Warrants

Supreme Court to Decide if Data Stored Overseas Can Be Demanded with Warrants

Microsoft resisted order for emails on servers in Ireland.

|

Microsoft
Imagine China/Newscom

The Supreme Court agreed today to hear and rule whether the federal government can demand access to emails and other data files when they are stored in another country.

In United States v. Microsoft Corp., the Department of Justice has been trying since 2013 to get access to emails of a Microsoft customer, looking for evidence this person was involved in drug trafficking.

Some of the suspect's data was being stored on a server in Dublin, Ireland. Microsoft has turned over data stored within the United States, but argued, even with probable cause warrants, the feds did not have the authority to make them hand over foreign-stored info. Privacy advocacy groups, tech companies, and the U.S. Chamber of Commerce are on Microsoft's side here. The Department of Justice and 33 states (and Puerto Rico) are on the other.

Several court rulings have upheld Microsoft's argument, but the full 2nd Circuit Court ruling was split 4-4. This split keeps the ruling in Microsoft's favor, but there's a clear disagreement among judges about the limits of the authority of the Stored Communications Act—the 1986 federal law that oversees forced disclosures of data by third parties like tech companies.

The Justice Department, of course, went full 9/11, arguing limits to their warrant authorities would jeopardize terror investigations. Microsoft, meanwhile, worries about the reaction if the United States sets a bad example here. Via Reuters:

"If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what's to stop the government of another country from getting your emails even though they are located in the United States?" Brad Smith, Microsoft's president and chief legal officer, said in a blog post on Monday.

The Justice Department said in its appeal that the lower court ruling "gravely threatens public safety and national security" because it limits the government's ability to "ward off terrorism and similar national security threats and to investigate and prosecute crimes."

Reuters notes that tech companies are also concerned that customers may not trust the privacy cloud-based computing services if governments could seize their data.

The Justice Department, on the other hand, worries that companies would be able to deprive the government of access to domestic data and communications simply by storing it all overseas. That outcome, frankly, sounds kind of awesome.

This is a highly technical case that will probably produce a fairly specific ruling about Congress' intent with the Stored Communications Act and the limits of what that law authorizes. Do not expect a broad ruling about the either the limits of warrants under the Fourth Amendment nor a revised view of the limits of the Third-Party Doctrine that allows the government to access data about private citizens that is stored by tech companies and private firms.

Read the Justice Department's petition here.

NEXT: John Dickinson comes into prominence

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. The Justice Department, of course, went full 9/11, arguing limits to their warrant authorities would jeopardize terror investigations.

    The drug scourge no longer cutting it?

    1. Yes, and the War on Sex Trafficking hasn’t caught on as fast as they’d hoped it would.

      1. The War on Sex Robots will eclipse all these efforts. Crusty’s chagrin will know no bounds.

  2. The USG must have it all… because…

    TERRARISTS!


  3. Reuters notes that tech companies are also concerned that customers may not trust the privacy cloud-based computing services if governments could seize their data.

    As if we should trust them now, what with hackers stealing information from major companies left and right. Cloud services are just one of many ways that you have already given up many ‘rights’ to use. Functionally, they own all your data. No one reads the various TOS for those services, apparently.


    The Justice Department, on the other hand, worries that companies would be able to deprive the government of access to domestic data and communications simply by storing it all overseas. That outcome, frankly, sounds kind of awesome.

    Since they shouldn’t have access to those things anyway without probable cause and a warrant, excuse me while I shed zero tears.

    The weird thing about this case is, who was already assuming that the government was using Microsoft and other companies as ‘legal’ listening devices on foreign nationals? I was! I imagine they still are, too, since this case appears to purely focus on Americans using American companies who happen to use storage facilities in foreign nations. No mention on what this means for foreign nationals using American platforms, by design!

    1. The case as it stands is that the Feds had a properly obtained warrant.

      1. Correct, much like how ‘technically’ the government has a properly obtained warrant in FISA cases where the rule of law is ‘technically’ followed even while it results in people’s rights being trampled.

        1. Point is that Microsoft is not disputing the propriety of the warrant in a general sense, just in a very narrow specific.

        2. I should clarify that my opinion doesn’t necessarily reflect on this case in particular. In this particular case, a United States warrant doesn’t mean jack or shit for Irish police, warrant or no.

          I suspect, however, that the ruling will go like this:

          American Company, American owned Assets, thus the warrant applies. This assumes that the servers in question are actually owned by Microsoft itself directly. If they’re using an Irish data farm, it would seem to me that the owner of the data is still Microsoft so the warrant would theoretically still apply and thus I would expect the court to decide that way. I.E. Microsoft must give them the data, since the data itself doesn’t belong to an Irish company. This assumes much though, since Corporate ownership can get…muddy.

          I’m more angry over the fact that I know American data isn’t particular safe from the government here in the United States. At question here is if American owned assets in foreign nations has more protections than American owned assets in America, so forearmed with that knowledge we already know what they will decide.

  4. “If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what’s to stop the government of another country from getting your emails even though they are located in the United States?”

    Clearly covered by the “it’s different when we do it” clause of the Constitution.

  5. I’m just curious as to what happens when Ireland gets the silly idea that American law doesn’t apply in Ireland and they tell the US government to fuck off.

    1. They wouldn’t do that if that famous Irishman, President O’bama, were still in office.

      1. Nice

  6. If the court has jurisdiction over Microsoft and over the suspect, then justice should not depend on where Microsoft happened to store a few electrons. This seems like a ridiculous argument to me as a disinterested third party.

    If you want your emails to be under Irish jurisdiction then you should store your emails with an Irish company that promises to keep them in Ireland.

    Meanwhile, I suppose we have an extradition agreement with Ireland. Can we have the data extradited?

    Could the court order Microsoft to reset the password so that the Feds can retrieve the data?

    Or simply hold the suspect in contempt until he divulges it? Isn’t that the current precedent?

  7. Assumes that the probable cause is legit: 4 years, and no-one at Justice thought to call up the Dublin police and ask for a little help? Can you get a Queen’s warrant, and get the info for us?

  8. What is stopping foreign government’s from attempting to seize data held on USA based servers? It certainly is not the US Constitution, it does not apply.

    Furthermore, it does not seem that the tech companies are that jealous of their customers rights when dealing with foreign governments. At least not governments eith populations they fear lising access to.

    If the government seizing data is a fear, alright, but the government already has the power to seize data on US servers with a properly obtained warrant, so I am not sure how that is such a big objection.

  9. Do not expect a broad ruling

    I never do.

  10. If the court has jurisdiction over Microsoft and over the suspect, then justice should not depend on where Microsoft happened to store a few electrons. This seems like a ridiculous argument to me as a disinterested third party.

    If you want your emails to be under Irish jurisdiction then you should store your emails with an Irish company that promises to keep them in Ireland.

    Meanwhile, I suppose we have an extradition agreement with Ireland. Can we have the data extradited?

    Could the court order Microsoft to reset the password so that the Feds can retrieve the data?

    Or simply hold the suspect in contempt until he divulges it? Isn’t that the current precedent?

Please to post comments

Comments are closed.