As predicted, Microsoft’s high-profile email privacy case has attracted the U.S. Supreme Court’s attention.
Over a year ago, on July 14, 2016, the U.S. Court of Appeals for the Second Circuit reversed an earlier decision requiring Microsoft to turn over to the U.S. Department of Justice (DOJ) emails that are stored in an Irish data center. The closely watched case, at least among cloud providers and data privacy advocates, was hailed as a major win for Microsoft at the time.
Now, Microsoft is gearing up for another round. On Oct. 16, “the Supreme Court granted the Department of Justice’s petition to review Microsoft’s victory,” announced Brad Smith, president and chief legal officer of Microsoft, in a blog post.
“This is an important case that people around the world will watch,” continued Smith. “We will continue to press our case in court that the Electronic Communications Privacy Act (ECPA)—a law enacted decades before there was such a thing as cloud computing—was never intended to reach within other countries’ borders.” The ECPA was enacted in “the era of the floppy disk” (1986), well before the World Wide Web transformed how businesses and individuals communicated and the advent of the cloud, argued the Microsoft executive.
Smith is also challenging the DOJ’s argument that the search warrant is valid because an email is not the user’s property but rather the property of the email provider. Further, the DOJ’s efforts create a conflict with regional data privacy laws affecting cloud and online services providers. Finally, Smith argued that if the U.S. government acts unilaterally to seize emails located overseas with search warrants, there is little to stop foreign governments from exercising the same maneuver on data stored in the United States.
Greg Nojeim, director of the Freedom, Security, and Technology Project at the Center for Democracy & Technology, agrees.
“If the Court rules that U.S. warrants work abroad, it will open the floodgates to demands from other countries that their legal processes be able to compel other providers to disclose content that they hold in the U.S., including the content held by Americans,” said Nojeim in email remarks sent to eWEEK. “This would create chaos.”
Microsoft and other organizations are calling on Congress to get with the times. Rather than rely on decades-old and pre-cloud laws, Microsoft is championing new legislation like the International Communications Privacy Act (ICPA) of 2017 and other efforts to safeguard user data and help establish a clear path for law enforcement activities involving a globe-spanning cloud marketplace.
“The current system of legal processes and international treaties are woefully out of date and ill-equipped to address the privacy and jurisdictional questions posed in this case,” Information Technology and Innovation Foundation Vice President Daniel Castro said in an email statement. “By taking up this case, the Supreme Court has started a countdown for Congressional action. Congress can and should act swiftly within this narrow window to develop a workable global framework for lawful government access to data stored in the cloud.”