Stan Ward

Stan Ward

March 5, 2018

Just how long is the long arm of the law? Long enough to cross international borders, or to span a vast ocean? We’re about to find out, as the US Supreme Court (SCOTUS) weighs up the merits of a case before it involving the US government and Microsoft.   The stakes are high in  US v. Microsoft, not only for the personal privacy and sovereignty issues, but for the $250 billion cloud-computing industry as a whole.

By way of background, the 5-year-old case revolves around a search warrant US law enforcement served on Microsoft as part of a drug trafficking investigation. Microsoft dutifully complied with the request per the warrant, and forked over some of the person of interest’s data, because it was stored on US servers.  What it didn’t provide the government is at the heart of the case.

What it didn’t give the government was the actual content of the target’s emails. because they were stored outside the US. The emails were housed in a data center in Dublin, Ireland .where the individual claimed to reside at the time he opened his Microsoft account. So, SCOTUS, beginning this week, will deliberate and ultimately decide on the question of whether the long arm of the law can, in fact, reach across international borders with apparent impunity.

For its part, Microsoft’s argument is and has been, as the case wound its way through lower courts, that US law enforcement must go through Irish authorities if they want to obtain the emails.  This, it claims, would be appropriate and logical since the US has a treaty with Ireland – a Mutual Legal Assistance Treaty (as it does with the EU and some 60 other countries). Hence, it should be obliged to seek help from the Irish authorities. Anything short of that, it maintains is unlawful search and seizure.

As you might expect, the US position is that the warrant’s reach to Ireland is a valid search because, while the individual’s data may be stored abroad, Microsoft can act on the warrant’s request within the confines of the U.S.  Moreover, all Microsoft would be doing is copying and moving the content of the emails – thus, no search and no violations occur. In “friends of the court” (amicus) briefs the ACLU and the Electronic Frontier Foundation, among others, support Microsoft’s contention that the government’s stance runs counter to Fourth Amendment guarantees.

Jennifer Stisa Granick, surveillance and cybersecurity counsel at the ACLU’s Speech, Privacy and Technology project argues that:

“A company acting as a government agent is conducting a Fourth Amendment ‘search and seizure’ when accessing, copying, or moving a user’s data, regardless of when, where, or even whether investigators later search it.”

In pointing out that this case has some digital privacy ramifications, Brad Smith, Microsoft’s chief legal officer holds that “information stored in the cloud should have the same protections as paper stored in your desk,” and that the government’s case rests on a misguided interpretation of a 1986 law that was enacted long before the advent of cloud computing: “We don’t believe there is any indication that Congress intended such a result.” 

This means the court could very well decide not to decide. In other words, since a Congress-approved law is at the basis of the government’s argument, and that same law is being trashed by Microsoft, wouldn’t it make sense that the solution lies, therefore, in Congress legislating a solution?  Couldn’t deliberating and deciding the case be a complete waste of everyone’s time, effort, and money if the decision could be overridden by Congress passing a law?

While we’re pondering that, there are other issues affecting the outcome of the case. If the court were to rule against Microsoft, the result could be chaos as other countries would be emboldened to demand that Microsoft and others to hand over data that they hold in the US. On what basis could the US. legally and realistically deny those requests? Answer: it couldn’t.

On the flip side, is the government’s position that, should Microsoft prevail, nothing could stop countries from just moving sensitive data abroad to keep it away from the US government’s prying eyes.  In that case, US law enforcement will lose the capability to easily obtain evidence related to serious crimes, such as child pornography, drug trafficking, and terrorism. Congress – yes, that mostly moribund body- may have a solution.

Sen. Orin Hatch (R-Utah) has sponsored a bill that may – again, believe it or not – have bi-partisan support in Congress. It is already endorsed by tech companies that contribute to both party’s coffers. Dubbed the Cloud Act, introduced earlier this month, it has the backing of tech companies including Microsoft, Apple, Facebook, and Google. It represents a kind of compromise and, as such, it is less than perfect. Remember the old adage that a camel is a horse that came out of a committee!

So while the tech industry and politicians may applaud, pundits – especially those in civil liberties, may not. They think it will lower the bar which law enforcement has to reach to get person’s data from companies.  They also find troubling a provision which would give a president powers essentially allowing reciprocity to foreign governments seeking information stored by US companies- as long as the information sought isn’t about a US citizen.

Still, a slippery slope, civil libertarians maintain. In any event, it would appear that this few-years-old issue may, for better or for worse, be resolved in the coming months. Watch this space for further developments.

Image credit: By J Main/Shutterstock.