In a legal fight against the U.S. government that’s now stretched on for over a year, tech behemoth Microsoft has enlisted an impressive array of supporters. In an event held on Monday in New York, the company unveiled nearly a dozen “friend of the court” briefs signed by 28 major tech companies (including Apple, Amazon, and Verizon), 23 business trade groups, and 35 prominent computer scientists.
All of the briefs showed support for Microsoft’s position that the Department of Justice shouldn’t be able to compel the company to turn over the emails of its users held on servers located overseas without explicitly being ordered to do so by the foreign governments in question.
Last year, U.S. government officials ordered Microsoft to hand over the metadata of emails one of its users sent via Microsoft’s Outlook webmail service as part of a drug-trafficking investigation. Microsoft refused because the sever housing the data was located in Dublin, Ireland, and the Department of Justice hadn’t coordinated with Irish authorities. Instead, the feds argued that Microsoft should be required to turn over the information with the same type of search warrant the government would need to produce if the information were sitting on a server in New Jersey.
Other supporters of Microsoft include AT&T, eBay, CNN, Fox News, NPR, Salesforce, the Washington Post, the ACLU, the Electronic Frontier Foundation, and the U.S. Chamber of Commerce.
Microsoft challenged the order and subsequently lost a pair of appeals court decisions that saw judges siding with the government on its need to turn over the info.
It seems likely this case will ultimately be heard before the Supreme Court because, while its specifics may be relatively obscure, the case’s implications could fundamentally alter how people around the world use online technology.
The question at the heart of the case is really one about geographic jurisdiction. Specifically, if American law enforcement is bound by it in the digital age.
Microsoft’s email network is global, meaning that even if there’s a piece of information stored on one of the company’s servers in Ireland, a Microsoft employee wouldn’t have to physically travel across the pond to access it. Since the information is accessible though a computer located in the United States, the government argues, it doesn’t matter where data itself is parked. Therefore, a search warrant should be a sufficient legal test for law enforcement officials to turn over data held anywhere in the world.
This sentiment is not one shared by Irish officials, who argued that E.U. law requires the U.S. government to convince local law enforcement to issue its own domestic warrants. There is a process for precisely this type of thing called the Mutual Legal Assistance Treaty, but it’s so slow and laborious that President Obama recently called for its overhaul. U.S. officials would much rather use a comparatively hassle-free warrant than trudge through the weeds of international treaties every time they want to catch a bad guy whose information is being held overseas.
However, for civil libertarians, or any company in the cloud storage business, the idea that the U.S. government could unilaterally grab any data it wants from anywhere in the world is a nightmare scenario.
“We believe that when one government wants to obtain email that is stored in another country, it needs to do so in a manner that respects existing domestic and international laws,” wrote Microsoft General Counsel Brad Smith in a recent blog post. “In contrast, the U.S. Government’s unilateral use of a search warrant to reach email in another country puts both fundamental privacy rights and cordial international relations at risk.”
Foreign customers are already weary of hosting data in the U.S. due to the NSA’s dragnet of omnipresent electronic surveillance as revealed by whistleblower Edward Snowden. The implication that simply doing business with a company with a presence in the country could lead to the U.S. government having easy access—even if that data is physically hosted somewhere else—could lead to a mass exodus for America’s rapidly growing cloud storage industry.
In a blog post published on the Hill, Steve Pociask, president of the American Consumer Institute Center for Citizen Research, charged that a final ruling requiring Microsoft to turn over the emails could ultimately cost U.S. companies over $180 billion.
Convincing consumers about the ironclad security of its cloud storage business is of the utmost importance for Microsoft, which, under the leadership of new CEO Satya Nadella, is in the process of imagining itself a leader in the “cloud-first world.”
A fairly self-serving survey of American adults conducted at Microsoft’s behest by public opinion research firm Anzalone Liszt Grove found that 79 percent of respondents agreed with the statement, “the federal government should have to respect local privacy laws when trying to search through people’s personal information like their email accounts.”
Over half the respondents concurred with a follow-up question asserting that allowing the U.S. government to circumvent information privacy laws imposed by foreign governments could lead to those governments asserting a similar authority in the U.S.
“Allowing the government to use such a warrant would expose U.S. companies to legal jeopardy in other countries, which prohibit the disclosure of such data, and spur retaliation by foreign governments, which would threaten the privacy of Americans,” said Verizon General Counsel Randal Milch during Monday’s event, which also featured speakers from free speech-minded nonprofits.
“Technology has never been more personal and essential to our daily lives. People need to trust the technology they use,” agreed Center for Democracy & Technology President Nuala O’Connor. “The U.S. government’s actions risk undermining that trust and the privacy protections of people around the world, including those of U.S citizens.”
During the year Microsoft and the federal government have been duking it out, Congress has made some effort to address the question at hand.
In September, a bipartisan coalition of senators led by Orrin Hatch (R-Utah), Chris Coons (D-Del.), and Dean Heller (R-Nev.) introduced the Law Enforcement Access to Data Stored Abroad Act. If passed, the bill would allow American law enforcement to use a search warrant to compel the turnover of data held overseas if that information is contained within the account of a “U.S. person.” Information in the accounts of non-U.S. persons would only be accessible through Mutual Legal Assistance Treaty.
Privacy advocates hailed the legislation as a good first step, albeit an imperfect one. However, as with most legislation that lawmakers hoped would make it through the ringer of the least productive Congress in history, the Law Enforcement Access to Data Stored Abroad Act has yet to make it to the president’s desk.
Illustration by Max Fleishman