In a surprise federal court ruling, Microsoft has won its lawsuit against the United States Government over a warrant for a customers' emails. The company has been fighting since 2013 to resist turning over the emails, which are stored in an Irish data ...
In a surprise federal court ruling, Microsoft has won its lawsuit against the United States GovernmentÂ over a warrant for a customersâ€™ emails. The company has been fighting since 2013 to resist turning over the emails, which are stored in an Irish data center. The U.S. Court of Appeals for the 2nd Circuit ruled today that Microsoft is not required to comply with a warrant for the usersâ€™ emails if the data isÂ not stored within the U.S.
Microsoftâ€™s case began in 2013, when a New York district court issued a warrant for emails and additional information about one of the companyâ€™s customers. Although Microsoft partially complied by providing some metadata and â€œnonâ€content informationâ€ about the customer, it argued that the emails themselves were stored in Ireland, and were therefore not subject to a warrant issued by a U.S. court. In 2014, a federal magistrate judge again ordered Microsoft to turn over the emails â€” but Microsoft appealed to the 2nd Circuit.
Support for Microsoftâ€™s case has poured in from industry, European government, civil liberties organizations, and even media: Amazon and Apple, the Electronic Frontier Foundation and the American Civil Liberties Union, and CNN and the Washington Post all signed on to amicus briefs in the case. The Irish government backed Microsoft as well, arguing that the U.S. could pursue the data through existing treaties with Ireland rather than trying to circumvent the countryâ€™s sovereignty with a U.S.-based search warrant. â€œForeign courts are obliged to respect Irish sovereignty,â€ the countryâ€™s lawyers argued in a legal brief.
The case has garnered international attention and has been a lightning rod for debates about how and when law enforcement should be able to access online data. The Supreme Court seemed to tip in favor of extending government access to online information, regardless of where the data is stored, when it approved changes to Rule 41 in April. The change would allow judges to issue search warrants for electronic media even if it is not located in the judgeâ€™s county (Congress is currently working to block the changes).
However, the 2nd Circuit wasnâ€™t swayed by the Supreme Courtâ€™s acceptance of the Rule 41 modifications. Judge Susan Carney wrote in the courtâ€™s decision that Rule 41 only expanded a judgeâ€™s authority to issue warrants within U.S. territory, not beyond it.
â€œThe application of the Act that the government proposesÂ â€•Â interpreting â€˜warrantâ€™ to require a service provider to retrieve material from beyond the borders of the United StatesÂ â€•would require us to disregard the presumption against extraterritoriality,â€ Carney wrote. â€œWe are not at liberty to do so.â€
Although the government mayÂ appeal the case further and it may eventually land before the Supreme Court, Microsoft celebrated its victory.
â€œWe obviously welcome todayâ€™s decision by the Second Circuit Court of Appeals,â€Â Microsoftâ€™s president and chief legal officer Brad Smith said in a statement. â€œIt makes clear that the U.S. Congress did not give the U.S. Government the authority to use search warrants unilaterally to reach beyond U.S. borders. As a global company weâ€™ve long recognized that if people around the world are to trust the technology they use, they need to have confidence that their personal information will be protected by the laws of their own country.â€
The courtâ€™s decision will likely be hailed as a win by other industry giants. Many companies rely on overseas data centers for their infrastructure, and Ireland is a particularly popular location â€” Google, Facebook, and other companies all use data centers there because of its cool climate and tax incentives.
However, the ruling could drive governments to push for data localization rules that would require companies to store data within their borders. â€œThe Microsoft case is a real world data point that sort of summarizes a situation thatâ€™s been happening over the last several years,â€ Lee Tien, a senior staff attorney for the EFF, explained. â€œThe data that cops normally look at or normally want to get for criminal investigations, even for garden variety sorts of investigations as opposed to terrorism, is often going to be fond in the servers of a company thatâ€™s in the cloud. And therefore the server may be located outside of the territorial jurisdiction of the country that is investigating.â€
As law enforcement struggles to access data, legislators might use the excuse to require companies to store user data locally. Russia enforces a data localization rule, and Brazil and France have considered similar legislation.
â€œWhat we have not had so far is a particularly good, well-informed and honest debate about these issues,â€ Tien added. â€œI donâ€™t think weâ€™re ever going to think data localization is a good policy. Itâ€™s very bad for innovation.â€
Although Microsoft has triumphed in this case, its other battle with the U.S. Government continues â€” the company is still suing the Justice Department over gag orders that prevent it from informing customers when the government demands access to their data.
This post has been updated with additional information about data localization.
Featured Image: Ken Wolter/Shutterstock
usps usps tracking us bank usaa usa today usa usa jobs us weekly us map usa map