A recent case against Microsoft ended in a victory for data privacy. The U.S. Court of Appeals for the Second Circuit held that Microsoft cannot be compelled to hand over customer emails stored abroad to U.S. law enforcement.
The U.S. government obtained a warrant under the 30-year-old Stored Communications Act (SCA) to access contents of emails and information of a Microsoft user. Microsoft declined to hand over the emails stored on a server in Ireland. They argued that search warrants under the SCA only apply to data within the U.S.
The government held the belief that the location of stored electronic files is irrelevant. Simply put, the files are under Microsoft’s control and they are required to produce them. Subsequently, in April 2014, a judge ruled that Microsoft must adhere to a search warrant and turn over user data to U.S. law enforcement, even if the data sits outside the U.S.
The ruling was overturned by the Second Circuit based on a narrow interpretation of the SCA. Specifically, the Second Circuit found that the SCA’s warrant provisions were not intended to apply outside the U.S.
Based on this decision, internet service providers subject to the SCA have a good argument for refusing to disclose client information held outside of the U.S. in response to a government warrant. Judge Gerard E. Lynch’s opinion mentioned the original intent, “there is no evidence that Congress has ever weighed the costs and benefits of authorizing court orders of the sort at issue in this case.”
In the ongoing battle between the concerns of privacy and law enforcement duties, this seems to be a leg up for the privacy side. Going forward, this decision could give law enforcement and investigators some trouble when dealing with foreign suspects.
Companies can disperse email or communication files throughout the world and provide users a level of protection against U.S. law enforcement. Even domestic cases could be affected if data on U.S. citizens is moved across borders and outside U.S. jurisdiction.
The call to action is for Congress to take the next step and revise the SCA to more accurately reflect the dynamic age of technology and information we’re in.