Microsoft just got some major vindication in the ongoing battle between data privacy and the state’s ability to enforce security.
On July 14th, a federal appeals court concluded the U.S. government cannot force Microsoft to turn over customer emails stored on servers in other countries. It’s a major decision with broader implications for data privacy, diplomatic relations, and the ability of American tech companies to sell web services in Europe.
The ruling overturns a 2014 decision by a lower court stating Microsoft must comply with the warrant to hand over email data stored on servers in Dublin, Ireland. Federal agents sought the emails to help with a drug trafficking investigation. But the 2nd U.S. Circuit Court of Appeals in Manhattan voted 3-0 to reverse the earlier ruling, stating “warrants traditionally carry territorial limitations.”
In its opening brief of the appeal, Microsoft argued what kind of dangerous precedent could be set if the U.S. government were allowed to access data stored on foreign soil.
“If the Government prevails here, the United States will have no ground to complain when foreign agents — be they friend or foe — raid Microsoft offices in their jurisdictions and order them to download U.S. citizens’ private emails from computers located in this country,” the company stated.
The Department of Justice (DOJ) said it was “disappointed with the court’s decision” and hinted they may appeal. They could take the case to a higher-level court or even go straight to the U.S. Supreme Court.
“Lawfully accessing information stored by American providers outside the United States quickly enough to act on evolving criminal or national security threats that impact public safety is crucial to fulfilling our mission to protect citizens and obtain justice for victims of crime,” said Peter Carr, a Justice Department spokesman.
Many technology firms, data privacy advocates, and European officials watched the case closely with concern over how expanding U.S. power to collect data from overseas could both sour diplomatic relations and make it harder for U.S. companies to compete there. Supporters for data privacy rights included the U.S. Chamber of Commerce, Amazon.com Inc, Apple Inc, CNN, Fox News Network, and Verizon Communications Inc.
The government of Ireland officially threw their support behind Microsoft as well. “Ireland has a genuine and legitimate interest in potential infringements by other states of its sovereign rights with respect to its jurisdiction over its territory,” it said in a brief filed in 2014.
At the core of the case, the court exposed just how stale a 30-year-old online privacy protection law had become in the face of evolving technologies.
The DOJ argued they could demand all emails in Microsoft’s possession under the Stored Communications Act, a 1986 federal law. The appeals court rejected that the law applied but also urged Congress to update the “badly outdated” legislation.
“The law was enacted before today’s Internet, before cloud storage, and before huge amounts of data were stored around the world,” said Craig Newman of Patterson Belknap Webb & Tyler to NBC News. “The law is and has been chasing technology.”