Microsoft Corporation Lawsuit Tests Reach of Federal Government

Microsoft Corporation is currently fighting a search warrant to produce customer e-mails that are stored on a server located in Dublin, Ireland.

The New York data privacy case could dramatically impact U.S. businesses as well the ability of U.S. law enforcement to obtain digital information stored overseas, all because of this case regarding the Microsoft Corporation.

The Facts of the Case

On December 4, 2013, federal prosecutors obtained a search warrant to obtain information associated with a specified web-based e-mail account that is “stored at premises owned, maintained, controlled, or operated by Microsoft Corporation, a company headquartered at One Microsoft Way, Redmond, WA.” The warrant was issued under the Stored Communications Act (SCA).

The Microsoft Corporation complied with the search warrant to the extent of producing the non-content information stored on servers in the United States. However, after it determined that the target account was hosted in Dublin and the content information stored there, it sought to quash the warrant to the extent that it directs the production of information stored abroad. The motion argued that federal courts are not authorized to issue warrants for the search and seizure of property outside the territorial limits of the United States. Rather, they must rely on the Mutual Legal Assistance Treaty (MLAT) process.

The Stored Communications Act

The SCA is part of the Electronic Communications Privacy Act of 1986. The statute authorizes law enforcement agents to obtain information from Internet service providers (ISPs) through subpoenas, court orders, or warrants. Each legal process allows the government to obtain a specific level of data.

A warrant entitles the government to the most information, including basic customer information, opened emails, records or other information pertaining to a subscriber or customer, and unopened e-mails stored by the provider for less than 180 days. In order to obtain an SCA Warrant, the government must demonstrate probable cause. The relevant section of the statute provides in pertinent part:

A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure . . . by a court of competent jurisdiction.

The Court’s Decision

In April, U.S. Magistrate Judge James C. Francis IV denied Microsoft’s motion to quash the warrant. “Even when applied to information that is stored in servers abroad, an SCA Warrant does not violate the presumption against extraterritorial application of American law,” he ruled.

In his decision, Judge Francis noted that SCA Warrants are “hybrid: part search warrant and part subpoena.” As he further explained, “The ‘warrant’ requirement of section 2703(a) cabins the power of the government by requiring a showing of probable cause not required for a subpoena, but it does not alter the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information.”

Judge Francis also concluded that SCA Warrants do not require the same protections from government overreach, particularly because it is the service provider who conducts the search. The court also highlighted that it is difficult to believe that Congress intended to limit the reach of SCA Warrants to data stored in the United States.

Most recently, U.S. District Judge Loretta Preska upheld the decision, although her ruling will be stayed in order to give Microsoft the opportunity to appeal. “Congress intended in this statute for ISPs to produce information under their control, albeit stored abroad, to law enforcement in the United States,” Preska stated. “As Judge Francis found, it is a question of control, not a question of the location of that information.”

The Potential Impact

The court’s interpretation of the SCA will not only impact email providers, but also cloud-based service providers, which also frequently store data abroad. If the decision stands, these businesses could be forced to produce data to law enforcement regardless of where in the world it resides. We will be closely monitoring this case throughout the appeals process, and we encourage you to check back for updates.

Do you have any legal insights or thoughts on this case regarding the Microsoft Corporation. If so, feel free to leave a comment below.