ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

Microsoft Wins! FBI Needs Warrant for Overseas Data

Like all the big tech companies caught with their pants down by Edward Snowdon’s revelations that they fully cooperated with the NSA over spying on their customers, Microsoft has ever since been desperate to claw back public confidence. A big win in court could have major implications for the US government’s ability to simply demand data from companies that is stored overseas.

The problem

Back in January 2014, Microsoft announced plans to allow non-US-citizens to store their data overseas,

"People should have the ability to know whether their data are being subjected to the laws and access of governments in some other country and should have the ability to make an informed choice of where their data resides.

The implication was that this move would protect data belonging to non-US citizens from being accessed by US intelligence services. As I noted with a somewhat raised eyebrow at the time, however,

"It should be clearly understood that US companies are legally required under the Patriot Act to hand over information on their servers to US intelligence agencies, even if that information resides on servers outside the US.  Basically, US agencies can access any data held by a US company, regardless of whether that data is stored outside the US, so it is unclear to us what benefits it will bring.

The Foreign Intelligence Surveillance Act (FISA) similarly allows US agencies to access information stored in cloud databases located in the EU, but owned by US companies. All that US authorities need do is get a secret court to issue a secret surveillance order, which when presented to a US company they have no option but to comply.

It should come as no surprise when almost immediately following its announcement, a US judge ordered Microsoft to hand over a customer’s emails, even though these were stored in Ireland.

The ruling by New York Judge James Francis supported a search warrant issued by US law enforcement officials, demanded information associated with an individual’s email account, including their name, credit card details, and the contents of all messages.

Microsoft fights back

To its credit, Microsoft did not take this ruling lying down. And despite the New York ruling being upheld by of US District in Manhattan, Judge Loretta Presk, Microsoft made US legal history by refusing to hand over the data until the case had wound its way through the appeals process,

"Microsoft will not be turning over the email and plans to appeal.

A big win

On 14 July a panel of a panel of Second Circuit judges overturned the New York ruling, stating that a search warrant sent to Microsoft cannot be applied internationally,

"We conclude that Congress did not intend the [Stored Communications Act’s] warrant provisions to apply extraterritorially. SCA warrant may not lawfully be used to compel Microsoft to produce to the government the contents of a customer’s e‐mail account stored exclusively in Ireland.

According to Nate Cardozo, an attorney working with the Electronic Frontier Foundation,

"This is a big win for privacy. It circumscribes the US government’s power abroad. It reiterates the rule that US law doesn’t apply outside the US …[And] it keeps foreigners’ data secure from the US government, which has shown again and again that it’s willing to overstep reasonable bounds on its power.

Microsoft was similarly jubilant,

"This decision provides a major victory for the protection of people’s privacy rights under their own laws rather than the reach of foreign governments. As a global company we’ve long recognized that if people around the world are to trust the technology they use, they need to have confidence that their personal information will be protected by the laws of their own country.

Caution still required

This is a landmark decision that will help safeguard non-US nationals’ data that is stored outside the USA from being accessed by US authorities. A number of important caveats should be noted, however:

  • The US government is almost certain to appeal this decision.
  • The US and UK governments are currently negotiating an agreement that will allow the government US government to serve UK communications and technology companies with wiretap orders and warrants in order to access communications relating to US citizens. And vice versa. This plan has yet to be formally announced and will face a number of legal and practical hurdles, including opposition from the likes of Microsoft, Apple, and Google.
  • We only know about the Microsoft email case because (somewhat usually) the NSL it received did not include a gag order, and Microsoft decided to go public about the affair. We have no way of knowing if and how often Microsoft otherwise complies with government demands.

Conclusion

This latest win for Microsoft is great news for privacy, and will hopefully put some brakes on the US governments’ belief that it is entitled to any and all data belonging to anyone, regardless of citizenship or where the data is stored.

If you really care about privacy, however, then you should not trust any technology company with your data. Use a VPN or Tor to hide your browsing habits, where possible use end-to-end encrypted messaging, and end-to-end encrypt all your sensitive data yourself. In other words, do not trust tech companies to protect your privacy

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

4 Comments

terrans
on July 26, 2016
so the pretension of uk vs ireland are irrelevant : uk law doesn’t apply outside the uk ; this victory is very important for the future of any conflict about privacy and *illegal snooping/spoofing _cellphone imei e.g.
https://cdn.proprivacy.com/storage/images/2024/01/douglas-crawfordpng-avatar_image-small_webp.webp
Douglas Crawford replied to terrans
on July 27, 2016
Hi terrans, Yes, this is an important victory, but please note my caveats in the article.
number
on July 25, 2016
> -It reiterates the rule that US law doesn’t apply outside the US- is it an universal rule ? uk law doesn't apply outside the uk ?
https://cdn.proprivacy.com/storage/images/2024/01/douglas-crawfordpng-avatar_image-small_webp.webp
Douglas Crawford replied to number
on July 26, 2016
Hi number, Well, yes. A nation's laws do not extend beyond the borders of that nation. Of course, international treaties (both formal and informal) often mean that a nation's reach can in practical terms be very long (this is especially true of the USA).

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service