Microsoft Irish E-Mail Win Sets Up High Court Petition

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

The U.S. government can’t relitigate its rejected attempt to force Microsoft Corp. to turn over customer e-mails stored on servers in Ireland, a federal appeals court decided Jan. 24 ( In re Warrant to Search a Certain E-mail Account Controlled & Maintained by Microsoft Corp. , 2d Cir., No. 14-02985, en banc review denied 1/24/17 ).

U.S. tech companies, especially other cloud service providers with overseas data centers—such as Alphabet Inc.'s Google and Amazon.com Inc.—can breathe a sigh of relief now that the new ruling preserves Microsoft’s significant victory from last year, when a federal appeals panel ruled that Microsoft didn’t have to turn over to U.S. prosecutors e-mails stored in Ireland that allegedly related to a drug case.

The U.S. Court of Appeals for the Second Circuit split 4-4 on the Department of Justice’s appeal for a full court review. Three of the court’s 11 judges didn’t vote. The split means the full court review will not take place, and the prior ruling stands. That makes the case ripe for the Department of Justice to ask for review by the U.S. Supreme Court.

In its filing, the DOJ said the decision was “unprecedented” and “rests almost entirely on the erroneous conclusion that the enforcement of the disclosure obligation in the warrant would be impermissible extraterritorial application.”

A high court petition will give the DOJ another chance to tackle important e-mail surveillance and privacy issues, Matt Larson, litigation analyst for Bloomberg Intelligence, told Bloomberg BNA Jan. 24. Because current e-mail privacy laws are vague, it’s an important area to litigate both for the technology sector and law enforcement agencies, he said.

Additionally, the Second Circuit’s concurring and dissenting opinions raised issues related to antiquated e-mail privacy laws, Larson said.

Next Stop: Supreme Court?

The dissenting opinions left a road map for the DOJ if it seeks Supreme Court review. The department is “reviewing the decision and multiple dissenting opinions” and has yet to make a final determination on whether to appeal, a spokeswoman told Bloomberg BNA Jan. 24.

U.S. Circuit Judge Susan Carney’s Jan. 24 concurring opinion backed up arguments she made during the earlier decision. Carney wrote in a July 14, 2016, opinion that the Stored Communications Act (SCA) doesn’t “authorize courts to issue and enforce against U.S.-based service providers warrants for the seizure of customer e-mail content that is stored exclusively on foreign servers.” The court concluded “that Congress did not intend the SCA’s warrant provisions to apply extraterritorial.”

Carney said the appeals panel was justified in basing its analysis on the SCA. Although SCA protections lag behind the ever-growing tech sector, it is up to Congress to change the well-established law, Carney said.

In the present case, the dissenting judges— Dennis Jacobs, Jose A. Cabranes, Reena Raggi and Christopher F. Droney—raised similar concerns in their opinions. For example, Jacobs said that “no extraterritorial reach is needed to require delivery in the United States of the information sought” because the warrant asked for data “already within the grasps of a domestic entity.” The dissent didn’t focus on the specific location of the data but on whether a U.S.-based company had a warrant properly served on it and that it could easily access the data.

Craig Newman, litigation and cybersecurity partner at Patterson Belknap Webb & Tyler LLP, told Bloomberg BNA Jan. 24 that he agreed the case may head to the Supreme Court because the circuit judges’ split “on an issue of this magnitude and international import” may get the high court’s attention.

Surveillance Law Updated Needed?

Circuit Court judges on both sides of the 4-4 vote split raised concerns about the SCA’s viability in the age of ever-growing technological improvements.

Newman said Congress is just as likely to weigh in with “a legislative solution” as the Supreme Court is to hear the case. Some of the circuit judges made the same plea during the oral argument phase, he said.

Microsoft President and Chief Legal Officer Brad Smith said in a Jan. 24 statement that although “today’s decision is welcomed,” the tech sector needs congressional action “to modernize the law both to keep people safe and ensure that governments everywhere respect each other’s borders.” The burden should be placed on “Congress passing a law for the future,” and not on the court system to litigate “an outdated statute from the past.”

Larson, of Bloomberg Intelligence, said the tech sector as a whole is behind changes to SCA and other e-mail privacy reform. Microsoft has seen a large “outpouring of support from the larger tech community” and together with their partners, Microsoft should “call on Congress to revamp outdated legislation,” he said.

When reached for comment by Bloomberg BNA Jan. 24, a Microsoft spokesman said that it is a member of Reform Government Surveillance (RGS)—a tech industry group comprising of Apple Inc., Facebook Inc. and Alphabet, among others—that supports legislation to update the SCA and other related e-mail privacy laws.

E-Mail Privacy Act

RGS is a major backer of the E-Mail Privacy Act, which is called “crucial to modernizing our outdated laws.” The group said in a Jan. 12 statement that pushing for passage will be a top priority in the 115th Congress, where the bill ( H.R. 387) has been introduced by Rep. Kevin Yoder (R-Kan.) and eight Republican and Democratic cosponsors. In the last Congress, the bill passed the House but died in the Senate.

If Congress doesn’t act, “Every American is at risk of having their e-mails warrantlessly searched by government agencies,” Rep. Jared Polis (D-Colo.), a co-sponsor, said when the bill was introduced Jan. 9.

To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law Privacy and Data Security