What Microsoft's case means for law enforcement, cloud vendors
- By Adam Mazmanian
The United States vs. Microsoft Corp. case will have implications for law enforcment and technology vendors alike when the Supreme Court decides whether the reach of U.S. law enforcement extends to electronic communications stored outside the physical borders of the United States.
The case goes back to a 2013 drug investigation when U.S. law enforcement tried to serve a warrant to access the email account of a Microsoft user. The company said it was not bound by the order because some of the data was stored on servers in Ireland.
The case hinges on a reading of the Stored Communications Act, part of the 1986 Electronic Communications Privacy Act. The legislation allows state, local and federal law enforcement to access remotely stored communications "only pursuant to a warrant." This requirement, Microsoft argues, implicitly puts communications stored outside the jurisdiction of U.S. warrants beyond the reach of law enforcement.
Many in Congress have been seeking to update the ECPA statute, in part because it affords different sets of legal protections for communications stored on remote servers and those downloaded to a user's machine.
According to a 2017 report by the Information Technology and Innovation Foundation, the case exposes "cracks in the foundation of the current framework used by law enforcement agencies to access digital information and determine jurisdiction on the internet."
Microsoft argues that by complying with the warrant, the company would be violating the European Union's General Data Protection Regulation, which requires the use of an inter-governmental legal assistance treaty for obtaining private information as part of a legal case.
The U.S. and Ireland are party to a 2001 mutual legal assistance treaty (MLAT). In its amicus brief, the government of the Republic of Ireland said the treaty represents "the most appropriate means to address requests such as those which are the object of the warrant in question."
A consortium of trade groups and think tanks, including the U.S. Chamber of Commerce and New America's Open Technology Institute, are urging the court to reject the U.S. government's position, because of potential consequences to the cloud computing industry, while inviting retaliation.
Amazon, Google, Verizon, HP, Salesforce, Facebook and many other vendors observed in their own brief that "the modern notion of 'cloud computing' was at least a decade, if not two, away when the SCA was passed in 1986."
They argue that "Congress could not have contemplated that U.S. electronic communication providers would have the ability to store data belonging to hundreds of millions of foreign users on servers half-a-world away, and then be able to retrieve that data for U.S. law enforcement upon request."
The U.S., which is appealing the case after losses in lower courts, argues that this particular request doesn't trigger extraterritorial problems, in part because U.S.-based Microsoft employees "could prepare [the requested] disclosure without leaving their desks."
Sen. Orrin Hatch (R-Utah) is looking to pass new law to deal with the problems arising from using a 30-year-old law to govern modern data access by law enforcement. The CLOUD Act proposes new standards for cross-border investigative requests while extending the reach of U.S. warrants. Many cloud vendors are backing the bill, but privacy groups are generally opposed.
A legislative fix is needed, Hatch argues, because a court ruling in the Microsoft case will create problems no matter who wins. "Either law enforcement will lack the ability to obtain in a timely manner email and documents in the cloud that are stored overseas, or providers will find themselves caught between conflicting domestic and foreign laws," the senator said.
Adam Mazmanian is executive editor of FCW.
Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.
Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.