Microsoft files fresh appeal against handing over email in Irish datacentre

Microsoft has fired the latest salvo in a case to keep US agents from having access to customer data stored overseas.

Microsoft on Monday filed its appeal in the US Second Circuit Court of Appeals, challenging a US warrant for a customer's email stored in its Irish data centre.

The appeal is its second attempt to void part of the warrant, issued by a New York magistrate last year under the Stored Communications Act, which orders the company to turn over the contents of email stored in servers in Ireland to the US government.

Previously, Microsoft likened the warrant to authorising federal agents to break down the doors of Microsoft's Dublin facility -- a view that the government has rejected since agents don't actually set foot in Ireland.

This time Microsoft has refined its analogy, painting a picture of Deutsche Bank as the US-based recipient of a German warrant.

"Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany. They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter's box with a master key, rummage through it, and fax the private letters to the Stadtpolizei," Microsoft's lawyers argue.

Needless to say, the US would be outraged by this scenario. But in it, Germany could say that no extraterritorial search had occurred, as no German agents entered the US to conduct the search and Deutsche Bank was simply ordered to produce business records it holds.

The whole case hinges on whether a warrant is limited to "searches" within the US or whether they can extend beyond US borders. In previous filings, the government has said that nothing in the text of the Stored Communications Act (SCA) suggests Congress wanted to place any limits on access to information held by US providers overseas.

Microsoft counters in its new brief that when Congress passed the Electronic Communications Privacy Act (ECPA) of 1986 -- of which the SCA is a part -- it "gave no indication in ECPA that it intended to authorize federal and local police to commandeer service providers to execute searches and seizures of private emails located in foreign countries".

Microsoft's chief legal counsel Brad Smith says Congress's intent is the "heart of this case". He pointed to comments earlier this year made by Europe's Commissioner for Justice Viviene Reding who said the warrant "may be in breach of international law and may impede the attainment of the protection of individuals guaranteed in the Union".

Smith wrote: "To avoid just this sort of international discord, courts presume that federal statutes do not apply extraterritorially unless Congress expresses a clear intent for them to do so. And Congress expressed no such intention here. That fundamental point is at the heart of this case."

Microsoft has taken an unusually public approach to its battle with the government and has garnered the support of peers in the tech industry that fear such warrants could cool the appetite for using US online services among customers abroad. Companies that have filed amicus briefs in support of Microsoft include Apple, AT&T, Cisco, and Verizon, as well as civil-liberties advocate The Electronic Frontier Foundation (EFF).

Read more on this story