Long-time client and friend, Donald Callahan, sent us his timely analysis of a U.S. Federal Court case involving Microsoft and the attempt of the U.S. government to obtain a customer’s email from Microsoft’s Data Center in Dublin. Donald’s full analysis appeared in the blog post entitled US Law in European Datacenters: Microsoft in Federal Court on May 13th, 2014. Donald knew we’d be interested in this development because of what we’ve written about the impact of cloud location and privacy in “Where Are Your Clouds? Location Matters.” “I know that you are sensitive to the issue about data location in the Cloud(s) and the legal jurisdiction that customers want to apply,” Donald wrote. “You might be interested in my analysis of this ruling, as a contribution to your thinking.” Here are some excerpts from Donald’s great analysis. In particular, Donald looks at the logic in the ruling that rejected Microsoft’s appeal as setting important precedent on three major questions:
- Does Data Location Matter?
- Does the American Stored Communications Act require documents to be produced, even if they don’t reside in the U.S.?
- Where can a search be conducted?
Here are the highlights of Donald Callahan’s analysis:
“Microsoft challenged the decision because, according to the company, ‘the US government doesn’t have the power to search a home in another country, nor should it have the power to search the content of email stored overseas.’”
“On April 25, 2014, Judge Francis rejected the company’s challenge and ordered Microsoft to comply with the warrant, in a ground breaking ruling that dramatically expanded the reach of US law into the datacenters of American Service Providers wherever located. Microsoft immediately announced plans to appeal the decision….”
“Data Location Doesn’t Matter?....”
…..“In particular, Judge Francis quotes George Washington University Law professor Orin Kerr who writes, in ‘A User's Guide to the Stored Communications Act,’ that ‘protections that apply in the physical world, and especially to one's home, might not apply to information communicated through the Internet.’”
“In fact, Kerr goes even further in his 2004 treatise, stating that an Internet user ‘does not have … any private space at all.’ The Court may or may not agree with this sweeping affirmation, but it is certainly indicative of a growing acceptance in American legal thinking of wide ranging government surveillance, as the Snowden revelations made entirely clear. ….The Judge comes to clear conclusions on three major legal issues as the basis for his decision: the nature of an SCA warrant, the moment when a search of electronic property is considered to be a search, and the fundamental question of extraterritoriality.”
“An SCA warrant is more than a search warrant “
“….As Microsoft correctly points out, it is well established law that federal courts do not have authority to issue warrants for the search and seizure of property outside the territorial limits of the United States.”
“According to the ruling, however, a warrant under SCA section 2703(a) “is not a conventional warrant; rather, the order is a hybrid: part search warrant and part subpoena… executed like a subpoena in that it is served on the ISP in possession of the information.” ….
“When and where a search becomes a search”
“….A digital search is not a search until the information is exposed to human observation. The government only needs to ensure that this takes place in the United States.”
“This second conclusion is, to say the least, an extraordinary innovation in American legal doctrine of search and seizure.”
“No need for extraterritoriality”
“…..It is important to note that, in this case, both the government and the Court took great care not to claim extraterritorial authority, taking the position that such authority is not needed under the SCA to oblige an American Service Provider to turn over emails stored in Europe for a lawful search in the United States.”…
“…It is not without irony that Microsoft, a company often treated with condescension by today’s “tech intelligentsia,” now finds itself in the position of a principled industry leader, defending not only the interests of all US Internet and Cloud Providers but also the rights of users to privacy in the digital world.”