There are scintillating titles, and then there are scintillating titles. And then there’s the issue of an enormously significant data privacy case that happens to be captioned under the most soporifically benign name around: “In the Matter of a Warrant to Search a Certain E-mail Account Controlled and Maintained by Microsoft Corporation.”
What the heck. It’s like packaging an incendiary device inside a Twix wrapper. At least give us a little hint that this is going to be a live one here, folks. Because little can you tell from the brown paper packaging that the government is trying to use a search warrant issued by a United States court to access emails that are stored on a server in another country.
Not through a mutual legal assistance treaty, mind you. But with a good old fashioned search warrant.
Hmm. Let’s dissect that for a second. A search warrant issued by a United States Magistrate Judge sitting in the Southern District of New York seeks to compel the production of emails that are located in Ireland. (By the way, note my restraint as I do not insert easy metaphors about leprechauns, pots of gold, or a blarney stone (whatever that is).) This issue is so important that other companies jumped into the fray, like Verizon, AT&T, and Apple, to file briefs in support of Microsoft’s position.
Let that sink in for just a second: Verizon and AT&T and Apple, working together, with Microsoft. (Cue Bill Murray.) Talk about politics making strange bedfellows.
I’m not going to give you the full rundown on the case’s history, other than to say that law enforcement has the upper hand having received favorable rulings from a U.S. Magistrate Judge and a U.S. District Court Judge. The final decision has been stayed pending Microsoft’s appeal. If you want the case documents in all of their glory, the filings are here. If you just want a quick summary of what’s going on, my Bracewell colleagues have a great one here. What I would like to do, is to point out the stakes.
- Is this a slippery slope? Can the U.S. government skirt around treaties with other countries and the data privacy regimes in places like the European Union by having search warrants issued by U.S. judges?
- Or is this the way the law is intended to be read? Is electronic data just different? Would there be an incentive for those that possess electronically stored data to move their storage offshore to avoid U.S. law enforcement? Could Microsoft move its data to another country and shrink its legal department down to one person who just says “no, go fish” every time law enforcement asks for the content of emails?
At the moment, this is an issue of location versus control. The government’s position is that Microsoft, a U.S. Corporation, controls the data, and can therefore be required to produce it. Microsoft’s position was that conversely, in the European Union, it is the location of the data that triggers the prevailing law: Irish server, Irish warrant.
But the political implications are obvious. After the NSA spying debacle, the U.S. government receives a healthy dose of skepticism from foreign governments on the legality of its data handling. Even EU vice president Viviane Reding believes the warrant may be in breach of international law, because it “bypasses existing formal procedures that are agreed between the EU and the US, such as the Mutual Legal Assistance Agreement.”
U.S. law enforcement has weighed in. Microsoft, Apple, Verizon, AT&T, and other major corporations have weighed in. The EU has weighed in.* Only one question left:
(*Yes, I weighed in, too, and I appreciate you noticing.)