US strikes back in Microsoft email warrant case
The US Department of Justice (DoJ) has filed a petition to reopen a case in which judges ruled Microsoft could not be forced to hand over user data to the US government when stored overseas.
In July, it appeared that Microsoft had won the landmark case. The Second Circuit Court of Appeals in New York overturned an earlier ruling which would have forced the tech giant to hand over email account data belonging to an individual being investigated by US law enforcement.
A US search warrant issued against Microsoft aimed to force the company to comply under the Stored Communications Act. Despite the data center being based in Dublin, Ireland, prosecutors have argued that as the Redmond giant controls the center, the company should still comply with US demands.
However, the judges in the appeals court disagreed that the legislation was intended for use abroad -- and such requests should relate to local laws rather than those held in the United States.
Microsoft holds the same opinion. In 2014, the company was held in contempt of court for refusing to hand over this data which paved the way for the appeal to take place -- and luckily for Microsoft and privacy advocates alike, the firm won.
Microsoft said at the time the company "welcomed" the decision, saying the ruling "ensured that people's privacy rights are protected by the laws of their own countries; helped ensure that the legal protections of the physical world apply in the digital domain and paved the way for better solutions to address both privacy and law enforcement needs."
However, the DoJ is not taking the decision lying down. Last week, the US agency filed a petition to return the issue to the courtroom.
According to the petition, the case "involves a question of exceptional importance," but the July ruling is hampering criminal investigations across the country.
US prosecutors call the decision "severely limiting" to an "essential investigative tool used thousands of times a year" and is also "causing confusion and chaos" among providers as they struggle to determine how to comply with SCA demands.
"The Opinion [ruling] breaks with over two decades of settled SCA enforcement and compliance, in holding that a US-based company can refuse to use US-based facilities and employees to comply with a court-authorized disclosure warrant, issued upon a showing of probable cause, merely because the company chooses in its sole discretion to store the electronic data sought by the warrant on its own overseas servers," prosecutors say.
The DoJ also noted that as online services expand worldwide, technology firms are making criminal investigations difficult due to how they often store, transfer and communicate data.
As an example, Google and Yahoo both offer cloud storage services and store user data in an "ever-changing" selection of servers worldwide, which places potential evidence in criminal cases out of the reach of US law enforcement.
Microsoft says that EU mechanisms should be used and the proper procedures followed if law enforcement wants access to this data, or even better, US lawmakers should work to resolve problems with data sharing agreements between countries.
In addition, forcing Microsoft to hand over the information could have severe repercussions for businesses which offer cloud services due to strict privacy laws in other areas, such as the European Union.
Speaking to the Washington Post, Microsoft spokesman David Cuddy said the company wants to work with Congress and the Justice Department to create solutions to the problem, but "this 30-year-old law doesn't apply to email content abroad."
The petition has been filed with the Second Circuit Court of Appeals.