On, July 14, 2016 the Second Circuit ruled in a much-anticipated case pitting Microsoft against the Department of Justice. The government sought to compel Microsoft to retrieve a client’s emails located on a server in Dublin, Ireland and produce them in the United States. The emails were sought in connection with a drug trafficking investigation. The nationality of the individual owner of the email account was not part of the record. The production was pursuant to the Stored Communication Act (“SCA”), which was passed in 1986 as part of the Electronic Communications Privacy Act to give additional protection to new fangled thing called an email. The Second Circuit held that, “§ 2703 of the Stored Communications Act does not authorize courts to issue and enforce against U.S.‐based service providers warrants for the seizure of customer e‐mail content that is stored exclusively on foreign servers.” The matter began in late 2013, when the DOJ served Microsoft with a demand under the SCA, seeking all content associated with a specific email account held by Microsoft. Microsoft produced some limited information about the email account that was on a server in the United States but refused to produce records located on a server in Dublin. Microsoft allowed itself to be held in contempt so the Second Circuit would have jurisdiction to consider the matter. The Second Circuit agreed with Microsoft, reversed the lower court and ruled that the company did not have to produce customer emails located on a server outside of the United States. The full opinion can be found here.
The SCA covers electronic documents and gives them a higher degree of protection than ordinary records such as bank records, for example. If the government’s request under the SCA was considered a subpoena, the documents would have to be produced, because the court can compel the production of documents under the custodians’ control, regardless of where they are held. But, if the SCA was considered a warrant, then the court had to decide whether the SCA had extraterritorial application.
As to the first question, the court found that production under the SCA is akin to a search warrant, not a subpoena. First, a little background from the Court’s opinion:
“Adopting the government’s view, the magistrate judge denied Microsoft’s motion to quash, resting on the legal conclusion that an SCA warrant is more akin to a subpoena than a warrant, and that a properly served subpoena would compel production of any material, including customer content, so long as it is stored at premises “owned, maintained, controlled, or operated by Microsoft Corporation.” In re Warrant, 15 F. Supp. 3d at 468 (quoting Warrant). The fact that those premises were located abroad was, in the magistrate judge’s view, of no moment. Id. at 472.
Microsoft offers a different conception of the reach of an SCA warrant. It understands such a warrant as more closely resembling a traditional warrant than a subpoena. In its view, a warrant issued under the Act cannot be given effect as to materials stored beyond United States borders, regardless of what may be retrieved electronically from the United States and where the data would be reviewed. To enforce the Warrant as the government proposes would effect an unlawful extraterritorial application of the SCA, it asserts, and would work an unlawful intrusion on the privacy of Microsoft’s customer.”
The Court found that Microsoft had the better of the argument: “The SCA’s legislative history related to its post enactment amendments supports our conclusion that Congress intended to invoke the term “warrant” with all of its traditional, domestic connotations.”
The Second Circuit then decided that the SCA did not have extraterritorial application. “The application of the Act that the government proposes ― interpreting “warrant” to require a service provider to retrieve material from beyond the borders of the United States ―would require us to disregard the presumption against extraterritoriality that the Supreme Court re‐stated and emphasized in Morrison v. National Australian Bank Ltd., 561 U.S. 247 (2010) and, just recently, in RJR Nabisco, Inc. v. European Cmty., 579 U.S. __, 2016 WL 3369423 (June 20, 2016). We are not at liberty to do so.”
Microsoft had also argued that the government had access to the information under the Mutual Legal Assistance Treaty (MLAT), adopted by the United States and Ireland in 2001. While obtaining evidence pursuant to an MLAT can be a slow process, it likely would not have taken as long as it did to litigate this case. According the Guardian, “Indeed, the Irish government had said it would have gladly helped the US Department of Justice obtain the records in question, related to a drug trafficking investigation, but they were not consulted.”
The government may appeal the decision to the Supreme Court. Or perhaps the government will seek a legislative fix. The SCA was passed in the very infancy of email and before even the birth of the World Wide Web. Congress clearly did not have the current IT environment in mind when it passed the SCA. There are competing interests of: 1) the government not being thwarted in investigations by individuals storing relevant electronic records on foreign servers; versus 2) the privacy interests of users and the sovereignty of foreign governments who want the right to control access to information within their own jurisdiction. Judge Gerard Lynch wrote in a concurring opinion that he agreed with the interpretation of the statute, but was concerned that by storing data overseas, criminals could keep electronic records outside the reach authorities. He said that a new law must be created that provides balance between law enforcement and the privacy of users.
Thanks for reading.