John O'Connor outlines the latest position in the 'Microsoft Warrant case' where the Cloud provider was ordered by a US Federal Court to produce its customer's private e-mail content even though it was stored exclusively outside the USA.
The District Court for the Southern District of New York has decided that Microsoft Corporation must, pursuant to a warrant, produce to US authorities, content and non-content data relating to an e-mail account (including private emails) of a customer held on a Microsoft server in Ireland. The decision raises significant issues for cloud providers, technology companies, privacy advocates, data protection regulators and governments, not only in Ireland but across the world. The court case has been ongoing since December 2013. In August, the New York District Court removed the stay on the warrant ordering Microsoft to produce the e-mails to the FBI. In order for the case to continue to the New York Second Circuit Court of Appeals, on 5 September 2014, Microsoft declined to comply with the court's ruling, voluntarily entering into contempt, with any sanctions deferred pending the final outcome of the case.
The search warrant was issued pursuant to the US Stored Communications Act (SCA), government legislation from the Ronald Reagan-era. The SCA states that a US company's overseas records must be disclosed domestically when a valid subpoena, order or warrant compels their production. The judge deduced from the facts that it was the intention of US Congress when drafting the SCA that it would have an extra-territorial effect if required. Further evidence of this intention was given in that the controversial US PATRIOT Act, legislation passed to strengthen security controls in the immediate aftermath of 9/11, contains such provisions.
Microsoft has argued to the court that (i) a SCA warrant is confined to US territory and has no effect in a foreign jurisdiction; (ii) interpreting the SCA warrant to have extra-territorial reach is a violation of international law; (iii) compelling Microsoft to hand over the property does not circumvent the fact that it is an illegal search and seizure by law enforcement; (iv) the data belong to Microsoft's customer and do not constitute business records of Microsoft; and (v) the US Government should use an appropriate process designed for this kind of request, such as the Mutual Legal Assistance Treaty (MLAT) with Ireland (signed January 2001) to procure the data...