Supreme Court Considers Whether Search Warrants Can Reach Data Stored Overseas

The Supreme Court is being asked to decide whether an American company can be required to turn over data stored on servers located overseas.

Earlier this week, the Supreme Court heard oral argument in a case that could have significant implications going forward, namely the question of whether American companies can be required to disclose data held on servers located outside of the United States:

WASHINGTON — The Supreme Court struggled on Tuesday to decide whether federal prosecutors can force American companies to turn over digital data stored outside the United States, in a clash between the demands of law enforcement and technology firms’ desire to shield the information they collect to protect their customers’ privacy.

The case turned on the meaning of a 1986 law, enacted before the dawn of the big-data era, and several justices said it provided them with very limited guidance.

In 1986, Justice Ruth Bader Ginsburg said, no one had ever heard of cloud computing. “This kind of storage didn’t exist,” she said.

That suggested, she said, that Congress rather than the courts should act to define the limits of privacy in the digital era.

“If Congress takes a look at this, realizing that much time and innovation has occurred since 1986, it can write a statute that takes account of various interests,” Justice Ginsburg said. “If Congress wants to regulate in this brave new world, it should do it.”

But Justice Samuel A. Alito Jr. said the court must act. “It would be good if Congress enacted legislation that modernized this,” he said, “but in the interim, something has to be done.”

The case, United States v. Microsoft, No. 17-2, has been closely watched by the technology industry, which sometimes has a testy relationship with the Justice Department.

The dispute arose from a federal drug investigation in which prosecutors sought the emails of a suspect stored in a Microsoft data center in Dublin. They said they were entitled to the emails because Microsoft is based in the United States. The suspect’s nationality has not been made public.

A federal magistrate judge in New York granted the government’s request to issue a warrant for the data under the 1986 federal law, the Stored Communications Act. A federal district judge agreed.

Microsoft challenged the warrant, arguing that prosecutors could not force it to hand over customer emails stored abroad.

A three-judge panel of the United States Court of Appeals for the Second Circuit, in Manhattan, ruled that the warrant in the case could not be used to obtain evidence beyond the nation’s borders because the 1986 law did not apply extraterritorially. In a concurring opinion, Judge Gerard E. Lynch said the question was a close one, and he urged Congress to revise the 1986 law, which he said was badly outdated.

Michael R. Dreeben, a deputy solicitor general, told the justices that the appeals court’s decision “has caused grave and immediate harm to the government’s ability to enforce federal criminal law.”

The two sides agreed on Tuesday that the 1986 law does not apply abroad, but they differed about whether requiring Microsoft to retrieve the data from the United States violated it.

Mr. Dreeben said the focus of the statute was on a company’s ability to obtain data with the click of a mouse in the United States. E. Joshua Rosenkranz, a lawyer for Microsoft, said the law was focused on where the information is held.

“If you look at this statute, the focus is on the storage,” he said. “This is the Stored Communications Act. At the most basic level, that’s what the focus is.”

Chief Justice John G. Roberts Jr. said he did not understand why anything should turn on Microsoft’s business decision to store data abroad. “It’s not the government’s fault that it’s located overseas,” he said. “I suspect the government doesn’t care.”

The chief justice said the company could make protecting all data from the federal government a selling point. “There is nothing under your position,” he told Mr. Rosenkranz, “that prevents Microsoft from storing United States communications, every one of them, either in Canada or Mexico or anywhere else.”

Mr. Rosenkranz said that was theoretically possible, “but it would never happen.” He said Microsoft’s products work faster when data is stored near its customers.

But Chief Justice Roberts said he was troubled by the prospect that “an email from me to somebody on the other side of the building that is going to be stored somewhere else would be protected from disclosure.”

Mr. Rosenkranz said there was another reason to shield the data. International relations, he said, requires respect for local privacy laws.

