- Emergency Consultation Services
- Risk Management Services
- Who We Are
- Our People
- What We Do
- Why We Are Different
- What’s New
- Where We Are
By: Glenn M. Kenna
The Supreme Court is set to decide a vital question this term – Can the government use a warrant served in the United States to obtain emails stored abroad? The United States Government says it can, Microsoft disagrees. The Case is United States v. Microsoft Corporation, in which the Supreme Court heard oral argument on February 27, 2018.
To understand the nature of the conflict a little back story is necessary. Congress passed a law in 1986, the Electronic Communications Privacy Act (ECPA). Part of title II of the ECPA, 18 USC § 2703, allows law enforcement agencies to issue warrants, so called Section 2703 Warrants, to discover electronic communications stored in an “electronic communications system.” In other words, the government can serve a warrant on an email service provider, such as Microsoft, and obtain emails stored on Microsoft’s servers.
In the Microsoft case, the Government did exactly that. It served a warrant on Microsoft in Redmond Washington to discover electronically stored communications in connection with an ongoing investigation into a crime allegedly committed in the United States. The issue at the heart of the dispute is that the warrant sought the contents of communications stored on servers in Ireland. In response to the warrant, Microsoft turned over domestically stored information (in this case certain metadata about the emails) but refused to turn over the contents of the communications stored abroad. A legal battle between the Government and Microsoft has ensued, ultimately leading to the Supreme Court granting cert.
In the ongoing dispute between Microsoft and the Government, Microsoft contends that the Government’s attempt to enforce the warrant is an extraterritorial act, i.e. and attempt by the Government to enforce Untied States Law abroad. It further asserts that complying with the warrant could run afoul of the law in the country where the information is stored. The United States’ position is that, should the ECPA not apply to information stored abroad, every service provider would simply move their servers out of the United States – taking the communications beyond the reach of US law enforcement agencies. Moreover, it reasons, Microsoft can access the information domestically regardless of where the information is stored, which the government contends does not require the application of the ECPA abroad.
The ECPA pre-dates the internet. Email as we know it today did not exist in 1986. The drafters of the ECPA could not have imagined a world where people stored their entire lives on remote servers, or a world where those servers could be located anywhere across the globe. Those are issues with which courts continue to struggle, including the Supreme Court in this case.
It remains to be seen how the Court will rule in the Microsoft case, or if Congress will act to modernize the ECPA before the Court’s decision (indeed, a bipartisan group of senators has introduced the CLOUD act to address the issues raised in the Microsoft case.) What is clear, however, is that Microsoft represents just one small part of an ongoing clash between law and technology. While not at issue directly in the Microsoft case, the dispute also raises the question, what right do we have in the privacy of our electronic worlds?
If you have any questions or would like more information, please contact Glenn Kenna at firstname.lastname@example.org.