The U.S. Supreme Court on Tuesday will hear oral arguments in a landmark case over whether federal law enforcement can force Microsoft to hand over email stored in an overseas data center as evidence in a drug-trafficking case.
The case, United States of America v. Microsoft Corporation, which dates back to 2013, is viewed as a potentially groundbreaking showdown over data privacy in an era when increasing amounts of information are stored in the cloud and reside in third-party jurisdictions. At the heart of this case is a data center in Dublin.
The case has garnered attention from technology rivals in Silicon Valley, a host of privacy and open technology organizations, foreign governments, legal scholars, and public officials. Twenty-three amicus briefs had been filed on behalf of Microsoft as of last month.
The Second Circuit Court of Appeals in 2016 ruled 3-0 in favor of a challenge brought by Microsoft, which argues that a U.S. warrant could not compel the company to hand over private email data stored in a foreign data center.
The DoJ demand “ignores borders, treaties and international law,” Microsoft Chief Legal Officer Brad Smith wrote in a post published online last month.
It also poses a risk to the U.S. economy, he added, as the U.S. has led the way in the international growth of cloud computing and has a major stake in the integrity of the information stored in multinational data centers across the globe.
Beyond the Law
Existing law does not permit the U.S. government to intrude on the privacy rights of other nations, according to privacy advocates.
“The Electronic Privacy Information Act was never intended to provide a basis for law enforcement agencies in the United States to seize personal data in a foreign jurisdiction,” said Marc Rotenberg, president of the Electronic Privacy Information Center. “The Supreme Court should follow the presumption against the extraterritorial application of U.S. law.”
A ruling in favor of the DoJ in this case could trigger a trade war between the U.S. and the European Union over transborder data flows, he warned.
The Electronic Frontier Foundation last month filed an amicus brief, as did the Brennan Center for Justice, the American Civil Liberties Union, Restore the Fourth, and the R Street Institute, raising major concerns about the impact a ruling against Microsoft would have on data privacy, noted Adam Schwartz, senior staff attorney at EFF.
The federal government should be able to access that data only by using its existing treaty relationships with Ireland, which would provide additional protections against access, the EFF has argued.
The EFF also has raised concerns about a privacy-related bill introduced in Congress earlier this month. The Clarifying Overseas Use of Data (CLOUD) Act — sponsored by Sens. Orrin Hatch, R-Utah; Lindsey Graham, R-S.C.; Chris Coons, D-Del.; and Sheldon Whitehouse, D-R.I. — would give federal agencies and even local law enforcement the ability to access electronic data anywhere around the globe, regardless of where a person lived.
The bill also would authorize the president to enter into bilateral executive agreements with other countries that would allow each government to access user data stored in the other country, without having to abide by its privacy laws.
“Under the CLOUD Act, the president could unilaterally pick the countries they want to give this power to,” the EFF’s Schwartz told the E-Commerce Times.
One concern is that the bill would allow the president to enter an agreement with a country that had a history of repressive behavior or free speech limits, like Turkey or Saudi Arabia. Such a country could intercept phone calls or other forms of communication to use against its citizens living in the U.S.