On July 14. 2016, the Second Circuit ruled that the government cannot lawfully use a search warrant to compel access to consumer data stored by Microsoft Corporation (Microsoft) overseas.1 In its decision, the court overturned a district court order2 denying Microsoft’s motion to quash the warrant and holding Microsoft in contempt for its failure to comply with the warrant.
The dispute arose in connection with the U.S. Department of Justice (DOJ)’s efforts to execute a warrant under the Stored Communications Act (SCA) to seize emails that Microsoft stores in Dublin, Ireland.3 U.S. investigators were seeking the information from Microsoft as part of a narcotics investigation. In seeking to quash the warrant, Microsoft argued that Congress did not intend the SCA’s provisions to apply internationally. Microsoft pointed to the use of the term “warrant” in the SCA and argued that warrants traditionally have territorial limitations. Further, according to Microsoft, Congress did not intend to expand the reach of warrants under SCA and doing so would potentially expose U.S. citizens to similar overreach by foreign governments. Several large companies have filed amicus briefs in support of Microsoft’s position. In essence, Microsoft and supporting amici asked the Second Circuit to prevent the DOJ from forcing them to become agents of the government (by collecting information sought by the DOJ) and to curtail the DOJ’s use of shortcuts around treaties and other processes for handling international information requests through the domestic court system. In response, the DOJ maintained that the key question was not whether the data was stored abroad or domestically, but rather whether Microsoft, as a company subject to the DOJ’s jurisdiction, maintained control over the information sought by the warrant.
The Second Circuit agreed with Microsoft’s position, and held that SCA does not “authorize courts to issue and enforce against U.S.-based service providers warrants for the seizure of customer e-mail content that is stored exclusively on foreign servers.” The court’s opinion emphasized that the presumption that U.S. laws do not apply exterritorialy was not overcome. Further, according to the court, SCA was passed primarily as a privacy protection law and its language embodies “an expectation of privacy in [electronic] communications. . . and [imposes] procedural restrictions on the government’s (and other third party) access to priority stored communications.” Allowing the government to access data stored abroad would be inconsistent with the goals of the law. The court’s decision prevents the DOJ from accessing internationally stored electronic information by an SCA warrant, and requires that the government seek this information through treaties and other processes established with foreign governments to handle such requests.