Nation-Now Microsoft wins appeal over U.S. email requests
SAN FRANCISCO — In a ruling that has important data security implications, a court ruled Thursday Microsoft can’t be forced to give the government e-mails stored in Ireland that are part of a U.S. drug investigation.
“This is an an incredibly important ruling, one of the most important in a long time,” said Craig Newman, who heads the data privacy practice at the New York law firm Patterson Belknap.
It’s expected that the U.S. government will appeal the ruling, which could send the case to the U.S. Supreme Court.
“We are disappointed with the court’s decision and are considering our options,” said U.S. Department of Justice spokesman Peter Carr in a statement.
The case dates back to 2013, when U.S. prosecutors demanded Microsoft turn over emails linked to a drug-trafficking case. The emails were stored only on Microsoft servers in Dublin.
Microsoft gave up all the information it had stored in the United States but then sued to block the warrant, saying U.S. law enforcement couldn’t seize evidence held in another country.
Microsoft lost the first round in 2014 when U.S. District Judge Loretta Preska said the company had to hand over the emails.
The company argued that if it complied, foreign governments could force U.S. companies to turn over evidence stored within the United States.
“As a global company we’ve long recognized that if people around the world are to trust the technology they use, they need to have confidence that their personal information will be protected by the laws of their own country,” said Microsoft’s president and chief legal officer Brad Smith.
On Thursday a federal appeals court in New York agreed, saying the original court had overstepped its bounds.
New framework needed
The courts have noted that the U.S. government did have another option to get the emails and could have availed itself of the Mutual Legal Assistance Treaty process to get access to the information it wanted in the investigation.
It is, however, widely acknowledged to be quite a clunky system. “Everyone agrees that that process is very slow and bureaucratic and needs to be streamlined,” said Faiza Patel, co-director of the Liberty and National Security Program at the Brennan Center for Justice at New York University law school.
In fact, one of the appeals judges noted the Justice Department will likely ask Congress to find a legislative solution to the issue of data sharing among law enforcement entities, she said.
The U.S. government has argued it needs to be able to access U.S. companies’ information outside the U.S. for safety and security reasons.
“Lawfully accessing information stored by American providers outside the United States quickly enough to act on evolving criminal or national security threats that impact public safety is crucial to fulfilling our mission to protect citizens and obtain justice for victims of crime,” said the DOJ’s Carr.
The case is a reminder that U.S. online privacy protection laws are dangerously out of date, say some.
“Our online privacy laws are not the bulwarks of privacy that Congress thought they were when it enacted them in 1986,” said Alex Abdo, an attorney with the ACLU.
Broad tech support
The case was closely watched by the tech industry. Twenty-three technology and media companies, 28 trade associations and advocacy groups, 35 of the nation’s leading computer scientists and the Government of Ireland filed friend of the court briefs on behalf of Microsoft, the company said.
Tech companies maintain that email stored on computer servers overseas can’t be obtained through warrants because warrants don’t reach outside of the United States.
This issue is also important because other countries, especially in the European Union, have much stricter laws regarding individuals’ privacy and rights over their data.
“Say you’re an Irish citizen in Ireland. Imagine your reaction if American law is applied to your private emails stored on a server in Dublin,” said lawyer Newman.