Supreme Court to hear case called ‘existential threat’ to cloud computing
The case involves a lawfully obtained search warrant seeking email data stored on a server outside the US.
This June the US Supreme Court will decide a case with significant international and privacy implications. The case stems from an unsuccessful effort by federal prosecutors to obtain email data stored on a Microsoft server in Dublin, Ireland. Arguments will be heard Tuesday.
The case stems from a dispute over a 2013 search warrant for access to a Microsoft email account. Prosecutors believed the account was connected to drug trafficking and lawfully obtained a search warrant. Microsoft fought the warrant on privacy and other grounds because of the international dimension. Ultimately Microsoft prevailed.
In 2016, the 2nd Circuit Court of Appeals ruled that search warrants cannot be enforced against data requests where the information is stored exclusively outside the US. This is the question that the US government has appealed and that the Supreme Court will be reviewing.
The 2nd Circuit ruling was based on a law called the Stored Communications Act (SCA). Passed in 1986, SCA pre-dates cloud computing. There’s a pending update called “Clarifying Lawful Overseas Use of Data (CLOUD) Act,” which would determine when governments could seek data on foreign servers. It has international support and the backing of the major US tech firms, including Microsoft and Google.
But the clarification is not yet in effect and so the old law and judicial interpretation of it will govern this dispute. Later passage of the Cloud Act would arguably supersede any decision in this case.
As with similar cases in the past, this one has privacy advocates lined up on one side and law enforcement on the other. The government will argue that failure to honor the search warrant will allow criminals of all types to avoid prosecution and disrupt law enforcement’s efforts to conduct lawful criminal investigations (this isn’t about surveillance).
Microsoft, privacy advocates and others in the other camp argue that a ruling in favor of the US would leave tech companies vulnerable to similar moves by foreign governments, when they seek email accounts and other data stored in the US. Imagine China seeking to persecute pro-democracy activists whose email was stored entirely in the US and demanding that it be turned over.
There’s a question of who gets access and whose law should govern. It can be seen as something like “data extradition” and best resolved via international agreement rather than individual countries’ courts.
A decision in favor of the US government would also threaten cloud computing itself, Microsoft asserts.
