Cloud Computing

Microsoft Email Case Heads to Federal Appeals Court This Week

Microsoft Email Case Heads to Federal Appeals Court This Week

On Wednesday, Microsoft will face off against the U.S. Justice Department in a federal appeals court in a closely-watched case that will help determine the scope of U.S. search warrants in the digital age.

Microsoft is challenging a mid-2014 federal court ruling that determined that the software giant must adhere to a search warrant related to a narcotics investigation and turn over customer data. The rub? The customer in question doesn’t live in the United States, and his data is stored in a Dublin, Ireland-based data center.

Microsoft has been fighting this warrant since it was issued in December 2013, arguing that it is in fact illegal for it to comply, and that U.S. law enforcement agencies have no jurisdiction over internationally-held customer data. It is supported by virtually every major technology company in the United States, including competitors such as Apple and Google, and by privacy advocates, trade organizations, and even journalists, who argue that their electronically-stored documents are protected by the First Amendment to the Constitution.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

“Only Congress has the institutional competence and constitutional authority to balance law enforcement needs against our nation’s sovereignty, the privacy of its citizens and the competitiveness of its industry,” the software giant argued in a court filing. “We must grapple with the question whether, and when, law enforcement should be able to compel providers like Microsoft to help it seize customer emails stored in foreign countries.”

The U.S. Department of Justice obviously feels differently, noting that Microsoft—a U.S.-based company beholden to U.S. laws—controls access to the data, and that its U.S.-based employees can retrieve it. Muddying the waters, some of this customer’s data—his address book, apparently—is actually stored in the United States, not Ireland.

“There exists probable cause to believe that evidence of a violation of U.S. criminal law, affecting U.S. residents and implicating U.S. interests, is present in records under Microsoft’s control,” a DOJ filing explains. “With the benefits of corporate citizenship in the United States come corresponding responsibilities, including the responsibility to comply with a disclosure order issued by a U.S. court. Microsoft should not be heard to complain that doing so might harm its bottom line.”

The DOJ has its backers as well. The government of Ireland notes that the Irish Supreme Court ruled that Irish courts can in fact compel Ireland-based companies to produce electronic documents that are stored in a foreign country when directed to do so. Likewise, Irish banks can be forced to produce customer tax records regardless of their physical location.

Microsoft has lost this case at every step along the way and was even held in contempt of the court last year for its recalcitrance. The case will be appealed before the Second U.S. Circuit Court of Appeals in Manhattan starting on Wednesday, but this phase will likely not be ruled on for some number of months.

But the case is important because of recent privacy concerns related to the Snowden leaks and complaints about U.S. governmental and law enforcement overreach. Tech companies are worried that a Microsoft defeat would irreparably harm the ability of any U.S.-based firm to retain customers and grow in international markets, while others are simply freaked by the notion that the U.S. government can extend its jurisdiction outside the country. On the flipside, the DOJ notes that a Microsoft victory would lead to criminals opening digital accounts with Microsoft and other U.S. tech companies in markets outside the United States.

Given precedents, it is likely that Microsoft will be compelled to obey the search warrant. The most obvious example is a 1984 Second Circuit ruling that determined that control over records determines accessibility by law enforcement, not the physical location. In other words, if a U.S.-based company holds records overseas, those records are still accessible according to the laws of the United States, not of the country in which they’re physically stored. And as the DOJ argues, Microsoft is within the jurisdiction of U.S. courts, regardless of where it stores data.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: