A federal appeals court on Thursday said the U.S. government cannot force Microsoft Corp and other companies to turn over customer emails stored on servers outside the United States. The 3-0 decision by the 2nd U.S. Circuit Court of Appeals in Manhattan is a defeat for the U.S. Department of Justice and a victory for privacy advocates and for technology companies offering cloud computing and other services around the world.
A federal appeals court sided with Microsoft on Thursday in a case over whether the U.S. government could force the tech giant and other companies to hand over customer emails stored overseas. The decision is a victory for privacy advocates and reverses a 2014 court order that required Microsoft to turn over email content stored on a server in Ireland.
Microsoft Corp. won’t be forced to turn over e-mails stored in Ireland to the U.S. government for a drug investigation, an appeals court said in a decision that may affect data security throughout the U.S. technology industry. The ruling on Thursday overturned a 2014 decision ordering Microsoft to hand over messages of a suspected drug trafficker.
A federal appeals court has ruled Microsoft and other companies cannot be forced to turn over customer emails stored on servers outside the United States, handing a victory to privacy advocates. U.S. law doesn’t work outside the country, the second U.S. circuit court of appeals in New York ruled on on Thursday, reversing a 2014 lower court order directing Microsoft to comply with a warrant to turn over to the US government the contents of a customer’s email account stored on an Irish server.
Big technology companies have usually played a defensive game with government prosecutors in their legal fight over customer information, fighting or bowing to requests for information one case at a time. But now Microsoft, in a move that could broaden the debate over the balance between customer privacy and law enforcement needs, is going on the offense. The software giant is suing the Justice Department, challenging its frequent use of secrecy orders that prevent Microsoft from telling people when the government obtains a warrant to read their emails.
The Justice Department faced withering criticism from House lawmakers at a Thursday hearing for its opposition to Microsoft-backed legislation aimed at limiting the geographical scope of a U.S. warrant. The House Judiciary Committee hearing focused on a bill aimed at resolving a legal battle in which Microsoft resisted a U.S. warrant forcing it to turn over a customer’s email account stored in Ireland.
What’s underlying the hearing? Politicians are being pushed to make a choice between protecting America’s edge in cloud computing and data privacy versus giving the American people a feeling of more security by granting federal law enforcement more power. What’s at risk, however, is whether a tech company should be forced to give data to the U.S. government pursuant to a warrant for data that does not target an American citizen on American soil.
Last week, the European Commission and the U.S. concluded tough negotiations to reach an important new agreement regarding cross-border data transfers, the so-called “E.U.-U.S. Privacy Shield,” which replaces the 15-year-old Safe Harbor compact. We also learned the U.S. and the U.K. began negotiations regarding a new data-sharing agreement that shows great promise to establish a basis for other like-minded democracies to develop a more modern and workable legal framework for government access to citizens’ data.
U.S. Congress should pass the LEADS Act. It is not a silver bullet that will address all surveillance privacy concerns domestically or internationally about the United States, but it is a practical and important start. LEADS will clarify the gap in what rules are, or are not, in place by which law enforcement executes papers for content U.S. Internet companies store in servers abroad. Right now those rules are a Bleak House and not consistent even with legislation designed to address the point (such as our old friend, the Electronic Communications Privacy Act, or ECPA).