Connect with us

Hi, what are you looking for?


Cloud Security

Top US Court Grapples With Email Warrant Reaching Across Borders

US Supreme Court justices grappled Tuesday with the implications of a criminal warrant case involving Microsoft emails in a test for whether American justice can reach across international borders for digital evidence.

US Supreme Court justices grappled Tuesday with the implications of a criminal warrant case involving Microsoft emails in a test for whether American justice can reach across international borders for digital evidence.

Oral arguments were held at the top US court over a 2013 warrant ordering Microsoft to turn over the contents of an email account used by a suspected drug trafficker whose data is stored in a cloud computing center in Ireland.

The case been watched closely because of its implications for privacy and surveillance in the digital age, specifically how law enforcement can reach across borders to obtain digital evidence that may be scattered across the globe.

Microsoft attorney Joshua Rosenkranz told the justices the warrant represents an unauthorized “extraterritorial act.”

“These emails are stored outside the United States. They are stored in Ireland,” the lawyer said. “And the government is asking us to go and fetch them from Ireland.”

But Deputy Solicitor General Michael Dreeben, arguing for the government, said the case does not involve reaching across borders because Microsoft has access to the data in the United States.

The case represents “a basically unbroken line that when a party is before a US court and a court issues an order to that party that says produce information, that’s domestic conduct,” Dreeben added.

Advertisement. Scroll to continue reading.

– Creating ‘international problems’ –

Some justices questioned whether the US government has the authority to access such data.

“By doing so, we are trenching on the very thing that our extraterritoriality doesn’t want to do, what our jurisprudence doesn’t want to do, which is to create international problems,” Justice Sonia Sotomayor said.

The government has argued that a ruling for Microsoft could severely hamper law enforcement in seeking digital evidence that may be stored in data centers or the internet “cloud.”

Justice Samuel Alito commented that the case underlines the difficulty of establishing territorial limits in an age of cloud computing, where data can be split up and stored anywhere in the world.

“It physically exists on one or more computers somewhere, but it doesn’t have a presence anyplace in the sense that a physical object has a presence someplace,” Alito said.

“And the internet service providers can put it anywhere they want and move it around at will. The whole idea of territoriality is strained.”

Chief Justice John Roberts said Microsoft and others could effectively avoid any legal request by moving data from one country to another.

“You might gain customers if you can assure them, no matter what happens, the government won’t be able to get access to their emails,” he added. 

“The government might have a strong position… that the statute focuses on disclosure. And disclosure takes place in Washington, not in Ireland.”

The Microsoft case is especially sensitive in light of revelations by former intelligence contractor Edward Snowden, who leaked details on global US surveillance programs in 2013.

– No easy answers –

Some analysts argue the court has no easy solution, because a ruling for either side could lead to problems, either for tech firms or for law enforcement.

Daniel Castro of the Information Technology and Innovation Foundation, a Washington think tank, said the only way to resolve the standoff is with legislation to streamline the process for cross-border data requests.

“If Congress doesn’t act, then no matter how the Supreme Court decides this case, there will be negative consequences for US competitiveness,” Castro said in a statement urging Congress to move swiftly on a proposal known as the CLOUD Act.

He said that if the court rules for the government, “it will feed the growing perception around the world that the best way to protect data from the prying eyes of the US government is to store it abroad” with a non-American firm.

“On the other hand, if the court rules that search warrants cannot be used overseas, then foreign governments may try to force companies to store data inside their borders to make it impossible for US officials to execute a search warrant.

“This also damages US tech competitiveness because barriers to the free flow of information are hardening, which would impede digital innovation for everyone.”

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...