Feds can't use US warrants to grab foreign data, says appeals court

The appeals court was split 4-4, ensuring a previous ruling in Microsoft's favor remained intact.
Written by Zack Whittaker, Contributor

(Image: file photo)

An appeals court has declined to revisit an earlier decision, ruling that the Justice Department cannot force Microsoft to turn over customer data stored on servers outside the US.

The Second Circuit Court of Appeals in New York was split 4-4 in a vote on Tuesday, leaving an earlier July decision in place, which was widely seen as a victory for tech companies and privacy advocates.

A Justice Dept. spokesperson told ZDNet that the department is "reviewing the decision and its multiple dissenting opinions and considering our options."

Judge Susan Carney, who voted to keep the earlier decision in place, argued that the Justice Dept.'s actions would have bypassed existing mutual law enforcement treaties.

"And it is for just this sort of reason that the government has in other circumstances taken a position, somewhat in tension with the one it takes here, that courts should be particularly solicitous of sovereignty concerns when authorizing data to be collected in the US but drawn from within the boundaries of a foreign nation," she said.

But not all the judges were happy about the decision.

Judge Jose Cabranes wrote in dissent that the decision has "indisputably, and severely, restricted an essential investigative tool used thousands of times a year in important criminal investigations around the country."

"To top this off, the panel majority's decision does not serve any serious, legitimate, or substantial privacy interest," he added.

Microsoft President and Chief Legal Officer Brad Smith said he welcomed the decision.

"We need Congress to modernize the law both to keep people safe and ensure that governments everywhere respect each other's borders. This decision puts the focus where it belongs, on Congress passing a law for the future rather than litigation about an outdated statute from the past," he said.

The case centered on a customer in Ireland who is accused of drug charges. Microsoft had spent the past two years battling US prosecutors over the customer's data held in its Dublin datacenter.

The case centered on a atypical warrant that was issued by US prosecutors in that it was for data stored in an email account stored by Microsoft overseas. Prosecutors said that because the data was hosted by a US-based company, Microsoft must comply.

But the software giant asserted that the US government cannot extraterritorially access or retrieve data in a foreign country with a US search warrant.

The full 60-page set of decisions can be read here, or below:

Do you pass off your security responsibility to others?

Editorial standards