A federal judge recently ruled that a search warrant issued under the Stored Communications Act (SCA), 18 U.S.C. § 2701 et seq., applied to electronic information stored abroad, in a decision that could change the discovery obligations applicable to Internet service providers (ISPs) and create tension with foreign privacy laws.
Enacted in 1986, the SCA establishes the procedures the government must use to obtain customer information from ISPs. The SCA was enacted, in part, to safeguard computer-user information against unwarranted government searches.
The Fourth Amendment traditionally requires a showing of probable cause before the government can obtain a search warrant for physical evidence in personal residences. However, because electronic information is not physically stored within personal residences, the Fourth Amendment protections may not apply. The SCA addressed this issue by creating a set of Fourth Amendment-like privacy protections for electronic information. The statute authorizes the government to require ISPs to disclose information in their storage, but before the government can reach certain types of customer information, the government must demonstrate probable cause and obtain an SCA warrant.
In The Matter of a Warrant to Search a Certain Email Account Controlled and Maintained by Microsoft Corp., case no. 1:13-mj-02814 (S.D.N.Y. July 31, 2014), U.S. District Judge Loretta Preska adopted Magistrate Judge James C. Francis’s April order through which he refused to quash a portion of an SCA warrant that reached beyond the borders of the United States. The warrant directed Microsoft to produce a customer’s emails that were stored on a server in Ireland. Microsoft argued that because federal courts do not have the authority to issue search warrants for property outside the United States, the SCA warrant was unauthorized.
In his April order, Magistrate Judge Francis rejected Microsoft’s argument—reasoning that the language and structure of the SCA supported the warrant’s applicability to information stored in Ireland. The magistrate noted that despite the “warrant” language, the SCA warrant functioned, in part, like a subpoena because it did not involve government agents physically entering the premises of an ISP and seizing the information. The magistrate also cited legislative history and practical considerations as supporting his finding that Congress did not intend to limit SCA warrants to information stored in the United States.
The magistrate further addressed Microsoft’s argument that the application of the SCA warrant to reach beyond the United States constituted extraterritorial application of United States law. He reasoned that the concerns that typically lead to a presumption against extraterritorial application of United States law were not present because the SCA warrant did not: (i) criminalize conduct outside of the United States; or (ii) require the presence of United States law enforcement abroad. Additionally, the magistrate reasoned that because Fourth Amendment protections did not apply to SCA warrants, court cases holding that the Fourth Amendment does not provide authority to issue extraterritorial warrants were inapplicable.
After oral argument lasting nearly two hours, Judge Preska adopted the magistrate’s order, finding that the issue was ultimately “a question of control, not a question of location.” The emphasis on control reflects decades of court precedent regarding subpoenas, most notably Marc Rich & Co., A.G. v. United States, 707 F.2d 663 (2d Cir. 1983). Those cases hold that subpoenas may require recipients to produce information in their possession, custody or control regardless of the location of that information. Apparently agreeing with the magistrate judge’s functional comparison of an SCA warrant to a subpoena, the judge found this case law persuasive.
Judge Preska’s order is presently on appeal to the United States Court of Appeals for the Second Circuit, and she has stayed the order pending the appeal. If upheld on appeal, the decision could have widespread implications for companies and individuals storing consumer information outside the United States. Also, as Microsoft argued, if affirmed, the ruling could create international tension should countries where the information is stored raise concerns about their sovereignty and their citizens’ privacy.