Justices to rule if data stored abroad safe from warrant
WASHINGTON — The Supreme Court agreed Monday to take on a major dispute over the government’s authority to force American technology companies to hand over emails and other digital information sought in criminal probes but stored outside the U.S.
The justices intervened in a case of a federal drug-trafficking investigation that sought emails that Microsoft keeps on a server in Ireland. The federal appeals court in New York said the emails are beyond the reach of a search warrant issued by an American judge.
The appeals judges said that when Congress wrote the law in 1986, it did not “envision the application of its warrant provisions overseas.”
President Donald Trump’s administration and 33 states told the court that the decision is impeding investigations into terrorism, drug trafficking, fraud and child pornography because other courts are relying on the ruling to prevent U.S. and state authorities from obtaining information kept abroad.
“The decision protects only criminals whose communications are placed out of reach of law enforcement officials because of the business decisions of private providers,” a Justice Department filing said.
In response, Microsoft told the justices that it is up to Congress to revise the 1986 law and noted that both houses of Congress have recently held hearings to consider overhauls.
A ruling upholding the warrant, the company warned, would embolden foreign countries to seek the emails of Americans stored in the United States.
Microsoft added that the Justice Department’s position posed a threat to technology companies by requiring them to choose between complying with a warrant and disobeying foreign laws.
“These conflicts can place U.S. companies in the untenable position of being forced to violate foreign privacy laws to comply with U.S. warrants,” the company’s brief said. “And the growing privacy concerns of customers around the world mean that granting U.S. law-enforcement agencies that broad authority would hamstring U.S. companies’ ability to compete in the multibillion-dollar cloud computing industry.”
The case is among several legal clashes that Redmond, Wash.-based Microsoft and
other technology companies have had with the government over questions of digital privacy and authorities’ need for information to fight crime and extremism.
Google Inc. and Verizon Communications Inc.’s Yahoo stopped complying with search warrants for emails and other user data stored outside the country, the Justice Department said.
However, after losing before several judges, Google “has reversed its previous stance and informed the government it will comply” with warrants, the Justice Department said in September.
In 2013, federal investigators obtained a warrant under a 1986 law for emails from an account they believe was being used in illegal drug transactions, as well as identifying information about the user of the email account.
Microsoft says its policy at the time of the search warrant was to store email content in the data center nearest to the customer’s self-declared country of residence, while keeping account information on U.S. servers.
The unidentified person at the center of the Supreme Court case registered for his account as a resident of Ireland, according to one of the lower court opinions. The company had data centers in 40 countries as of 2014, according to court documents.
Microsoft turned over the account information but went to court to defend its decision not to hand over the emails from Ireland.
The federal appeals court in New York agreed with the company.
“Hundreds, if not thousands, of investigations of crimes — ranging from terrorism to child pornography to fraud — are being or will be hampered by the government’s inability to obtain electronic evidence,” Deputy U.S. Attorney General Jeffrey Wall said in the administration’s appeal. “And the opinion cannot be defended as a protection of privacy,” he said, since agents had obtained a search warrant
based on probable cause.
The Justice Department says the logic behind the appeals court decision would apply even if the account holder were a U.S. citizen living and committing crimes in this country.
“The decision provides a roadmap for terrorists and criminals in the United States to insulate electronic communications from U.S. investigators,” Wall argued. “They need do nothing more than falsely state a location outside the United States when signing up for an account.”
Wherever the emails reside, Microsoft can retrieve them “domestically with the click of a computer mouse,” Wall told the court.
FLOPPY DISK-ERA LAW
Microsoft said the appeals court was correct to limit the use of a warrant for information held abroad.
Microsoft points to past Supreme Court cases that say laws shouldn’t be read to intrude on another country’s sovereignty unless Congress clearly says that’s its intent.
“Execution of a U.S. warrant to seize documents in a foreign country is precisely the kind of foreign incursion that the presumption against extraterritoriality was designed to prohibit, absent clear authorization by Congress,” Microsoft said in court papers.
Microsoft says the case could make Americans more vulnerable to investigations by foreign governments.
“If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what’s to stop the government of another country from getting your emails even though they are located in the United States?” Microsoft President and Chief Legal Officer Brad Smith said in his blog post.
The company said the better course is for Congress to make needed changes to bring the 1986 Stored Communications Act up to date. Bipartisan bills have been introduced in both the Senate and House of Representatives. Microsoft said the high court’s intervention would “short-circuit” the congressional effort.
Congressional efforts to address the issue have stalled in recent years. In the current Congress, Republican Sen. Mike Lee of Utah and Democratic Sen. Patrick Leahy of Vermont are pushing legislation that would update the 1986 measure.
“The current laws were written for the era of the floppy disk, not the world of the cloud. We believe that rather than arguing over an old law in court, it is time for Congress to act by passing new legislation,” Smith wrote on the company’s blog after the court acted.
Privacy scholars also have worried that the court may have trouble resolving difficult issues in a nuanced way.
Data companies have built servers around the world to keep up with customers’ demands for speed and access. Among the issues the court may confront is whether the same rules apply to the emails of an American citizen and a foreigner. Another is whether it matters where the person is living.
The Stored Communications Act became law long before the advent of cloud computing. Judge Gerard Lynch, on the New York panel that sided with Microsoft, called for “congressional action to revise a badly outdated statute.”
The case is U.S. v. Microsoft, 17-2.
It is the rare case involving a government search that does not turn on the Fourth Amendment and its protection against unreasonable searches. Instead, the legal dispute turns entirely on the 1986 law.
The high court is already considering whether law enforcement officials must get a warrant to obtain mobile-phone tower records that show someone’s location over a period of months. That case also involves the Stored Communications Act, which says officials can demand that information from telecommunications providers without getting a warrant.