 Electronic Communications Privacy Act, or ECPA, which describes how law enforcement agencies may obtain data for investigatory purposes. Last year, the 2nd U.S. Circuit Court of Appeals held that data in computers that aren’t on U.S. soil are not subject to warrants.
The ruling emerged from a 2013 drug-trafficking case in which the government had a warrant for emails held by Microsoft. The company argued that because the relevant servers were physically in Ireland, the data they held was beyond the reach of U.S. law enforcement. The circuit court agreed, but it was a split 4-4 decision. In October, the U.S. Supreme Court announced that they would hear the case; they’ll begin hearing arguments next month.
For now, data that are stored in computers in countries, like Iceland, that are not party to the Mutual Legal Assistance Treaty, is beyond the jurisdiction of U.S. law enforcement, even via warrant and even when the data was created in the United States.
How abnormal is this? We did a quick lookup of a handful of different U.S. senate campaign websites and found them registered to computers that are located in the United States. But there can be more to offshoring campaign data than a simple DNS lookup shows. In 2016, attorney and open-source developer Ben Balter took a look at the campaign websites for a number of presidential candidates. While all of them were registered to computers that were nominally attached to the United States, several were using hosting or the web services of companies that sometimes store client and user data in overseas computers. These include companies such as Microsoft, Amazon, and CloudFlare, which “may make origin detection difficult in general,” he says.
The Supreme Court’s eventual ruling on the Microsoft case may affect how such companies — not to mention Chelsea Manning — comply with law enforcement requests and warrants.