SAN FRANCISCO – The Department of Justice on Friday asked the U.S. Supreme Court to overturn a landmark appeals court decision handed down last summer in favor of Microsoft Corp. that put company data stored overseas mostly out of reach of U.S. law enforcement.
If the government’s petition is taken up by the high court, its decision could introduce some measure of clarity in the multiple legal battles playing out around the country over whether prosecutors can enforce warrants for private data stored abroad in the cloud.
But for major tech giants like Microsoft and Google Inc., a resolution of the issue by the court may still be less than ideal. Companies have been advocating—so far unsuccessfully—for legislation that would allow them to cooperate with U.S. law enforcement while being sensitive to other national authorities, and have argued that the current legal framework is inadequate.
“It seems backward to keep arguing in court when there is positive momentum in Congress toward better law for everyone,” Brad Smith, Microsoft’s chief legal officer, said in a blog post responding to the DOJ petition Friday. “The DOJ’s position would put businesses in impossible conflict-of-law situations and hurt the security, jobs, and personal rights of Americans.”
The case stems from a warrant issued in December 2013 by a U.S. magistrate judge in the Southern District of New York directing Microsoft to turn over a criminal suspect’s email data. Microsoft determined that the data was stored at its center in Dublin, and subsequently moved to quash the warrant. The district judge denied that request and Microsoft appealed.
The law at the center of the controversy is the Stored Communications Act, which was enacted in 1986—long before the modern Internet or cloud computing. Both the government and Microsoft agree that the law does not reach beyond the borders of the United States.
Instead, they have clashed over the “focus” of the law; in other words, whether the relevant question is where the data is stored and copied, or where the company is physically able to access the data and then produce it to law enforcement authorities.
The U.S. Court of Appeals for the Second Circuit in July 2016 ruled that the focus of the SCA is where the invasion of privacy took place—in this case, in Ireland—and not where the data is physically accessed or handed over. A sharply divided en banc panel of the appeals court in January denied a request by the government to revisit the ruling.
If the high court takes up the case, it would be the latest to come before the court dealing with the limits of law enforcement access to the vast amounts of data telecom and tech companies gather, after it granted review in a case around access to cell-tower location data earlier this term.
The Justice Department noted in its petition for certiorari Friday that prior to the Second Circuit ruling private providers of email services had long produced foreign-stored data when served with probable-cause-based warrants requiring disclosure of emails.
“In this case, the Second Circuit up-ended that practice by interpreting such a warrant to call for an impermissible extraterritorial application of the statute. That holding is wrong, inconsistent with this Court’s framework for analysis of extraterritoriality issues, and highly detrimental to criminal law enforcement,” the government said.
In the wake of the Second Circuit’s decision, companies like Google and Yahoo have been fighting warrants to hand over data. Google has essentially argued—in part because of its practice of “sharding” data into pieces spread across servers around the globe, for the purpose of network efficiency—that data stored outside the United States cannot be accessed by U.S. authorities or by authorities in any other jurisdiction. It has been losing many of those battles, although none have yet risen to a federal appeals court.
At the same time, Google top lawyer Kent Walker this week publicly said the company supports legislation that would allow countries that commit to baseline privacy and human rights principles to more easily obtain digital evidence.
Jennifer Daskal, a professor at American University’s Washington College of Law, said Friday that companies are wary of being caught in the middle of a conflict of law between two countries. But she said they are equally concerned that the DOJ’s approach might embolden countries like Russia to adopt the same philosophy—that if a company can turn over data in their jurisdiction, it must do so regardless of where the data is physically located.
Legislation that balances the different interests of national authorities, companies and users would be a better outcome than litigating the issue at the Supreme Court, she said, while noting there are currently no pending bills in Congress to address the issue. “I think having the Supreme Court take it up forces [the court] to choose between two not ideal solutions.”
At the same time, she predicted that the high court would likely rule in the government’s favor. “Given the practical consequences of the Second Circuit’s decision,” she said, “my guess is the Supreme Court is going to be concerned and interested, obviously in accordance with the law, in making sure that U.S. warrant authority in legitimate investigations is not arbitrarily confined based on where the data is located.”
Copyright The Recorder. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.