Constitution Daily

Smart conversation from the National Constitution Center

Microsoft seeks to shield emails stored overseas from U.S. prosecutors

August 1, 2014 by Nicandro Iannacci


BalticServers_data_centerIn the first case of its kind, Microsoft is disputing the U.S. government’s power to force the company to turn over a user’s emails stored in a data center overseas.

Last December, U.S. Magistrate Judge James Francis issued a warrant requiring the tech giant to produce the emails of a particular user whose identity and nationality have not been publicly revealed.

Microsoft provided data found on U.S. servers but refused to supply data stored in Ireland, contending that prosecutors don’t have the legal authority to conduct “searches and seizures” outside of the United States. In April, Judge Francis dismissed the company’s objections.

Hearing the case on appeal, Chief Judge Loretta Preska of the U.S. District Court for the Southern District of New York agreed with Judge Francis, ruling on Thursday to uphold the warrant. Microsoft says it will appeal the decision.

The Stored Communications Act, passed in 1986 as Title II of the Electronic Communications Privacy Act, attempts to adapt Fourth Amendment protections to the digital world. The SCA is widely understood to apply only within U.S. territory.

That understanding, however, does little in the way of resolution here. Indeed, as Orin Kerr, professor of law at George Washington University, documented at length for the Volokh Conspiracy, the question of territoriality rests at the heart of the case.

For example, if one believes territoriality depends on the location of the communications provider, then the government is acting within the United States. According to that framework, because Microsoft is headquartered in Washington state, prosecutors can legally conduct a search and seizure of its data abroad.

In finding against Microsoft’s objections, Judge Francis did not explicitly embrace that argument. Instead, he pointed to the special nature of orders issued under Section 2703(a) of the SCA. Both search warrant and subpoena, these “hybrids” enable the government to sidestep the geographic limits of a traditional warrant.

Judge Francis also said that no search or seizure would take place until government officials actually looked at the content of the data. Its mere retrieval from Ireland would not count as such.

Microsoft disputes the judge’s ruling on both counts, contending that territoriality is dependent on the location of the data and very much at play in this case.

The company says prosecutors would be conducting an illegal search and seizure outside the nation’s borders instead of honoring the appropriate process for obtaining data abroad: cooperation through mutual legal assistance treaties established with Ireland and other nations.

“As we look to the future, we think this is an important case that raises important issues for governments around the world,” said Brad Smith, Microsoft’s general counsel and executive vice president, in remarks on YouTube.

“[Our lawsuit] basically urges the U.S. government to work with other governments to ensure that, when governments seek data that exists in data centers in other countries, they act pursuant to the rule of law, they respect legal processes, and they respect the legal rights of people who live in other places,” he said.

Victoria Espinel, president and CEO of the Software Alliance, suggests a victory for the government would have negative consequences for U.S. citizens.

“Extending U.S. law outside our country’s borders would make non-U.S. individuals and companies reluctant to do business with service providers that have operations within the United States,” Espinel argued in an op-ed for the National Law Journal. “Moreover, if the U.S. government decides it can demand information in other countries, other governments will follow suit and force technology companies to turn over the private information of American citizens.

“This chaotic and routine infringement of sovereign territory is unsustainable as a framework for collecting private citizens’ communications and other personal information internationally,” she added.

But Kate Westmoreland, a non-residential fellow at the Center for Internet and Society at Stanford Law School, suggests the right answer is not as clear as Microsoft would have the public believe.

“I think it’s important to note that being on the opposite side to the government is not necessarily the same as being on the user’s side,” she wrote. “In some instances, Microsoft’s approach might result in stronger user protections, but in others it would not.”

“This is something that we need to get right,” Westmoreland concluded. “The Microsoft case is a wakeup call that the current system is not doing a good job at serving either the needs of users or the needs of business.”

Nicandro Iannacci is a web strategist at the National Constitution Center.

Recent Stories on Constitution Daily

Submit your questions for another edition of ‘Ask Jeff’

Constitution Check: Would marriage for gays be a newly created right, or recognition of an old right?

Obama immigration executive orders could force showdown

What Supreme Court justices are saying on their summer vacations

Sign up for our email newsletter