On October 16, 2017, the United States Supreme Court granted the Justice Department’s petition for a writ of certiorari and will hear an appeal from a Second Circuit decision barring the government from accessing user data stored overseas by Microsoft. As previously suggested, this case brought under the Stored Communications Act (“SCA”) has significant implications for transnational companies who maintain or store data outside the US.
By way of background, the Second Circuit ruled that data stored overseas was not subject to the SCA – which typically allows the government to access the contents of stored communications – including emails, that are more than 180 days old, using a subpoena, court order, or warrant. Ultimately, the Court of Appeals agreed with Microsoft’s position that absent congressional authorization statutes such as the SCA are presumed to have no extraterritorial effect and given the lack of such statutory authorization, the warrant should have been quashed.
Given that there were a flurry of amicus briefs filed – as well as an animated government brief suggesting that the Second Circuit’s decision was “highly detrimental” to criminal law enforcement, it will be interesting to see which argument the Court ultimately adopts. Microsoft certainly fought an aggressive PR battle opposing Supreme Court review – seeking instead that its lobbying firms wage war in Congress. In fact, Microsoft suggests in a blog post that the momentum for a legislative solution continues in Congress despite the Court taking on the case.
In keeping with the Halloween season, Microsoft’s Chief Legal Officer tries to scare up some support for a legislative solution: “If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what’s to stop the government of another country from getting your emails even though they are located in the United States?”
Even though his analogy obviously falls flat, the Court’s docket – between this Microsoft case and the SCA location data case previously taken up by the Court in June, may very well ultimately generate a scary result for one or more advocacy groups located on the privacy continuum.
UPDATE: April 18, 2018
Turns out the Supreme Court will not be deciding this case after all. On April 17, 2018, the U.S. Supreme Court dismissed U.S. v. Microsoft, ruling that the recently enacted Clarifying Lawful Overseas Use of Data Act (CLOUD Act) that was passed as part of the Omnibus budget act rendered the case moot. Not completely happy with the result, Microsoft blogged that the “journey continues”. Despite a thoughtful presentation on the topic, Microsoft does not really state what makes for a successful conclusion to that journey.