Microsoft Email Case Heads to Federal Appeals Court This Week
On Wednesday, Microsoft will face off against the U.S. Justice Department in a federal appeals court in a closely-watched case that will help determine the scope of U.S. search warrants in the digital age.
Microsoft is challenging a mid-2014 federal court ruling that determined that the software giant must adhere to a search warrant related to a narcotics investigation and turn over customer data. The rub? The customer in question doesn’t live in the United States, and his data is stored in a Dublin, Ireland-based data center.
Microsoft has been fighting this warrant since it was issued in December 2013, arguing that it is in fact illegal for it to comply, and that U.S. law enforcement agencies have no jurisdiction over internationally-held customer data. It is supported by virtually every major technology company in the United States, including competitors such as Apple and Google, and by privacy advocates, trade organizations, and even journalists, who argue that their electronically-stored documents are protected by the First Amendment to the Constitution.
“Only Congress has the institutional competence and constitutional authority to balance law enforcement needs against our nation’s sovereignty, the privacy of its citizens and the competitiveness of its industry,” the software giant argued in a court filing. “We must grapple with the question whether, and when, law enforcement should be able to compel providers like Microsoft to help it seize customer emails stored in foreign countries.”
The U.S. Department of Justice obviously feels differently, noting that Microsoft—a U.S.-based company beholden to U.S. laws—controls access to the data, and that its U.S.-based employees can retrieve it. Muddying the waters, some of this customer’s data—his address book, apparently—is actually stored in the United States, not Ireland.
“There exists probable cause to believe that evidence of a violation of U.S. criminal law, affecting U.S. residents and implicating U.S. interests, is present in records under Microsoft’s control,” a DOJ filing explains. “With the benefits of corporate citizenship in the United States come corresponding responsibilities, including the responsibility to comply with a disclosure order issued by a U.S. court. Microsoft should not be heard to complain that doing so might harm its bottom line.”
The DOJ has its backers as well. The government of Ireland notes that the Irish Supreme Court ruled that Irish courts can in fact compel Ireland-based companies to produce electronic documents that are stored in a foreign country when directed to do so. Likewise, Irish banks can be forced to produce customer tax records regardless of their physical location.
Microsoft has lost this case at every step along the way and was even held in contempt of the court last year for its recalcitrance. The case will be appealed before the Second U.S. Circuit Court of Appeals in Manhattan starting on Wednesday, but this phase will likely not be ruled on for some number of months.
But the case is important because of recent privacy concerns related to the Snowden leaks and complaints about U.S. governmental and law enforcement overreach. Tech companies are worried that a Microsoft defeat would irreparably harm the ability of any U.S.-based firm to retain customers and grow in international markets, while others are simply freaked by the notion that the U.S. government can extend its jurisdiction outside the country. On the flipside, the DOJ notes that a Microsoft victory would lead to criminals opening digital accounts with Microsoft and other U.S. tech companies in markets outside the United States.
Given precedents, it is likely that Microsoft will be compelled to obey the search warrant. The most obvious example is a 1984 Second Circuit ruling that determined that control over records determines accessibility by law enforcement, not the physical location. In other words, if a U.S.-based company holds records overseas, those records are still accessible according to the laws of the United States, not of the country in which they’re physically stored. And as the DOJ argues, Microsoft is within the jurisdiction of U.S. courts, regardless of where it stores data.