Microsoft’s data center in Dublin, Ireland (Microsoft)
Microsoft’s attempt to quash a search warrant for digital information stored on a server in Dublin, Ireland has been denied by a federal magistrate judge.
Dealing a win to federal prosecutors, Magistrate Judge James Francis IV (See Profile) rejected the computer giant’s claim that the warrant is an extraterritorial search and seizure outside of the jurisdiction of the U.S. courts and therefore should be quashed.
Legislative history reflecting the physical realities of the Internet and the demands of law enforcement led Francis to conclude that the “property” to be searched is with the Internet service provider, not the physical location of the server storing the data.
Francis granted the Southern District U.S. Attorney’s Office’s application for a search warrant on Dec. 4, 2013.
Microsoft complied with the warrant as to non-content information, but it balked when it learned that the target account, and the email content, was stored overseas.
In Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corporation, 13 Mag. 2814, Microsoft invoked Morrison v. National Australia Bank Ltd., 561 U.S. 247 (2010), where the U.S. Supreme Court held there is a presumption against the extraterritorial application of U.S. laws that can only be overcome by a clear statement by Congress to the contrary.
The motion required Francis to examine the Stored Communications Act (SCA), passed as part of the Electronic Communications Privacy Act of 1986, 18 U.S.C. §§2701-2712, which allows the government to seek information by subpoena, court order or warrant.
Here, prosecutors sought a search warrant, or “SCA warrant” under §2703(a), and the stakes were high on the motion to squash before Francis. Lorin Reisner, chief of the Criminal Division of the Southern District U.S. Attorney’s Office, represented the government, while Guy Petrillo of Petrillo Klein & Boxer, the division’s chief from 2008 to 2009, argued for Microsoft.
Petrillo contended that Federal Rule of Criminal Procedure 41 governed the search warrant, and under the rule, federal courts are not authorized to issue warrants for the search and seizure for property outside the territorial limits of the United States.
But Francis noted, “The SCA was enacted at least in part in response to the recognition that the Fourth Amendment protections that apply to the physical world, and especially to one’s home, might not apply to information communicated through the Internet.”
The government has the power to obtain data from Internet service providers (ISP) by subpoena without a showing of probable cause. Francis said an SCA warrant is really a “hybrid: part search warrant and part subpoena”—obtained on a showing of probable cause before a neutral magistrate but served on the service provider—and it “does not involve government agents entering the premises of the ISP to search its servers and seize the e-mail account in question.”
The SCA’s structure, the judge said, does not raise the issues of extraterritoriality, as “Congress appears to have anticipated that a service provider located in the United States would be obligated to respond to a warrant issued pursuant to section 2703(a) by producing information within its control, regardless of where that information was stored.”
As a practical matter, Francis said, “If the territorial restrictions on conventional warrants applied to warrants under section 2703(a), the burden on the government would be substantial and law enforcement efforts would be seriously impeded.”
And because of that burden, the judge found it “hard to believe” that “Congress intended to limit the reach of SCA warrants to data stored in the United States.
There were other practical considerations as well.
Because service providers aren’t required to verify customer information when an email account is opened, the criminally minded could simply evade an SCA warrant by providing phony information.
And, Francis said, treating SCA warrants like conventional warrants would require execution abroad through a Mutual Legal Assistance Treaty (MLAT), which he noted is a painstaking process in which signatories retain the right to deny assistance.
“Finally as burdensome and uncertain as the MLAT process is, it is entirely unavailable where no treaty is in place,” he said.
Francis rejected Microsoft’s invocation of Morrison. “The concerns that animate the presumption against extraterritoriality are simply not present here: an SCA Warrant does not criminalize conduct taking place in a foreign country,” he said. “[I]t does not involve the deployment of American law enforcement personnel abroad; it does not require even the physical presence of service provider employees at the location where data are stored. At least in this instance, it places obligations only on the service provider to act within the United States.”
Also representing Microsoft were Nelson Boxer of Petrillo Klein & Boxer and attorneys at Covington & Burling: partners Nancy Kestenbaum and James Garland and associates Claire Catalano and Alexander Berengaut.
Also representing the government were Assistant U.S. Attorneys Justin Anderson and Serrin Turner.
In a statement, David Howard, corporate vice president and deputy general counsel at Microsoft, said, “This is the first step toward getting this issue in front of courts that have the authority to correct the government’s longstanding views on the application of search warrants to content stored digitally outside the United States.”
Howard also said “To be clear, we respect the critical role law enforcement plays in protecting all of us. We’re not trying to frustrate any government investigations, and we believe the government should be able to obtain evidence necessary to investigate a possible crime. We just believe the government should have to follow the processes it has established for obtaining physical evidence outside the United States. “