Microsoft on Thursday won its nearly four-year battle against a New York district court judge’s warrant requiring it to turn over customer emails held on a server in Ireland.
Microsoft had complied with demands to turn over account information stored on its servers in the United States, but it had refused to give up the emails themselves, contending a U.S. judge did not have the authority to issue warrants for information stored abroad.
Microsoft two years ago lost its bid to vacate the warrant; it subsequently lost an appeal filed with the District Court for the Southern District of New York. It then appealed to the Second Circuit Court, which ruled in its favor.
The Second Circuit Court reversed the district court’s denial of Microsoft’s motion to quash the warrant, vacated its order holding the company in civil contempt of the court, and remanded the case with instructions to quash the warrant insofar as it demanded user content stored outside of the U.S.
The Court’s Rationale
In essence, the Second Circuit Court ruled that the Stored Communications Act does not explicitly or implicitly envision the application of its warrant provisions overseas.
When Congress passed the SCA in 1986, the intent of its warrant provision was to require that a neutral third party provide predisclosure scrutiny of a search-and-seizure request in order to afford heightened privacy protection in the U.S., Circuit Court Judge Susan L. Carney wrote in the ruling.
Congress “did not abandon the instrument’s territorial limitations and other constitutional requirements,” she found. The government’s interpretation of the term “warrant” would “require us to disregard the presumption against extraterritoriality that the Supreme Court re-stated and emphasized” in two earlier cases, which the Second Circuit Court is not at liberty to do.
One Giant Leap for Privacy
“This is a groundbreaking decision that helps protect privacy rights around the world,” said Lee Tien, senior staff attorney at the Electronic Frontier Foundation.
“The court recognized the vital privacy protections under the SCA, and correctly ruled that the government can’t use a U.S. search warrant to force Internet service providers to reach email stored outside the U.S.,” he told the E-Commerce Times.
The ruling “is undoubtedly a major win for citizens and companies alike,” remarked Yasha Heidari of the Heidari Power Law Group.
“It reaffirms the notion that no matter how badly certain government agencies want to apply domestic laws abroad, they’re prohibited from doing so,” he told the E-Commerce Times.
The ruling is laudable, according to Daniel Castro, vice president of the Information Technology and Innovation Foundation.
The U.S. government should have sought access to the information through a mutual legal assistance treaty rather than a warrant, he told the E-Commerce Times.
“The very fact that the ruling is being proclaimed as such a big victory indicates the sad state of affairs now prevailing,” Heidari observed.
Implications of the Ruling
In a concurring opinion, Judge Gerard Lynch urged Congress to update the SCA, which he described as “badly outdated,” to better balance current law enforcement needs and users’ privacy.
The law lets Microsoft get around an otherwise justified demand to turn over emails by simply storing them outside the U.S., he noted.
The court’s ruling “could impact decisions for business to host and store information abroad to escape the government’s intrusive behavior,” noted Heidari. “It provides a big incentive to have servers and data centers abroad.”
Law enforcement agencies long have voiced concerns about their inability to access suspects’ electronic communications.
The International Communications Privacy Act, introduced this spring in both the U.S. Senate and the House of Representatives, addresses the issue. It seeks to amend Title 18 of the U.S. Code to reform the MLAT, allowing law enforcement to obtain electronic communications relating to foreign nationals in certain circumstances.