A legislative path to create new laws is better than arguing over old laws

Posted in Brad Smith, Warrant Case

Today the U.S. Justice Department asked the Supreme Court to reconsider a legal decision, in a case brought by Microsoft, which found that U.S. warrants cannot be unilaterally applied to email in other countries. It seems backward to keep arguing in court when there is positive momentum in Congress toward better law for everyone. The DOJ’s position would put businesses in impossible conflict-of-law situations and hurt the security, jobs, and personal rights of Americans.

DOJ’s request follows House and Senate hearings earlier this month which demonstrated strong support for modernizing the 31-year-old law at issue in the case and implementing updated data-sharing treaties with our allies. Those in agreement include members of Congress, the business community, academic researchers, our international allies and the Justice Department itself. In fact, Congress has already taken steps to address this important issue and DOJ has already negotiated the first new international agreement. Last year, the International Communications Privacy Act (“ICPA”) was introduced by Sens. Orrin Hatch and Christopher Coons and Reps. Tom Marino and Suzan DelBene to create a modern legal framework. We understand the sponsors may reintroduce the bill after incorporating input from a range of stakeholders. These solutions consider the current needs of law enforcement, the realities of modern technology and the application of people’s traditional rights in today’s world.

As Judge Gerard E. Lynch stated in his concurring opinion in our case, “Although I believe that we have reached the correct result as a matter of interpreting the statute before us, I believe even more strongly that the statute should be revised, with a view to maintaining and strengthening the Act’s privacy protections, rationalizing and modernizing the provisions permitting law enforcement access to stored electronic communications and other data where compelling interests warrant it, and clarifying the international reach of those provisions after carefully balancing the needs of law enforcement (particularly investigations addressing the most serious kinds of transnational crime) against the interests of other sovereign nations.”

The litigation path DOJ is now trying to extend in parallel to legislative progress seeks to require the Supreme Court to decide how a law written three decades ago applies to today’s global internet. The previous decision was soundly in our favor, and we’re confident our arguments will be persuasive with the Supreme Court. However, we’d prefer to keep working alongside the DOJ and before Congress on enacting new law, as Judge Lynch suggested, that works for everyone rather than arguing about an outdated law. We think the legislative path is better for the country too.

Conflicts of law

In less than one year, a new European data protection law will go into effect. Under that law – called the General Data Protection Regulation – it would be illegal for a company to bring customer data from Europe into the U.S. in response to a unilateral U.S. search warrant. This type of legal conflict isn’t theoretical. We have declined to comply with similar legal orders in Brazil because they conflict with U.S. law. As a result, we have been fined, and one of our local employees was criminally charged. Neither people nor companies should be put in a position where complying with the laws of one country puts them in conflict with another country under whose laws they must operate.

Diplomatic and security threats

While the DOJ understandably is focused on effective law enforcement investigations across borders, we’re hard pressed to believe that a reversal of our case would make that situation better. Under current law we’re already able to act in emergency situations and when law enforcement works together across borders. For example, when the French authorities and the FBI cooperated and pursued proper legal process following the terrible Charlie Hebdo attack in 2015, we provided responsive emails in less than 45 minutes. Our current policy, underpinned by the standing decision in our case, also enables us to reject requests from other governments that want the email of Americans without the consent or knowledge of the U.S. government.

However, if the decision in our case is reversed, and we’re forced to provide the U.S. government with the email of foreign citizens abroad, there would be little basis for us to reject requests from other governments for American email. This dilemma, which could be possible under today’s request from DOJ, would create additional diplomatic tensions with other governments and present a security risk to the email of people and businesses in America.

The economy

These developments would also be bad for American products and our economy. Today’s cars, construction equipment and appliances of all kinds contain internet-connected chips that make these products smarter. These American exports process data about people and businesses around the world and often keep that data in a local or regional datacenter. It’s important that people buying American products, like these, know they are backed by laws that allow the U.S. government to access this data only when working with the consent of their home government. If our case is reversed, and this trust is eroded, the consequences would be felt not only in the tech sector but across exporting industries that are critical to future U.S. job growth.

Personal rights

Many of the challenges described here are rooted in a single question: Should people be governed by the laws of their own country? If the decision in our case were reversed, it would subject every person in the world to every other country’s legal process. The email of a person who lives and works in Dublin would be subject to an American warrant issued by a U.S. court just as an American would be subject to an Irish warrant. Our customers tell us they want to be governed by the laws of their own government, and they deserve the certainty of knowing what laws govern their data. That’s why the legislative solution would ensure data is shared with a destination country only when there is consent in the originating country and comparable legal process is applied.

All of these factors help explain why so many other groups have supported our position in this case. We were grateful to the 28 leading technology and media companies, 23 trade associations and advocacy organizations, 35 computer scientists and the Irish government that filed amicus briefs supporting our position before the Second Circuit. These briefs included contributions from business organizations and a number of newspapers and media outlets, spanning well beyond the technology sector itself.

The need for legislation will exist regardless of who wins the case, and we’ve seen encouraging progress. We hope today’s filing does not derail work toward a modern fix that improves law enforcement’s capabilities while protecting people’s rights. We’re prepared to keep arguing vigorously for our case, even while we prioritize our collaboration toward new law.  We hope the Justice Department will do the same thing.

 

Posted June 23 by