Microsoft faces off with the US government before the Supreme Court Tuesday over a warrant for data stored abroad that has important ramifications for law enforcement in the age of global computing.
The case, which dates back to 2013, involves a US warrant ordering Microsoft to turn over the contents of an email account used by a suspected drug trafficker, whose data is stored in a cloud computing center in Ireland.
It has been watched closely because of its implications for privacy and surveillance in the digital age, and specifically how law enforcement can reach across borders to obtain digital evidence that may be scattered across the globe.
Microsoft has maintained that US courts lack jurisdiction over the data stored in Ireland.
The US tech giant, backed by many firms in the sector and civil liberties groups, argues the case is critical in showing that American authorities cannot simply request such data via a warrant without going through the process set out in law enforcement treaties between countries.
– The Snowden effect –
Microsoft president Brad Smith told reporters last week the principle is especially relevant after former intelligence contractor Edward Snowden leaked details on global US surveillance programs in 2013.
“We’ve always said it was important to win this case to win the confidence of people around the world in American technology,” Smith said in a conference call.
Smith said officials in Europe have been notably concerned about the implications of a decision in favor of the US government, and that was made clear during a discussion with a German official on the case after a lower judge ruled against Microsoft.
“He said that unless we persist with this lawsuit and turned it around, no German state would ever store data in a data center operated by an American company,” Smith said.
Last year, a federal appeals court sided with Microsoft, overturning a district judge ruling.
Yet the case is complicated by the intricacies of cloud computing, which allow data to be split up and stored in multiple locations around the world even for a single user, and some analysts say the court has no good solution.
“The speed by which data can be moved about the globe, the fact of third-party control and the possibility of data being held in locations that have absolutely no connection to either the crime or target being investigated makes location of the 0s and 1s that comprise our emails a particularly poor basis for delimiting jurisdiction,” American University law professor Jennifer Daskal wrote on the Just Security blog.
“Conversely, there is a real risk that a straight-up US government win will — rightly or wrongly — be perceived around the world as US law enforcement claiming the right to access data anywhere, without regard to the countervailing sovereign interests. This creates a precedent that foreign nations are likely to mimic.”
– ‘Larger problem’ –
Both sides have said that any court decision may be flawed, and that Congress needs to address the issue by rewriting the 1986 Stored Communications Act at issue.
Microsoft’s Smith said he was encouraged by a bill introduced this year called the CLOUD Act that would authorize cross-border data warrants with countries that meet certain standards for privacy and civil liberties.
The proposal has the backing of the tech sector, according to Smith, and respects the laws of each country where a request is made.
John Carlin, a former assistant US attorney general for national security, agreed that a legislative solution is preferable.
“Regardless of how this case turns out, it’s not going to solve the larger problem,” Carlin said.
Carlin said current law affecting crimes with cross-border components are not designed for the digital age.
“The problem now is there is a lack of clarity over how you can serve traditional legal process for what used to be local crimes,” he added. Carlin said the CLOUD bill could address the issues because it “provides incentives for countries that have protections for civil liberties.”
But some civil liberties activists have expressed concern the measure would expand US surveillance capabilities.
The measure “would give unlimited jurisdiction to US law enforcement over any data controlled by a service provider, regardless of where the data is stored and who created it,” said Camille Fischer of the Electronic Frontier Foundation.
It also “creates a dangerous precedent for other countries who may want to access information stored outside their own borders, including data stored in the United States,” she said.

More from AFP
- UK Minister Warns Meta Over End-to-End Encryption
- ‘Cybersecurity Incident’ Hits ICC
- China Says No Law Banning iPhone Use in Govt Agencies
- Spies, Hackers, Informants: How China Snoops on the West
- Meta Fights Sprawling Chinese ‘Spamouflage’ Operation
- Two Men Arrested Following Poland Railway Hacking
- UK Court Concludes Teenager Behind Huge Hacking Campaign
- Suspected N. Korean Hackers Target S. Korea-US Drills
Latest News
- MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks
- Intel Launches New Attestation Service as Part of Trust Authority Portfolio
- Tor-Based Drug Marketplace Piilopuoti Shut Down by Law Enforcement
- Staying on Topic in an Off Topic World
- Discern Security Emerges From Stealth Mode With $3 Million in Funding
- DHS Publishes New Recommendations on Cyber Incident Reporting
- Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems
- GitLab Patches Critical Pipeline Execution Vulnerability
