Robert E. Levy
Partner
201-896-7163 rlevy@sh-law.comAuthor: Robert E. Levy|August 8, 2014
The New York data privacy case could dramatically impact U.S. businesses as well the ability of U.S. law enforcement to obtain digital information stored overseas, all because of this case regarding the Microsoft Corporation.
On December 4, 2013, federal prosecutors obtained a search warrant to obtain information associated with a specified web-based e-mail account that is “stored at premises owned, maintained, controlled, or operated by Microsoft Corporation, a company headquartered at One Microsoft Way, Redmond, WA.” The warrant was issued under the Stored Communications Act (SCA).
The Microsoft Corporation complied with the search warrant to the extent of producing the non-content information stored on servers in the United States. However, after it determined that the target account was hosted in Dublin and the content information stored there, it sought to quash the warrant to the extent that it directs the production of information stored abroad. The motion argued that federal courts are not authorized to issue warrants for the search and seizure of property outside the territorial limits of the United States. Rather, they must rely on the Mutual Legal Assistance Treaty (MLAT) process.
The SCA is part of the Electronic Communications Privacy Act of 1986. The statute authorizes law enforcement agents to obtain information from Internet service providers (ISPs) through subpoenas, court orders, or warrants. Each legal process allows the government to obtain a specific level of data.
A warrant entitles the government to the most information, including basic customer information, opened emails, records or other information pertaining to a subscriber or customer, and unopened e-mails stored by the provider for less than 180 days. In order to obtain an SCA Warrant, the government must demonstrate probable cause. The relevant section of the statute provides in pertinent part:
A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure . . . by a court of competent jurisdiction.
In April, U.S. Magistrate Judge James C. Francis IV denied Microsoft’s motion to quash the warrant. “Even when applied to information that is stored in servers abroad, an SCA Warrant does not violate the presumption against extraterritorial application of American law,” he ruled.
In his decision, Judge Francis noted that SCA Warrants are “hybrid: part search warrant and part subpoena.” As he further explained, “The ‘warrant’ requirement of section 2703(a) cabins the power of the government by requiring a showing of probable cause not required for a subpoena, but it does not alter the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information.”
Judge Francis also concluded that SCA Warrants do not require the same protections from government overreach, particularly because it is the service provider who conducts the search. The court also highlighted that it is difficult to believe that Congress intended to limit the reach of SCA Warrants to data stored in the United States.
Most recently, U.S. District Judge Loretta Preska upheld the decision, although her ruling will be stayed in order to give Microsoft the opportunity to appeal. “Congress intended in this statute for ISPs to produce information under their control, albeit stored abroad, to law enforcement in the United States,” Preska stated. “As Judge Francis found, it is a question of control, not a question of the location of that information.”
The court’s interpretation of the SCA will not only impact email providers, but also cloud-based service providers, which also frequently store data abroad. If the decision stands, these businesses could be forced to produce data to law enforcement regardless of where in the world it resides. We will be closely monitoring this case throughout the appeals process, and we encourage you to check back for updates.
Do you have any legal insights or thoughts on this case regarding the Microsoft Corporation. If so, feel free to leave a comment below.
The New York data privacy case could dramatically impact U.S. businesses as well the ability of U.S. law enforcement to obtain digital information stored overseas, all because of this case regarding the Microsoft Corporation.
On December 4, 2013, federal prosecutors obtained a search warrant to obtain information associated with a specified web-based e-mail account that is “stored at premises owned, maintained, controlled, or operated by Microsoft Corporation, a company headquartered at One Microsoft Way, Redmond, WA.” The warrant was issued under the Stored Communications Act (SCA).
The Microsoft Corporation complied with the search warrant to the extent of producing the non-content information stored on servers in the United States. However, after it determined that the target account was hosted in Dublin and the content information stored there, it sought to quash the warrant to the extent that it directs the production of information stored abroad. The motion argued that federal courts are not authorized to issue warrants for the search and seizure of property outside the territorial limits of the United States. Rather, they must rely on the Mutual Legal Assistance Treaty (MLAT) process.
The SCA is part of the Electronic Communications Privacy Act of 1986. The statute authorizes law enforcement agents to obtain information from Internet service providers (ISPs) through subpoenas, court orders, or warrants. Each legal process allows the government to obtain a specific level of data.
A warrant entitles the government to the most information, including basic customer information, opened emails, records or other information pertaining to a subscriber or customer, and unopened e-mails stored by the provider for less than 180 days. In order to obtain an SCA Warrant, the government must demonstrate probable cause. The relevant section of the statute provides in pertinent part:
A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure . . . by a court of competent jurisdiction.
In April, U.S. Magistrate Judge James C. Francis IV denied Microsoft’s motion to quash the warrant. “Even when applied to information that is stored in servers abroad, an SCA Warrant does not violate the presumption against extraterritorial application of American law,” he ruled.
In his decision, Judge Francis noted that SCA Warrants are “hybrid: part search warrant and part subpoena.” As he further explained, “The ‘warrant’ requirement of section 2703(a) cabins the power of the government by requiring a showing of probable cause not required for a subpoena, but it does not alter the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information.”
Judge Francis also concluded that SCA Warrants do not require the same protections from government overreach, particularly because it is the service provider who conducts the search. The court also highlighted that it is difficult to believe that Congress intended to limit the reach of SCA Warrants to data stored in the United States.
Most recently, U.S. District Judge Loretta Preska upheld the decision, although her ruling will be stayed in order to give Microsoft the opportunity to appeal. “Congress intended in this statute for ISPs to produce information under their control, albeit stored abroad, to law enforcement in the United States,” Preska stated. “As Judge Francis found, it is a question of control, not a question of the location of that information.”
The court’s interpretation of the SCA will not only impact email providers, but also cloud-based service providers, which also frequently store data abroad. If the decision stands, these businesses could be forced to produce data to law enforcement regardless of where in the world it resides. We will be closely monitoring this case throughout the appeals process, and we encourage you to check back for updates.
Do you have any legal insights or thoughts on this case regarding the Microsoft Corporation. If so, feel free to leave a comment below.
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Let`s get in touch!
Sign up to get the latest from theScarinci Hollenbeck, LLC attorneys!