A federal appeals court ruled Thursday that the government cannot force Microsoft to turn over data from a user’s email account that was stored overseas, giving the tech company a victory in maintaining the privacy of its customers.
The ruling by the U.S. Court of Appeals for the 2nd Circuit stemmed from a 2013 warrant issued by a magistrate judge who had ordered Microsoft to hand over data related to an email account that authorities believed was being used for narcotics trafficking.
Microsoft determined that the contents of the email account were stored overseas on its servers in Dublin, Ireland, and declined to provide the data, arguing that the U.S. government does not have the authority to compel it to turn over data that is held in another country.
The appellate court’s decision states that the 1986 law upon which the warrant was based “does not authorize courts to issue and enforce against U.S.-based service providers warrants for the seizure of customer email content that is stored exclusively on foreign servers.”
The ruling, written by Judge Susan Carney, also voids a lower court’s finding of contempt against Microsoft for its failure to turn over the data.
Judge Carney wrote that when Congress passed the Stored Communications Act in 1986, “its aim was to protect user privacy in the context of new technology that required a user’s interaction with a service provider.”
“Neither explicitly nor implicitly does the statute envision the application of its warrant provisions overseas,” she wrote.
The tech giant had warned that if the warrant were enforced, it could trigger a “global free-for-all” that would enable law enforcement agencies in other countries to seize emails belonging to Americans and stored in the United States.
The case attracted widespread attention from technology companies, with nearly 100 organizations and companies filing briefs in support of Microsoft.
“Had the Department of Justice prevailed in this case, other countries would follow the U.S. lead and start claiming access to data stored here in the U.S.-based on their own laws,” said Greg Nojeim, director of the Freedom, Security and Technology Project at the Center for the Democracy and Technology. “It would have been like the Wild West and disaster for privacy.”
A Justice Department spokesman said the agency was disappointed in the court’s decision, and is considering other options.
“Lawfully accessing information stored by American providers outside the United States quickly enough to act on evolving criminal or national security threats that impact public safety is crucial to fulfilling our mission to protect citizens and obtain justice for victims of crime,” Justice Department spokesman Peter Carr said in an email statement.
Microsoft officials praised the ruling, saying it “ensures that people’s privacy rights are protected by the laws of their own countries.”
“This decision provides a major victory for the protection of people’s privacy rights under their own laws rather than the reach of foreign governments,” said Brad Smith, Microsoft’s president and chief legal officer. “It makes clear that the U.S. Congress did not give the U.S. government the authority to use search warrants unilaterally to reach beyond U.S. borders.”
The ruling also highlights the need to modernize laws governing technology, Mr. Smith said.
“We hope that today’s decision will bring an impetus for faster government action so that both privacy and law enforcement needs can advance in a manner that respects people’s rights and laws around the world,” he said.
• Andrea Noble can be reached at anoble@washingtontimes.com.
Please read our comment policy before commenting.