On February 27, 2018, the Supreme Court heard oral argument in United States v. Microsoft Corporation. The central issue in the case – which is now likely moot in light of the passage of the CLOUD Act last week – is whether a United States-based provider of email services must disclose, pursuant to a warrant issued under the Stored Communications Act (“SCA”), digital material stored on servers abroad. Beyond this issue, however, the oral argument in Microsoft also touched on a statutory ambiguity relating to data stored here in the United States, the resolution of which could have important implications for federal criminal investigations.
In particular, toward the end of the argument, Justice Breyer and Justice Alito asked the parties whether a federal magistrate judge in New York would be able to issue a warrant requiring the disclosure of data stored on a server in Redmond, Washington. Microsoft’s counsel responded that the New York judge “would not be able to issue the warrant . . . because Redmond, Washington is not in New York,” and under Rule 41 of the Federal Rules of Criminal Procedure, “warrants are distinctly territorial devices.” (See transcript pages 58-60.) The government’s lawyer gave the opposite answer to the same question, explaining that under a “Patriot Act amendment” to the SCA (contained in Section 2711), any court of “competent jurisdiction” can issue a warrant pursuant to Section 2703 of Title 18, United States Code, and such a court includes any “that has jurisdiction over the offense being investigated.” (See transcript page 61-62.) Thus, in the government’s view, as long as the magistrate judge in New York has jurisdiction over the offense being investigated, the magistrate can issue a warrant for emails stored in Washington under Section 2703.
In a way, the parties are both right. Microsoft’s counsel is correct that under Rule 41, the New York judge could not issue the warrant described for data stored in Washington (except in certain limited situations, such as a terrorism investigation). The government, however, is also right that under Section 2703, the New York judge could, in fact, issue the warrant if the New York judge had jurisdiction over the offense being investigated. The question becomes whether Section 2703 incorporates the jurisdictional limits of Rule 41. The text of the statute arguably does not provide a clear answer. On the one hand, the text of Section 2703(c)(1)(A) says that warrants must be “issued using the procedures described in the Federal Rules of Criminal Procedure,” which include jurisdictional limits, but on the other hand, the text also says warrants may be issued “by a court of competent jurisdiction,” which is defined as a court with jurisdiction over the offense.
Who has the better reading? In the underlying Microsoft opinion from the Second Circuit, as discussed on this blog in August 2016, the majority suggested that Rule 41’s limitations on the “territorial reach” of courts issuing warrants are incorporated into Section 2703, which supports the position Microsoft recently took at oral argument in the Supreme Court. On the other hand, the government’s reading of Section 2703 arguably takes better account of that statute’s definitional section providing for a broader territorial reach than Rule 41. If the Supreme Court issues a decision in the case, and the decision reaches this issue, the decision could have a significant effect on federal law enforcement. In particular, if the Supreme Court adopts Microsoft’s argument and says that Section 2703 incorporates the jurisdictional limits of Rule 41, prosecutors in New York, for example, would need to go through the cumbersome process of seeking assistance from prosecutors and courts in Redmond, Washington, and anywhere else where email servers are located, in order to obtain email search warrants – a significant change that is out of step with current practice.
Such a holding seems unlikely, but regardless of the outcome, this issue highlights a problem with the way lawmakers have approached search warrants for digital material. The approach taken by the Patriot Act amendment to Section 2711 referenced during the Microsoft argument gives any magistrate judge in the country jurisdiction to issue a warrant for (at least) domestically-stored communications, regardless of where the data is housed, as long as the magistrate has jurisdiction over the offense being investigated. Even if this provision is upheld in Microsoft, however, the amendment applies only to Section 2703 warrants, and there are other kinds of search warrants for digital material other than stored communications that cannot be issued under Section 2703, for which courts must look to Rule 41. And Rule 41’s provisions, rather than providing a single clear standard, instead provide a patchwork of provisions keyed to specific situations.
The general rule in Rule 41(b)(1) sets out the simple requirement that a magistrate judge with authority in a given district “has authority to issue a warrant to search for and seize a person or property located within the district.” So if prosecutors want to search an apartment in New Jersey, they generally have to go to a magistrate judge in New Jersey. But Rule 41 doesn’t stop there. A series of additional subsections provide for a number of situations in which prosecutors can seek warrants from a magistrate judge even for property outside that judge’s district, including in cases involving movable property like cars (Rule 41(b)(2)), terrorism investigations (Rule 41(b)(3)), and tracking warrants (Rule 41(b)(4)).
Most recently, 2016 amendments to Rule 41 added subsection (b)(6), which allows for two specific situations in which a magistrate judge in a district where activities related to a crime may have occurred has authority to issue a warrant to search computers outside the district: (1) when the location of the target computer has been hidden using technological means (Rule 41(b)(6)(A)), and (2) when the crime involves hacking computers in five or more different judicial districts (Rule 41(b)(6)(B)). The amendments appear to have been spurred in part by the FBI’s “Playpen” investigation, in which the FBI obtained a warrant allowing it to seize control of a computer server hosting child pornography and to use software to identify the end-users around the world. (Multiple courts have addressed the Playpen warrant, including the Third Circuit, which found the warrant invalid, but allowed the evidence obtained pursuant to the good faith exception.)
The piecemeal approach lawmakers have taken to authorizing computer search warrants, however, serves nobody. The result is that prosecutors investigating computer crimes have at times attempted to shoehorn new investigative techniques into one of Rule 41’s existing categories, which can result (as in Playpen) in protracted litigation. Defendants and the public, meanwhile, are left uncertain as to the extent of the government’s warrant authority.
A better approach could be for all computer-related search warrants to be authorized under a provision like what is reflected in Section 2711, which provides that warrants can be issued by any court with jurisdiction over the offense being investigated. In the digital age, it is not clear that the public is well-served by imposing the sort of territorial limitations that govern traditional search warrants on computer search warrants. At the same time, any new statute or amendment to the Federal Rules would have to provide adequate protection for the serious privacy interests in this area, such as by providing strict limitations on what specific kinds of material can be seized and for how long.
Until Congress approves broader amendments to Rule 41, however, both prosecutors and defense counsel should be alert to the contours of the laws Congress has put in place to govern digital warrants, and should take care to analyze computer search warrants for whether they truly fall within the patchwork of jurisdictional provisions currently on the books.
From The Insider Blog: White Collar Defense & Securities Enforcement.