The U.S. Supreme Court (SCOTUS) will resolve a years-long dispute between Microsoft and the Justice Department on whether American courts relying on current federal law can compel technology companies to turn over data stored on overseas servers.
At stake are macro questions well beyond the combatants’ standoff (which we’ll detail in a moment):
- Can federal authorities force U.S. technology companies to access and relinquish data housed anywhere in the world by citing the 1986 Stored Communications Act written long before the Internet age?
- Is where data is stored the operative factor or instead is it who controls access?
- Because data is accessible in the U.S. but resides overseas automatically make it subject to U.S. communications law?
And, by implication, exactly how far (both geographically and philosophically) does the sworn allegiance of technology companies extend to protect customer data?
There are also tangential, micro issues in play with the case: Service providers, which could potentially get ensnared in any dispute over data access, will be watching closely to see how SCOTUS rules.
How did we get here? A drug trafficking case. In 2013, federal law enforcement agents, believing that emails stored on Microsoft servers in Ireland would provide them with evidence, acted on a warrant to search the servers. Microsoft refused to turn over the substance of the emails, serving up only information such as customer names and email addresses housed on its U.S.-based servers.
Then what happened? A magistrate judge, pointing to the Stored Communications Act, subsequently rejected Microsoft’s argument to refuse the warrant, a ruling affirmed on appeal to a federal district court. But last July, a three-judge panel of the Second U.S. Court of Appeals in New York ruled that Microsoft can’t be forced to produce emails on servers overseas.
Where are we now? Microsoft has repeated contended that it’s up to Congress to update the Stored Communications Act to reflect modern digital communications.
“Information stored in the cloud should have the same protections as paper stored in your desk,” wrote Microsoft president Brad Smith in a blog post. “Therefore, Congress needs to modernize the law and address these fundamental issues.”
On the other hand, the feds believe they are hamstrung when they cannot access digital evidence that might strengthen a criminal investigation. Moreover, rubber-stamping Microsoft’s stand could pave the way for other U.S. companies to skirt the law by directing data storage elsewhere.
Lining Up to Support Microsoft, Email Privacy
Let’s not dismiss the impact of SCOTUS’ ruling on the tech industry at large. Late in 2014, when the case began to heat up, nearly 30 heavyweights in technology and media, including Amazon, Apple, AT&T, CNN, HP and Salesforce among others, submitted briefs to the court backing Microsoft. They and a whole coterie of service providers will be on high alert when SCOTUS delivers its ruling sometime mid-next year.
How might SCOTUS rule? While there are strong arguments on both sides, technology privacy and security are issues very much in play. That alone might pressure SCOTUS to toss the case to Congress to modernize the law. On the other hand, a conservative-leaning court might contend that law enforcement and ultimately national security outweighs privacy rights of individuals. Ultimately, however, it is up to legislators to make laws and for SCOTUS to determine their constitutionality.