When Lord Halsbury stated in 1891 ‘all crime is local’, he cannot have foreseen the complications and challenges created by technological advances. Commonly understood notions of territoriality and jurisdictional scope can be difficult to apply when an individual sitting in front of a computer in one country can create an effect hundreds, if not thousands, of miles away in another. In a world in which electronic data has become indispensable, where fragments of data may be stored in ever changing locations, the scope of powers to compel in one jurisdiction the production of material physically located in another has become of vital concern to law enforcement agencies.
The precise scope of such powers is the issue to be considered by the US Supreme Court on Tuesday 27 February, when it hears the United States’ appeal against the decision of the Court of Appeals for the Second Circuit in the ‘Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corporation’. The question presented to the US Supreme Court is:
‘Whether a United States provider of email services must comply with a probable-cause-based warrant issued under 18 U.S.C. 2703 (the Stored Communications Act) by making disclosure in the United States of electronic communications within that provider’s control, even if the provider has decided to store that material abroad’.
Microsoft is a US corporation, incorporated in Washington and with its headquarters there too. The web-based email services it operates include MSN, Hotmail and Outlook. Microsoft stores the contents of users’ emails – along with various other information associated with users’ email accounts, such as IP addresses and lists of contacts – on a network of approximately one million servers. Those servers are housed in around 100 data centres located in 40 countries. One of those centres is in Dublin, Ireland. The account information stored anywhere in Microsoft’s global network can, however, be accessed by Microsoft’s Global Criminal Compliance team from its offices within the United States.
In December 2013, the US government applied for a warrant requiring Microsoft to disclose email information for a particular email account. The government’s application established probable cause to believe that the account was being used to further illegal drug activity in, or drug manufacturing for importation into, the United States. The emails in question were stored in the data centre in Dublin. A federal magistrate judge issued the requested warrant, with which Microsoft did not comply. Microsoft successfully appealed against the decision to issue the warrant, a panel of the court of appeals ruling that enforcing the warrant as to information stored abroad would constitute an impermissible extraterritorial application of the statute. The US government is appealing against those decisions to the Supreme Court.
The case has attracted significant attention internationally because of its ramifications in countries with very different systems and data privacy laws. For business crime practitioners advising clients in England and Wales, the case is important not only when considering whether the production of data stored in this jurisdiction may be compelled by the US authorities, but also because a similar question arises in respect of the jurisdictional reach of the Serious Fraud Office’s powers under section 2 of the Criminal Justice Act 1987.
Of particular note in this regard is the fact that, amongst the many amicus curiae briefs submitted to the US Supreme Court, there is a brief submitted by the Government of the United Kingdom of Great Britain and Northern Ireland, ‘in support of neither party’. Although the UK states that it ‘does not take a position on the proper interpretation of the Stored Communications Act’, it does contend that ‘the UK does not believe that the geographic storage location of data should be the determining factor for whether or not a nation may gain access to such communications … The UK also contends that a request for electronic communications stored overseas by a Provider but accessible within the requesting country does not involve an exercise of extraterritorial jurisdiction’.
Although the point is yet to be tested, it seems we can anticipate the position the SFO would take were the extraterritorial effect of a section 2 notice to come before the Courts of England and Wales.
While arguments remain that the scope of the section 2 power is more limited than that for which the UK government contends, the strength or weakness of these arguments is likely to be affected by the US Supreme Court’s decision in the Microsoft case. To that end, further posts on this site will consider the decision – and its effects – once judgment has been given.