Microsoft’s data center in Dublin, Ireland (Microsoft)
Prosecutors are urging a federal judge to affirm their right to use a warrant to seize an off-shore email account maintained by Microsoft.
Countering claims by the computer giant and other cloud service providers that digital information it stores on a server in Dublin, Ireland is off-limits to U.S. law enforcement, the government filed papers late Wednesday saying the warrant does not violate the presumption against extraterritorial application of U.S. laws because it is not, in fact, extraterritorial.
“The warrant properly requires Microsoft to disclose data under its control, regardless of where Microsoft has chosen to store the data,” Assistant U.S. Attorneys Serrin Turner and Justin Anderson said in a memorandum asking Judge Loretta Preska to uphold a magistrate judge’s refusal to quash a subpoena for the email account.
Microsoft had argued that the power to search and seize under the Fourth Amendment stops at the edge of U.S. territory, and it would sets a dangerous precedent to allow U.S. law investigators to reach the overseas servers.
But Turner and Anderson said Microsoft’s argument was contrary to U.S. law and dangerous in an era when “email and other electronic communications are used extensively by criminals of all types in the United States and abroad, from fraudsters to hackers to drug dealers, in furtherance of violations of U.S law.”
In April, Magistrate Judge James Francis said the Stored Communications Act in the Electronic Communications Privacy Act of 1986, 18 U.S.C. §§2701-2712, gave investigators the authority to obtain data from Internet service providers stored outside of the territorial United States (NYLJ, April 29).
Congressional intent reflecting the physical realities of the Internet and the needs of law enforcement, he said, showed that the “property” to be searched is with the Internet service provider itself, and not at the physical location of the server.
Microsoft appealed to Preska, filing objections June 6 saying the decision allows U.S. law enforcement to roam far and wide, violating privacy at a time when “Microsoft and other U.S. technology companies have faced growing mistrust and concern about their ability to protect the privacy of personal information located outside the United States.”
Fueling that mistrust has been the revelations by former NSA systems analyst Edward Snowden about the widespread interception and gathering of phone and Internet data by the United States.
Microsoft had argued that “The government’s position in this case further erodes that trust, and will ultimately erode the leadership of U.S. technologies in the global market”—a position shared by amicus curiae Apple, Cisco Systems, Verizon Communications and AT&T in papers that have been or will be filed with Preska before oral argument on July 31.
Microsoft lawyer Guy Petrillo of Petrillo Klein & Boxer argues that Federal Rule of Criminal Procedure 41 governed the warrant, and federal courts cannot approve search and seizure warrants for property outside of U.S. territory. In framing his argument, Petrillo said enforcing the subpoena “would violate international law and raise serious foreign policy concerns.”
Francis, in his April opinion, held that Congress in passing the Stored Communications Act created a “hybrid: part search warrant and part subpoena,” recognizing “that the Fourth Amendment protections that apply to the physical world, and especially to one’s home, might not apply to information communicated over the Internet.”
Francis also said that, “If the territorial restrictions on conventional warrants applied to warrants under section 2703, the burden on the government would be substantial and law enforcement efforts would be seriously impeded.”
In its amicus filed June 10, Verizon, through Michael Vatis and Jeffrey Novack of Steptoe & Johnson, argued that, under the Supreme Court case of Morrison v. Nat’l Austl. Bank Ltd., 561 U.S. 247 (2010) the presumption that U.S. laws do not apply outside of the United States has not been overcome. Contrary to Francis, the attorneys say the “legislative history makes plain that Congress intended that the act not apply extraterritorially.”
Vatis and Novack say allowing a U.S. search warrant to obtain communications stored abroad would both “dramatically increase harm to American businesses” and “would create a dramatic conflict with foreign data protection laws.”
European officials have already weighed in, they said, with a European Commission spokesperson stating the commission’s policy is “data should not be directly accessed or transferred to U.S. law enforcement authorities outside formal channels of cooperation,” such as mutual legal assistance treaties or side agreements authorizing such a transfer.
Attorneys Marc Zwillinger and Kenneth Dreifach of ZwillGen, PLLC, counsel for Apple and Cisco, said in their memorandum that allowing the government to bypass the mutual legal assistance treaties “will place providers at risk of sanction in foreign countries.”
But the government’s position is that those channels are cumbersome and time consuming and would frustrate a criminal inquiry.
On Wednesday, Turner and Anderson said that Microsoft raised none of the usual arguments in resisting compliance, including that Francis may have erred in determining the email account was likely to contain evidence of a crime when he approved the warrant in December, or that the company’s business activities place it outside the jurisdiction of the court.
“Instead, Microsoft contends, without supporting authority, that because it has chosen to store certain business records overseas, it need not comply with a valid court order requiring disclosure of the records,” the prosecutors wrote.
They called Microsoft’s analogies of the SCA warrant to search warrants for physical premises “inapt.”
“Overseas records must be disclosed domestically when a valid subpoena, order, or warrant compels their production,” they wrote. “The disclosure of records under such circumstances has never been considered tantamount to a physical search under Fourth Amendment principles, and Microsoft is mistaken to argue that the SCA provides for an overseas search here.”
Microsoft stores subscriber emails and other customer data in data centers that are close to where its customers are located, but the prosecutors said the company “takes no steps, however, to confirm that the subscriber resides in, or is logging in from, the specified country.”
They took issue with Petrillo’s claim that the Stored Communication Act warrant gives law enforcement the power “to break down the doors of Microsoft’s Dublin facility.”
“When the government serves a provider with an SCA warrant, the power being exercised is not a temporary dominion over the provider’s private property as entailed in a physical search warrant,” Turner and Anderson wrote. “Instead, the government is exercising a power to compel the provider to produce records in its possession, subject to judicial sanction, as entailed in a subpoena.”
“Under longstanding precedent,” they added, “courts may order the domestic disclosure of records regardless of where they are stored.”
They also took aim at Microsoft’s contention that U.S. foreign relations would be damaged if prosecutors had the power to subpoena records stored abroad, and other countries would retaliate by seizing electronic data stored in the United States.
“Aside from being purely speculative, such concerns are exclusively for the consideration of the political branches,” they wrote.
As for Microsoft’s claim that compliance with the Stored Communication Act would damage its business, the prosecutors said that was “ultimately beside the point.”
“The fact remains that there exists probable cause to believe that evidence is a violation of U.S. criminal law, affecting U.S. residents and implicating U.S. interests, is present in records under Microsoft’s control,” they said.
Microsoft, they noted, has all “the rights and privileges of doing business in this country, including in particular the protection of U.S. intellectual property laws,” and it has “corresponding responsibilities,” including complying with U.S. legal processes.
“Microsoft should not be heard to complain that doing so might harm its bottom line,” they said.
The case is In the Matter of a Warrant to Search a Certain Email Account Controlled and Maintained by Microsoft Corporation, 13-mj-02814.