Microsoft Fights Search Warrants for Overseas Emails in the Supreme Court

Microsoft's Chief Legal Officer writes about "the landmark Microsoft case that will decide whether the U.S. government can use a search warrant to force a company to seize a customer's private emails stored in Ireland and import them to the United States." On Thursday, 289 different groups and individuals from 37 countries signed 23 different legal briefs supporting Microsoft's position that Congress never gave law enforcement the power to ignore treaties and breach Ireland's sovereignty in this way. How could it? The government relies on a law that was enacted in 1986, before anyone conceived of cloud computing... When the U.S. government requires a tech company to execute a warrant for emails stored overseas, the provider must search a foreign datacenter and make a copy abroad, and then import that copy to the United States. This creates a complex issue with huge international consequences. It shouldn't be resolved by taking the law to a place it was never intended to go...

The U.S. Department of Justice's attempt to seize foreign customers' emails from other countries ignores borders, treaties and international law, as well as the laws those countries have in place to protect the privacy of their own citizens... It's also a path that will lead to the doorsteps of American homes by putting the privacy of U.S. citizens' emails at risk. If the U.S. government obtains the power to search and seize foreign citizens' private communications physically stored in other countries, it will invite other governments to do the same thing. If we ignore other countries' laws, how can we demand that they respect our laws?
Amicus briefs supporting Microsoft have been filed in the U.S. Supreme Court by Ireland, France, and the European Commission and European privacy regulators. Microsoft even notes that on this issue, "Fox News agreed with the American Civil Liberties Union."

Force the company != force the individuals

[Alain+Williams]

The servers are located in Ireland in a data centre staffed by Irish people (or who, at least, live there). Will these people obey an order from a court in the USA and risk the wrath of the court in Dublin ? I would not if I were one of them. I do not know what control Microsoft (USA) has over servers in its Irish data centre, but generally the guy who can touch the machine is the one who makes the final decision; and him, being fearful of the Dublin court, could easily restrict access to anyone outside of their data centre.

No matter what the court in the USA decides, what will happen in reality will be interesting to see.

Re:Force the company != force the individuals

[CaptainDork]

This is not a matter of an American-issued search warrant delivered to person or persons of name, as in individuals.

Microsoft obviously has a pathway to the data in Ireland and there are no gatekeepers blocking that path, at this time.

At issue is custodianship vs ownership vs jurisdiction, and it ain't easy.

This is problem has already been addressed in the case offshore banking.

I think that's where SCOTUS will take this.

Re:Force the company != force the individuals

[Insanity+Defense]

The claim that something is being "imported" from Ireland to the U.S. is rubbish. The claim that this somehow violates Ireland/EU law is absurd, unless you are arguing that a person sitting at a computer in the U.S. is somehow bound by the laws of a foreign country.

Strange you should say that. The U.S. claims exactly that in the case of Gary McKinnon who hacked U.S. computers with off the shelf software. They were trying to extradite him with threats of 70 years hard time in a maximum security prison for his actions in the U.K..

Then there is the case of Dmitry Sklyarov who wrote software in Russia for his employer that was strictly legal but was arrested in the U.S. and charged for his employers sales of it to Americans. Skylarov was not in the U.S. when he wrote the program and had nothing to do with the distribution. Yet he was arrested.

How about Kim Dotcom? Again his breaking of American laws was entirely outside the U.S. but that hasn't stopped the U.S. legal system from persecuting him.

So yes the U.S. has repeatedly claimed computer "crimes" perpetuated by people outside the U.S. are punishable by the U.S.. So why shouldn't other countries do the same to Americans?

Re: They're going to lose

[Sique]

If the U.S. prosecution has its way, then the E.U. will simply forbid any foreign owned company to operate any data in the E.U.. The High Court of the E.U. already invalidated the "Safe Harbour" agreement with the U.S. because of the way the U.S. handles data of foreigners. In the end, Microsoft Ireland will have to become a separate entity, independent of Microsoft U.S., and only a contract between Microsoft U.S. and Microsoft Ireland will allow Microsoft U.S. access to data stored in Ireland, with an arbiter resident in Ireland deciding case by case if the access is to be permitted or not by handing out a digital certificate granting access and being revoked at any time the arbiter sees fit.

In a case like this, the certificate necessary to access said email would long have been revoked, and only with a formal request to the Attorney General and the Data Protection agency of Ireland, the U.S. prosecution would be able to get a new one granting access to the email they want.