The Justice Department late Thursday asked the full appeals court for the Southern District of New York to review a decision that upheld Microsoft’s refusal to comply with a search warrant for an alleged drug trafficker’s emails held in a server in Ireland.
The July ruling by a three-judge panel of the U.S. Court of Appeals for the 2nd Circuit in Manhattan was a win for Microsoft, which has argued that the court’s power to issue the warrant and the government’s authority to seize the data do not extend overseas.
Microsoft, one of the world’s largest email providers, received the warrant in December 2013. But what might ordinarily have been routine compliance with a federal law enforcement request has instead become a pitched battle over government access to digital data held overseas — one that might be headed to the Supreme Court.
The warrant came in the wake of disclosures that shed light on tech firms’ role in complying with U.S. surveillance programs, damaging the burgeoning cloud computing industry.
The law at issue is the Stored Communications Act, passed in 1986. “Congress did not intend the SCA’s warrant provisions to apply extraterritorially,” U.S. Appeals Court Judge Susan Carney wrote in the opinion. “The focus of those provisions is protection of a user’s privacy interests.”
Prosecutors argue that the panel erred. They say the law’s focus is disclosure, not privacy. There is “widespread recognition that the limit of privacy is reached where the warrant begins,” U.S. Attorney Preet Bharara argued in Thursday’s petition to the full appeals court.
Moreover, he said, there is “no infringement of the customer’s privacy” based on where Microsoft chooses to store the data. There is no extraterritorial issue, he said, because Microsoft, which is based in Redmond, Wash., has control over its servers and the act of turning over data to the government occurs in the United States.
“The opinion has created a regime where . . . private, for-profit businesses answerable only to their shareholders can thwart legitimate and important criminal and national security investigations,” Bharara said.
The dispute arises in the context of a growing challenge to governments as they seek access to digital data that zips across borders.
Microsoft and a number of tech firms and privacy groups argue that if the government’s view prevails, U.S. businesses could lose billions of dollars in revenue. They warn that foreign governments might retaliate by forcing U.S. firms to turn over Americans’ emails stored in the United States.
If Microsoft prevails, the government would be forced to request the data through a mutual legal assistance treaty (MLAT) with Ireland. The Justice Department argues that the process is cumbersome. Moreover, in the case of Google, the information is beyond the reach of an MLAT request because only Google’s U.S.-based employees can access customer email accounts, regardless of where they are stored, the department says. And major firms such as Google and Yahoo store different pieces of data for a single customer in different data centers, it says. In addition, some companies are unable to tell the government where particular data is stored.
Microsoft argues that the solution is to fix the data-sharing process, whether by reforming the MLAT process or by creating new bilateral agreements.
“Three experienced judges already agreed this 30-year-old law doesn’t apply to email content abroad,” Microsoft spokesman David Cuddy said in a statement to The Washington Post. “We want to work with Congress and the Justice Department on a modern solution that benefits both privacy and public safety rather than debating the reach of obsolete law.”