“No one disputes that countries across the world believe that they have the sovereignty and the sovereign right to pass their own laws governing the access to emails stored on their soil,” he said. “And here we are reaching into their lands and imposing our U.S. position on who gets access to emails on their soil.”

Mr. Dreeben disputed that. “There is not an international problem here,” he said. “This is largely a mirage that Microsoft is seeking to create.”

Amy Howe analyzes the argument over at SCOTUSblog:

When the Supreme Court heard oral argument this morning in United States v. Microsoft, it found itself in what has become familiar terrain — trying to apply a decades-old law to modern technology. Today the justices were interpreting what Justice Anthony Kennedy characterized as a “difficult statute”: the Stored Communications Act, a 1986 law that requires an email provider to turn over the contents of emails if the government obtains a warrant. Computer giant Microsoft told the justices today that the SCA only applies within the United States, so the company cannot be compelled to turn over emails stored outside the country. The federal government countered that, although laws don’t normally apply outside the United States, the SCA focuses on “classically domestic conduct”: Here, it stressed, Microsoft is simply being asked to turn over electronic records that it controls, even if those records happen to be stored elsewhere. After struggling with the issues (and the technology) in the case for approximately an hour of oral argument, it wasn’t at all clear how the justices will rule – if they even have the opportunity to do so before Congress enacts legislation that would resolve the case.

The dispute before the court today dates back to December 2013, when the federal government served Microsoft with a warrant at its headquarters in Redmond, Washington. The warrant ordered Microsoft to turn over information for an email account that the government believed was being used for drug trafficking. But Microsoft refused to give the government the contents of the emails, because they were stored in Ireland.

(…)

As I explained in my preview, the Supreme Court is not the only branch of the federal government considering the complex questions at issue in Microsoft’s case. Recently a bipartisan group of senators introduced legislation – known as the CLOUD Act – that would allow warrants for data stored overseas, but would also give both email providers and the countries where the data is stored a chance to object to those disclosures. Ginsburg and Justice Sonia Sotomayor seemed to believe that Congress, rather than the Supreme Court, was best suited to deal with the questions before the court. Sotomayor told Dreeben that, when it enacted the SCA, Congress was only trying to protect data stored in the United States. What the government is asking the Supreme Court to do now, she continued, is to imagine how Congress would deal with disclosures of overseas data if it considered the question. Given the prospect that the court’s ruling could create conflicts with other countries’ laws and, as a result, foreign-relations problems, she asked, why shouldn’t the justices leave things as they are and let Congress change the law if it wants to do so?

Dreeben pushed back hard against Sotomayor’s suggestion that a ruling for the government could create international problems, calling the idea a “mirage” that Microsoft has created. No foreign government has told the courts or the U.S. government that requiring disclosures like the one in this case would conflict with their laws, he assured Sotomayor. But, he emphasized, since the ruling by the U.S. Court of Appeals for the 2nd Circuit for Microsoft, foreign governments have complained about problems that they have experienced when they come to U.S. courts in an effort to get information from U.S. providers to enforce their own laws. And in any event, he continued, the job of the Supreme Court is to interpret the law, “rather than waiting for an uncertain legislative process.”

Justice Stephen Breyer proposed what he described as a “practical” solution to the problem facing the court: The federal government could, as a general rule, get a warrant to obtain data stored overseas, but companies like Microsoft would have the opportunity to go before a judge to raise potential problems – such as a conflict with foreign law – and the judge could consider those problems in deciding whether to enforce the warrant. Breyer may have been hoping to appeal to Justices Anthony Kennedy and Elena Kagan, both of whom seemed unsatisfied with what Kennedy characterized as the stark “binary” choice facing the court. Although Dreeben appeared amenable to Breyer’s proposal, Rosenkranz was decidedly unenthusiastic, arguing that the justices’ job is to interpret the law that Congress wrote, rather than “innovating and adopting its own standard.”

Will at least four other justices be more open to Breyer’s “practical” solution? We will likely know by the end of June – assuming, of course, that Congress doesn’t act first.

