Court Keeps Microsoft’s Irish Servers Safe From U.S.

MANHATTAN (CN) — Until Congress changes an antiquated law, federal prosecutors do not have the right to bypass the Irish government by seizing emails Microsoft stored on its Dublin servers, the Second Circuit ruled Tuesday.

One of the top privacy battles in recent history, the case stems from a federal investigation into an unknown Microsoft user connected to a narcotics investigation in late 2013.

Microsoft balked after a U.S. magistrate ordered it to turn over the user’s emails, associations, identifying information and contacts. It said the order threatened its business model, the sovereignty of other nations and the ability of tech companies to offer secure products to their users.

Though U.S. District Judge Loretta Preska sided with the government as well, a three-judge panel of the Second Circuit reversed last year.

Preska’s ruling had relied on the Stored Communications Act, but the federal appeals court found this 1986 statute outdated and ill-equipped to protect modern privacy interests.

Rather than needing a physical warrant for records stored electronically, the looser standard of the Stored Communications Act resembles a warrant-subpoena hybrid, allowing prosecutors to sidestep certain Fourth Amendment protections.

“Three decades ago, international boundaries were not so routinely crossed as they are today, when service providers rely on worldwide networks of hardware to satisfy users’ 21st-century demands for access and speed and their related, evolving expectations of privacy,” U.S. Circuit Judge Susan Carney wrote for the unanimous court in July 2016.

Prosecutors sought an en banc rehearing, but the Manhattan court shot down that effort 9-4 on Tuesday morning.

“We recognize at the same time that in many ways the SCA has been left behind by technology,” Carney wrote in a 14-page opinion explaining the order. “It is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose.”

Typically, seizures crossing national boundaries require diplomatic channels known as mutual legal assistance treaties (MLATs). Carney noted that doing an end-run around this process would invite other countries to do the same to U.S. citizens.

“With a less anachronistic statute or with a more flexible armature for interpreting questions of a statute’s extraterritoriality, we might well reach a result that better reconciles the interests of law enforcement, privacy, and international comity,” the opinion states.

Welcoming the ruling, Microsoft CEO Brad Smith also urged that Capitol Hill take action.

“We need Congress to modernize the law both to keep people safe and ensure that governments everywhere respect each other’s borders,” Smith said. “This decision puts the focus where it belongs, on Congress passing a law for the future rather than litigation about an outdated statute from the past.”

For the Brennan Center’s counsel Michael Price, who signed a friend-of-the-court brief supporting Microsoft, the circuit’s opinion is a clear signal that legislators must revamp the Stored Communications Act.

“The law itself is as old as the internet, a little bit older, and is not really in tune with privacy in a digital age,” Price said in an interview. “This is a call for Congress to overhaul the law.”

Price pointed to legislation reintroduced to the House of Representatives earlier this month to protect against warrantless searches of private emails.

Having passed in the House and stalled in the Senate last year, Price believes that the Email Privacy Act has few detractors left and is likely to pass.

The statute does not address the question of extraterritoriality, however, as highlighted in the Microsoft case.

Sen. Orrin Hatch, an archconservative Republican from Utah, has supported the Department of Justice’s expansive vision of its seizure power around the world with the Law Enforcement Access to Data Stored Abroad Act.

On the diplomatic front, President Barack Obama’s administration supported investing $24.1 million in the perpetually underfunded MLAT process to coordinate law-enforcement actions with other nations.

The White House website describing this initiative has disappeared under Donald Trump administration, which also has deleted information regarding the civil rights and protections for lesbian, gay, bisexual and transgender citizens.

Writing for the four votes in favor of a rehearing, U.S. Circuit Judges Dennis Jacobs argued that the location of Microsoft’s headquarters in the United States makes the location of the servers immaterial.

“Extraterritoriality need not be fussed over when the information sought is already within the grasp of a domestic entity served with a warrant,” the 5-page dissent states. “The warrant in this case can reach what it seeks because the warrant was served on Microsoft, and Microsoft has access to the information sought. It need only touch some keys in Redmond, Washington.”

U.S. Circuit Judges Jose Cabranes, Reena Raggi and Christopher Droney each joined Jacobs’ dissent and wrote separately as well.

The U.S. Attorney’s Office declined to comment.

%d bloggers like this: