DOJ Appeals Microsoft's Ireland Verdict
As expected, the U.S. Department of Justice has appealed a July legal victory for Microsoft, in which the software giant was relieved of having to honor a federal search warrant for data stored in an Ireland data center. The agency says that the ruling rests on a misinterpretation of law and sets a bad precedent for other cases.
“The [previous ruling] rests almost entirely on the erroneous conclusion that the enforcement of the disclosure obligation in the Warrant would be an impermissible extraterritorial application of [the Stored Communication Act, or SCA],” the DOJ filing explains.
The case—which is now over two years old—hits on issues of privacy, national sovereignty, and governmental spying. But it boils down to this: The DOJ and other US law enforcement agencies routinely and secretly demand that technology firms hand over user data, and Microsoft has had enough: This case, in particular, involves a non-U.S. citizen and data stored in an international location, and thus the US government has no legal right to that data. But the government argues that Microsoft is a U.S. company, and that the crime at the center of this case “affects U.S. residents and implicates U.S. interests.”
What is “Inside Microsoft Teams”?
“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.
In its July ruling, the 2nd U.S Circuit Court of Appeals in New York sided with Microsoft: The SCA at the center of this case applies only to data stored within the United States, it said. And U.S. service providers are not required to honor warrants seeking data stored overseas.
Unfortunately for privacy fans, the DOJ makes some compelling arguments to support its case. These include:
The location of stored data is arbitrary and not determined by law. “The [previous ruling] … concludes that the physical location of this nebulous privacy interest is in Dublin, Ireland, even though the email account holder does not choose the storage location, cannot prevent Microsoft from moving the email content into the United States or indeed wherever it chooses, and has no means to determine where Microsoft, in its own business interests, has chosen to store the data.”
This case is an exception. Citing the precedent-setting nature of this case, the DOJ argues that a pro-Microsoft ruling will “significantly limit an essential investigative tool used thousands of times a year, harming important criminal investigations around the country, and causing confusion and chaos among providers as they struggle to to determine how to comply.
This case breaks with previous precedents, and allows big tech firms to evade U.S. law. The DOJ says that this ruling breaks with “over two decades of settled SCA enforcement and compliance, in holding that a U.S.-based company can refuse to use U.S.-based facilities and employees to comply with a court-authorized disclosure, merely because the company chooses in its sole discretion to store the electronic data sought by the warrant in its own overseas servers.
Data could be anywhere at any moment in time. With datacenters all over the world, Microsoft is in a unique position to locate data where it pleases, in effect thwarting law enforcement efforts. But each company stores data differently. “Some major providers cannot easily determine where customer data is physically stored, and some store different parts of customer content data in different countries,” the DOJ notes.”To the extent content is stored abroad by the provider at the moment the warrant is served, the Opinion has now placed it beyond the reach of an [SCA] warrant, even when the account owner resides in the United States and the crime under investigation is entirely domestic.”
“Critical evidence of crimes now rests entirely outside the reach of any law enforcement anywhere in the world, and the randomness of where within an intricate web of servers the requested content resides at a particular moment determines its accessibility to law enforcement,” the DOJ argument concludes. “Not surprisingly, the [July ruling] has substantially impaired law enforcement’s ability to use a vital tool to investigate and prosecute all types of serious crime—including terrorism, public corruption, cyber-crime, securities fraud, child sexual exploitation, and major narcotics trafficking—and has thus contravened the express will of Congress that disclosure of electronic communications, with the protections of the warrant requirement, be available to aid in criminal investigations. The appeal should be reheard.”