If I’m reading the Magistrate Judge’s opinion correctly, you’re always interacting with Microsoft in the United States when you set up a Microsoft e-mail account. That’s true regardless of whether you live in New London, Connecticut or London, England. If you’re abroad, Microsoft might decide to place your e-mail on a server abroad to make it quicker for you to access your e-mail. But Microsoft in the United States maintains control of the account and maintains some records on United States servers. When a government comes to Microsoft seeking records pursuant to legal process, Microsoft activates its Global Criminal Compliance (“GCC”) team from inside the United States to gather the records. The GCC team members in the U.S. gather the records from around the world, pulling them from servers wherever they are located.
Microsoft’s decision to base everything in the U.S. might be very significant for the privacy implications of Microsoft e-mail accounts. If the U.S. government serves a warrant on Microsoft in the U.S. for the records, Microsoft in the U.S. has access to all customer data from around the world. They can get all the e-mails with a push of a button.
But Microsoft didn’t have to set things up that way. They could have designed their business so that if you sign up for an account from outside the U.S., your relationship is entirely with the company’s foreign subsidiary and the data isn’t directly accessible from inside the United States. For example, when you sign up for a Yahoo account from Europe using Yahoo.uk, Yahoo.fr, or a similar European-based service, your legal relationship is with Yahoo EMEA Limited in Dublin instead of Yahoo in the United States. My understanding is that Yahoo keeps its accounts local, apparently at least in part to limit the laws under which it can be accessed.
This difference creates the prospect that a Microsoft loss in the Second Circuit could be addressed, entirely or at least in part, by Microsoft rearranging its network.