As with many of the issues surrounding technology that Federal Courts from the Supreme Court on down have dealt with involving the application of the Fourth Amendment—and Court precedent that predates the era of the Internet, smartphones, and the storage of data in the cloud—the issues facing the Court here are not easy to resolve. Before the rise of these technologies, a search warrant served on an American business for information regarding a third party was enforceable as a matter of course due largely to the fact that said information was readily available to the business and could be found in either papers within the control of the party on whom the warrant was served or in data located on computers that were located in the United States. Today, that’s no longer the case. Email or other data that is stored in “the cloud” could just as easily be stored on a server located pretty much anywhere in the world as it could be stored in the United States. As a result, it’s not clear that an American business can be required to turn over such data even though the data is within its control notwithstanding the fact that it is stored on a server in a foreign country.

Microsoft is taking the position that the fact that the information requested by the search warrant in question is located on a server outside the United States and that it is therefore not required to comply with the search warrant even if it was properly issued and based on probable cause.Basically, Microsoft takes the position that since the warrant was issued pursuant to a law passed by Congress, the Stored Communications Act and that Federal law cannot be enforced beyond the borders of the United States, that it cannot be compelled to turn over the emails in question regardless of whether or not those emails are within its theoretical control. The Federal Government takes the opposite position, arguing that Microsoft, an American corporation, is being asked via the warrant to disclose third-party communications from the United States that are within in its control. Additionally, the government argues that since the email was sent from the United States and that Microsoft is clearly within the jurisdiction of American courts, the fact that the information may be located on a server outside the United States is immaterial. While there are various aspects of the arguments on both sides that complicate the issue further, this simple choice is the one that the Justices find themselves faced with.

Essentially, Microsoft argues that because the warrant in question was based on a statute, that it is Congress must act to grant authority to law enforcement that would allow Courts to compel companies such as Microsoft to produce information stored. In fact, there is a bill that would accomplish just that, the so-called CLOUD Act, which is currently backed by a bipartisan group of Senators. Under this proposed law, the government could obtain warrants for data stored overseas, but it would also allow service providers such as Microsoft and the countries where the data is stored a chance to object to the required disclosure. Rather than trying to apply a law that was drafted before “the cloud” existed to cover something it arguably does, Microsft is arguing that this is an area where the Court should allow Congress to act. Whether the Justices will take Microsft’s well-placed objection to heart remains to be seen.

As with other high-profile cases, we likely won’t get a decision on this case until June, in the meantime, you can read up on the background and the pleadings at the SCOTUSBlog information page for this case.

Here’s the transcript:

United States v. Microsoft by Doug Mataconis on Scribd

FILED UNDER: Law and the Courts, Science & Technology, US Politics, , , , , , , , , , , , , , , , , ,
Doug Mataconis
About Doug Mataconis
Doug Mataconis held a B.A. in Political Science from Rutgers University and J.D. from George Mason University School of Law. He joined the staff of OTB in May 2010 and contributed a staggering 16,483 posts before his retirement in January 2020. He passed far too young in July 2021.

Comments

  1. Kit says:

    I’m no expert in this domain, but I’d say that America’s heavy-handed approach to data privacy has spurred a great many changes, of which overseas servers are simply one part. If an ill-conceived idea becomes law, American companies will certainly suffer in the form of lost business, at least in the short term. Companies set up overseas servers for various reasons, but increasingly to cater to businesses that take pains to keep their data outside the USA. Longer term, I imagine that clever technological changes and imaginative corporate restructuring will soon enough reset the status quo ante. Billions of dollars are at stake, and cooler heads (and fatter wallets) will prevail. Effectually. For better and for worse.

  2. Slugger says:

    Obviously, advances in technology create new challenges. Didn’t the US reach out to Swiss banks to eliminate at least some overseas havens for avoiding American laws? Would the handling of overseas finances serve as a model?