Microsoft’s privacy victory: Feds can’t get emails stored in Ireland
NEW YORK — American companies don’t have to hand over customer data to U.S. police if it’s stored on computers in another country, a federal appeals court ruled on Thursday.
The ruling gave Microsoft a major victory in its privacy battle with the Department of Justice.
But because of the significant implications about privacy and the limitations put on American law enforcement, it’s a case that could make its way to the Supreme Court.
Federal agents investigating drug traffickers wanted to read emails stored in Microsoft computer servers in Ireland, but the technology company fought back.
In 2013, federal agents got a warrant to search the server. Microsoft produced some non-content information — which could be anything ranging from customer names to email addresses — which were on company computers in the United States.
But Microsoft refused to hand over the content of the emails, which were stored in Ireland.
A federal judge in New York sided with law enforcement and penalized Microsoft by holding it in civil contempt of court.
But a three judge panel at the Second District Court of Appeals has sided with Microsoft on Thursday, saying that “warrants traditionally carry territorial limitations.”
“The Stored Communications Act does not authorize courts to issue and enforce against U.S.-based service providers warrants for the seizure of customer email content that is stored exclusively on foreign servers,” they wrote.
Microsoft’s top lawyer, Brad Smith, said the decision “ensures that people’s privacy rights are protected by the laws of their own countries.”
“Technology needs to advance, but timeless values need to endure,” he said. “The U.S. Congress did not give the U.S. government the authority to use search warrants unilaterally to reach beyond U.S. borders.”
In a statement, the DOJ said it’s “disappointed with the court’s decision.” It hinted the agency could appeal the ruling.
American law enforcement still has the ability to access data abroad through “mutual legal assistance requests” to foreign governments. But these diplomatic deals are slow — and they force the United States to rely on the other government’s willingness to help.
In this case, the DOJ was defending its ability to unilaterally grab the data on its own — the quicker option.
“Lawfully accessing information… quickly enough to act on evolving criminal or national security threats… is crucial,” the DOJ said in a statement.
The Constitution Project, which had filed an amicus brief on behalf of Microsoft, said, “We view the ruling as a big win for privacy rights.”
In a separate case, Microsoft has sued the DOJ to stop the federal government’s secret searches of customer information. To protect customer data, it has begun storing information in Germany.
In recent years, tech companies have been fighting the federal government on privacy grounds.