A showdown between Microsoft and the U.S. government will take place at the U.S. Supreme Court on Tuesday, and it could have widespread consequences for the cloud computing industry and privacy law.
The nation’s highest court will hear arguments from the Redmond, Wash., company and U.S. Department of Justice over whether the government has authority to seize customer data stored on servers in foreign countries.
Microsoft vs. United States dates back to a 2013 investigation in which law enforcement agents obtained a warrant for account information linked to a suspect in a drug trafficking case. Microsoft handed over some account data that was stored in the U.S. but refused to provide emails because they were held at a data center in Dublin, Ireland. Microsoft claimed the U.S. government didn’t have the authority to seize information stored abroad. A U.S. District Judge upheld the warrant but the Court of Appeals reversed the decision, and finally, the Supreme Court agreed to hear the case.
The case revolves around the Stored Communications Act, a 1986 law that requires law enforcement to obtain a warrant to search electronically stored communications. The act was written before the proliferation of online communication and cloud computing. Because the law hasn’t been updated for our current digital reality, the Microsoft Supreme Court case could set a new standard for warrants seeking data stored overseas.
Here’s what we can expect from Tuesday’s hearing:
Microsoft claims that the Stored Communications Act cannot be applied to data unless it is stored in the U.S. The act of locating the emails in a foreign data center and migrating them to the U.S. is a seizure and effectively means a warrant would be exercised extraterritorially, Microsoft says. The company claims that U.S. law enforcement is trying to apply a warrant across borders, which is beyond its authority.
Brad Smith, Microsoft president and chief legal officer, said a “confluence” of factors compelled the company to object to the 2013 warrant. Cloud computing was taking off and it was just months after Edward Snowden exposed controversial government surveillance tactics.
“It was a warrant that, as we looked at it, involved email that was not stored in the United States but in our datacenter in Ireland,” Smith said during a conference call last week. “And there’s never been any indication by the U.S. government or anyone else that its data that belongs to a U.S. citizen or resident.”
Microsoft also claims that if the Supreme Court sides with the DOJ, that will give other countries carte blanche to demand data held in U.S. data centers.
“The government’s position is a recipe for global chaos,” Joshua Rosenkranz, the attorney who will be arguing Microsoft’s case Tuesday said on the conference call. “One thing no one can dispute is that every country purports to regulate the privacy of and access to emails stored on their own soil.”
Nearly 300 individuals and companies in 37 countries have filed friend of the court briefs in support of Microsoft.
Justice Department’s case
The Justice Department will argue that law enforcement agents are not overreaching in their warrant because Microsoft can easily migrate the emails to the U.S. “with the click of a computer mouse.”
That is how the DOJ put it in its petition to the Supreme Court, claiming, “although Microsoft had made a business decision to store the emails abroad, it retained the capability of readily accessing and moving the emails to the United States.”
DOJ is concerned that “hundreds if not thousands of investigations of crimes — ranging from terrorism, to child pornography, to fraud — are being or will be hampered by the government’s inability to obtain electronic evidence,” should the Supreme Court side with Microsoft.
The world is watching…
The global ramifications of the case have elevated it to the world stage. On the conference call, Smith said that he is frequently approached by leaders abroad concerned about the outcome of the lawsuit. He said that Microsoft vs. U.S. sparked a series of events that lead to Europe’s landmark General Data Protection Regulation (GDPR), which passed in 2016.
“We’ve always said that it was important for us to win this case in order to win the confidence of people around the world in American technology,” Smith said. “We continue to believe that today. We’ve also always said that it is important for the law to move forward. Our concern is with the particular approach used by the U.S. government under this 1986 statute. ”
But it might not matter…
A bill called the Cloud Act (Clarifying Lawful Overseas Use of Data) is currently working its way through Congress. If it passed it would render the Microsoft Supreme Court case moot. The Cloud Act would clarify the authority of law enforcement to request data held overseas under the Stored Communications Act. However, that authority would be limited to countries that meet digital privacy and security standards and have entered into special agreements with the U.S. Big tech companies, like Microsoft, as well as lawmakers on both sides of the aisle, are supportive of the bill.
“At a time when we’ve said the courts should not allow the executive branch to take a 1986 law and turn it into something it was never intended to be — instead they should look to Congress to write a new law and for governments to negotiate new treaties — we’re in fact, I believe, on the cusp of seeing precisely that,” Smith said.