On July 14, the Second Circuit in Microsoft v. United States ruled that the Stored Communications Act (SCA) “does not authorize a U.S. court to issue and enforce an SCA warrant against a United States-based service provider for the contents of a customer’s electronic communications stored on servers located outside the United States.”

The Justice Department sought and obtained a warrant under the SCA against Microsoft, seeking the contents of an email account on the grounds that the account was being used in furtherance of narcotics trafficking. Microsoft complied with the warrant by producing non-content information, but moved to quash the warrant as to the content because the content was stored on servers located in Ireland. The U.S. District Court for the Southern District of New York denied the motion to quash, and ultimately held Microsoft in contempt for its failure to comply with the warrant.

The Second Circuit reversed the District Court’s ruling, vacated the order of contempt, and remanded the case back to the District Court with instructions to quash the warrant “insofar as it demands user content stored outside of the United States.”

Finding that there is a presumption against extraterritorial application of laws in the United States, the court examined whether there was anything in the SCA or the law’s warrant provision to rebut that assumption. First, the court determined that Congress gave no “affirmative indication” that it intended the law to apply extraterritorially, and concluded that the SCA does not expressly permit extraterritorial application. Next, the court examined the use of the word “warrant” in the statute and determined that the SCA’s legislative history supported a conclusion that Congress intended the SCA warrant to protect privacy in a “distinctly territorial way.” The court also examined whether an SCA warrant should be treated as equivalent to a subpoena, or as a “hybrid” between a warrant and a subpoena, as argued by the government. Noting that the SCA uses both the term “warrant” and the term “subpoena,” the Second Circuit concluded that Congress did not intend that the SCA warrant should be interpreted as a subpoena or some other hybrid instrument.

After determining that the SCA does not contemplate extraterritorial application, the court then analyzed whether conduct that falls within the statute’s “focus” would occur domestically or outside of the United States. The court first concluded that the “focus” of the relevant provisions of the statute is on protecting privacy, and not on creating mechanisms for law enforcement access to electronic communications. The Second Circuit concluded: “Because the content subject to the Warrant is located in, and would be seized from, the Dublin datacenter, the conduct that falls within the focus of the SCA would occur outside the United States, regardless of the customer’s location and regardless of Microsoft’s home in the United States.”

Judge Gerard E. Lynch filed a concurring opinion, writing separately in part to emphasize the need for Congressional action to revise the statute, which he identifies as “badly outdated.” According to the concurring opinion, a Congressional review should focus on the extraterritorial application of the statute, given the technological changes that have occurred since the SCA was passed more than three decades ago.