Microsoft will appear in a federal appeals court today to argue against the US government’s assertion that companies operating in the land of the free must hand over data stored in other countries when presented with a valid search warrant.
The case in question, which began two years ago, surrounds emails stored on Microsoft servers in Dublin, Ireland, which allegedly contain details of narcotics sales.
Irrespective of the morals and legality surrounding the claimed drug deals, Microsoft has continually argued that it cannot hand over data protected by Irish and European data protection laws.
Microsoft maintains that the US government’s approach would allow it to “violate the territorial integrity of sovereign nations”, while skirting “legal assistance treaties expressly designed to facilitate cross-border criminal investigations”.
Unperturbed by such arguments, the US Department of Justice (DOJ) last year took the tech firm to court, where it received an order in its favour. Since that time, Microsoft has remained steadfast in its opposition to the ruling and continues to refuse to hand over any of the emails, saying that to do so would be a breach of privacy laws.
Instead, it says, the US government must do its job:
in a way that respects fundamental rights, including the personal privacy of people around the world and the sovereignty of other nations
The DOJ, however, fails to see the problem, arguing that international law be damned as Microsoft is based in the US and thus under the jurisdiction of its courts. This is a view shared by Judge Loretta Preska who, in August 2014, held the company in contempt of court for failing to comply “in full” with the original warrant.
When that ruling was then stayed, pending appeal, the US government was left seemingly confused as it argued the issue had already been resolved – pointing toward banks’ business records held overseas, which US courts had already ruled were available to federal authorities wishing to get their hands on them.
Not so though, said Microsoft, who argued that business records and emails are hardly the same thing:
A bank can be compelled to produce the transaction records from a foreign branch, but not the contents of a customer's safe-deposit box kept there. A customer's e-mails are similarly private and secure and not subject to importation.
According to the BBC, Microsoft has already stated that it will continue fighting even if it loses this appeal hearing. A lawyer for the company said it will take the matter to the highest federal authority in the US – the Supreme Court – if need be.
Meanwhile, the Obama administration continues to talk tough. It says treaty requests are too slow and Microsoft’s insistence on storing data close to where its customers reside creates a situation criminals can exploit to evade US law enforcement by filing false residence details.
And should the government lose the appeal hearing, it too has other avenues it can explore.
One of those is the US-Ireland “Mutual Legal Assistance Treaty” – a solution previously proposed by Microsoft itself.
Should such a request be forthcoming, the Irish government has said it will consider it “as expeditiously as possible” – though, as Lisa Vaas pointed out last year, if such an approach was likely to be successful, why has the federal government not already taken it? The answer, she said, was the widespread belief that the DOJ knows it is asking for something that is not “in a manner consistent with Ireland’s laws”.
Other tech firms, civil rights groups and large media outlets – who collectively filed an amicus brief – will undoubtedly be watching today’s hearing with great interest. They’ll want to see how a country – still reeling from Edward Snowden’s revelations – moves forward in a world where trust of the US, and its attitude to other people’s data, is surely still at a low point.Follow @Security_FAQs