Microsoft Corp v. United States was a case that had a familiar theme from some other cases examined in this blog; an instance where potentially outdated laws were used to decide a case that involved new technology. In this case, the Second Circuit found that the Government cannot compel ISPs (Internet Service Providers) to produce information stored on cloud servers that are located overseas, even if the companies in question are based in the United States and compelled by a warrant. Perhaps more damagingly, data was treated as a physical object rather than its unique “unterritorial” nature being recognized, setting a dangerous precedent for similar cases in the future.
In December 2013 Magistrate Judge Francis of New York’s Southern District issued a warrant under the Stored Communications Act for an MSN (Microsoft Network) email addresses’ content. Although Microsoft handed over data stored in the United States, they refused to hand over data stored on a Microsoft server located in Ireland, saying that the warrant ought to be rendered moot due to Ireland being beyond the court’s jurisdiction. The Magistrate judge denied Microsoft’s motion and noted that while a traditional search warrant cannot be executed outside of the United States, since the language of the SCA is ambiguous in reference to jurisdiction, the fact that the an SCA warrant is a hybrid between a warrant and a subpoena gave the court power to demand the information be handed over no matter where the information in question was located. The Court rightfully concluded that if they let Microsoft withhold the data stored in Ireland, this would give criminals an exploitable loophole by which they could store nefarious information without the government having any way to compel them to reveal it.
The Second Circuit Court reversed this ruling, holding that the SCA does not apply extraterritorially, and that requiring Microsoft to turn over the data in this case would be in violation of the extraterritorial application of the statute. In this ruling, the Second Circuit explicitly rejected the government’s argument that an SCA warrant is a hybrid between a search warrant and a subpoena, citing the fact that the word hybrid is never used in the Act. Their finding that the government compelling Microsoft to turn over the data stored in an Ireland server would constitute an extraterritorial application of the SCA based on the Act’s focus to protect privacy, and how it was tied to traditional search warrants. The fact that the SCA’s focus was privacy, and the privacy interests in this case were in Ireland, led the Second Circuit to find that compelling Microsoft to turn over the data from its Ireland server would be an unlawful application of the SCA. However, as with the lower court’s ruling, the Second Circuit Court’s ruling raises as many questions as it answers. What should data be categorized as in relation to physical objects? Does the data belong to the location of its server, or the location of the company that owns the server in question? Since the SCA is relatively outdated in terms of technological relevance, can new legislation such as the International Communications Privacy Act (which would allow law enforcement officials to obtain electronic communications with a warrant “regardless of where those communications are located”) remedy the issues caused by old legislation creating such a mess? The cases of today and tomorrow will decide.
Microsoft Corp. v United States. (2016, December 9). Retrieved February 25, 2017, from http://harvardlawreview.org/2016/12/microsoft-corp-v-united-states/