Second Circuit Preview: Microsoft Challenges SCA Warrant for E-mail Contents

In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corporation, No. 13 Mag. 2814 (SDNY 04/25/14) presents the issue of the validity of a warrant issued under the Stored Communications Act for metadata and e-mail contents which Microsoft maintains is located in Dublin, Ireland. The magistrate judge found otherwise and refused to quash the SCA warrant. (Those researching the case must use Case No. 1:13-mj-02814-UA.)

The legitimacy of the magistrate judge’s order was reviewed and affirmed today by the District Court but it is unlikely that the issue will be resolved without appeal to the Second Circuit. Certainly with Microsoft as the future appellant, and Apple, Cisco, AT&T and Verizon as likely amici curiae (as they are in the trial court), the matter is not likely to be dropped for lack of funding.

And indeed, the case is likely governed by financial considerations. The administration of an e-mail system is crucial to understanding the case. The e-mail sent over a Microsoft system is stored in regional data centers within and without the United States. Where the information is stored is partially governed by quality of service considerations, with most accounts assigned to the nearest data center, in this case, Dublin.

Some non-content information is retained in the United States when an account is assigned to a non-US data center. Certain non-content information is retained in a data warehouse in the United States for testing and quality control purposes. Second, Microsoft retains “address book” information relating to certain web-based e-mail accounts in an “address book clearing house.” Finally, certain basic non-content information about all accounts, such as the user’s name and country, is maintained in a database in the US.

The warrant at issue authorizes the search and seizure of information associated with an e-mail account that is “stored at premises owned, maintained, controlled, or operated by Microsoft Corporation, a company headquartered at One Microsoft Way, Redmond, WA.” The specific items sought are listed in the Appendix to this article.

Microsoft complied with the search warrant to the extent of producing the non-content information stored on servers in the United States. However, it claimed that because the warrant was issued for content information outside the US, the warrant was invalid.

The key provisions regarding the warrant are contained in the Stored Communications Act, 18 U.S.C. §§ 2701-2712. The SCA authorizes the Government to seek information by means of subpoena, court order, or warrant.

The first device, an administrative subpoena, is aimed at obtaining basic customer information, such as the customer’s name, address, Internet Protocol connection records, and means of payment for the account, unopened e-mails that are more than 180 days old, and any opened e-mails, regardless of age. The Government may obtain by subpoena the content of e-mail only if prior notice is given to the customer.

A court order yields all of the above and “record[s] or other information pertaining to a subscriber [] or customer,” such as historical logs showing the e-mail addresses with which the customer had communicated. In order to obtain such an order, the Government must provide the court with “specific and articulable facts showing that there are reasonable grounds to believe that the content of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”

A SCA warrant under section 2703(a) compels a service provider to disclose everything that would be produced in response to a subpoena or order as well as unopened e-mails stored by the provider for less than 180 days. In order to obtain an SCA Warrant, the Government must demonstrate probable cause under Rule 41(d)(1) of the Federal Rules of Criminal Procedure.

Federal courts are without authority to issue warrants for the search and seizure of property outside the territorial limits of the United States. Therefore, Microsoft argued that because the warrant required acquisition of information from Dublin, it had to be quashed.

The issue is thus whether Rule 41 territorial limits on the issuance of a warrant apply to a SCA warrant. drawn from Rule 41. The magistrate judge held that if the territorial restrictions on conventional warrants were to be applied to SCA warrants, the burden on the Government would be so substantial, and law enforcement efforts would be so seriously impeded that it is unlikely that Congress intended this result.

In ruling on this, the magistrate judge was taken by the fact that the SCA was enacted at least in part in response to a recognition that the place to be searched might not be a residence, but rather the Internet and that the interposition of a ISP between the creator of a message and the recipient might mean that the ISP was the location of the evidence. Congress sought to protect ISP’s with Fourth Amendment requirements.

“Although section 2703(a) uses the term “warrant” and refers to the use of warrant procedures, the resulting order is not a conventional warrant; rather, the order is a hybrid: part search warrant and part subpoena. It is obtained like a search warrant when an application is made to a neutral magistrate who issues the order only upon a showing of probable cause. On the other hand, it is executed like a subpoena in that it is served on the ISP in possession of the information and does not involve government agents entering the premises of the ISP to search its servers and seize the e-mail account in question.”

Therefore, with regard to the ISP’s actions after service of the warrant/order, it must produce information in its possession, custody, or control regardless of the location of that information as if the warrant/order was a subpoena.

Indeed, the magistrate judge relied on the fact that “a search occurs when information from or about the data is exposed to possible human observation, such as when it appears on a screen, rather than when it is copied by the hard drive or processed by the computer.”

Thus, “[e]ven when applied to information that is stored in servers abroad, an SCA Warrant does not violate the” bar to extraterritorial application of American process.

Much of the subsequent discussion of the opinion in the briefs of amici curiae rightly goes to the larger context within which the SCA warrant operates. The economic issue centers on the loss of US business attendant to the users’ realization that storage of their metadata and content on a non-US server by a non-US ISP with no connection to the US would insure that no SCA warrant could reach them. However, it is difficult to imagine that such a consideration would affect the statutory interpretation of a criminal statute.

Some mention is made of cooperative agreements with other nations which would allow, for example, Irish authorities to gather the evidence in Dublin under a Mutual Legal Assistance Treaty. Besides the normal bureaucratic delay implied in multinational efforts of this kind, the other state normally retains discretion to deny the request assistance if it deems the request contrary to important public policy or the crime “an offense of a political character.” Ultimately, this argument is a mere distraction if in fact Congress did authorize the application of a SCA warrant in this case.

Finally, there is mention of the use of similar warrants by hostile nations such as Russia and China. However, where there is no real rule of law prevailing in a country, that country probably has no interest in the warrant process because it will seize the information without much formality. Where rule of law does prevail, such as the United Kingdom or the EU, there is little reason not to honor it. The inconvenience for the US ISP’s is simply another form of economic disincentive for them.

Thus, Microsoft’s assertive stance in this case is a blend of constitutionalism and dollars and cents. Whether principles or economics drive the case, Microsoft is adamantine, stating:

“We do not provide any government with direct access to emails or instant messages. Full stop. Like all providers of communications services, we are sometimes obligated to comply with lawful demands from governments to turn over content for specific accounts, pursuant to a search warrant or court order. This is true in the United States and other countries where we store data.” (http://blogs.microsoft.com/on-the-issues/2013/07/16/responding-to-government-legal-demands-for-customer-data/)

APPENDIX-Information Sought in the Warrant:

a. The contents of all e-mails stored in the account, including copies of e-mails sent from the account;
b. All records or other information regarding the identification of the account, to include full name, physical address, telephone numbers and other identifiers, records of session times and durations, the date on which the account was created, the length of service, the types of service utilized, the IP address used to register the account, log-in IP addresses associated with session times and dates, account status, alternative e-mail addresses provided during registration, methods of connecting, log files, and means and sources of payment (including any credit or bank account number);
c. All records or other information stored by an individual using the account, including address books, contact and buddy lists, pictures, and files;
d. All records pertaining to communications between MSN . . . and any person regarding the account, including contacts with support services and records of actions taken.

More by | James Ching James Ching , Law.com Contributor
LOAD MORE