Following months of legal wrangling between the US Department of Justice and tech giant Microsoft, the US Supreme Court is to rule on whether national authorities can access data held overseas by American corporations.
The US Supreme Court agreed October 16 to decide whether law enforcement authorities, armed with a valid search warrant from a federal judge, can demand American tech firms hand over data stored on overseas servers.
The decision related to an ongoing criminal investigation in which law enforcement officials have demanded data held in ireland by Microsoft. Previous efforts to compel Google and Yahoo to comply with search warrants for emails and other user data stored outside the country have been unsuccessful, and the Trump administration says the lack of dedicated ruling in this regard has become a major obstacle in criminal probes.
The Electronic Communications Privacy Act of 1986 allows US law enforcement to access any unencrypted electronic information once they obtain a warrant, although a lower court has previously ruled the measures don’t extend to data held in other countries.
“Under this opinion, hundreds if not thousands of investigations of crimes — ranging from terrorism, to child pornography, to fraud — are being or will be hampered by the government’s inability to obtain electronic evidence,” Deputy Solicitor General Jeffrey Wall argued in court papers.
The case pits federal and state officials against the technology industry, which has lined up behind Microsoft in the litigation. The court will hear arguments early 2018, and rule by June.
Microsoft urged the court not to hear the case, saying justices should leave it to Congress to update the 1986 law, and deal with the numerous complexities surrounding worldwide electronic data storage.
“The continued reliance on a law passed in 1986 will neither keep people safe nor protect people’s rights. If US law enforcement can obtain the emails of foreigners stored outside the United States, what’s to stop the government of another country from getting your emails even though they are located in the United States? We believe that people’s privacy rights should be protected by the laws of their own countries and we believe that information stored in the cloud should have the same protections as paper stored in your desk. Therefore, Congress needs to modernize the law and address these fundamental issues,” said Microsoft President and Chief Legal Officer Brad Smith.
Congressional efforts to address the issue have stalled in recent years. Republican Senator Mike Lee of Utah and Democratic Senator Patrick Leahy of Vermont are currently pushing legislation – the Stored Communications Act — that would update the 1986 measure. It would enable the US government to negotiate reciprocity agreements with like-minded foreign nations, to give each side a right to data on foreign servers with a valid warrant.
The Microsoft dispute stems from a 2013 federal effort to get emails the government believes would yield evidence of drug trafficking — officials obtained a search warrant, but Microsoft refused to comply. The New York-based 2nd US Circuit Court of Appeals eventually ruled the company didn’t have to provide the data, with a three-judge panel saying the Stored Communications Act wasn’t designed to cross international boundaries.
However, the Justice Department (DoJ) has argued the decision applies even if an individual were a US citizen living and committing crimes in this country, and storing information on external servers.
“The decision provides a roadmap for terrorists and criminals in the US to insulate electronic communications from US investigators. They need do nothing more than falsely state a location outside the United States when signing up for an account,” the DoJ argued.