Microsoft complied with part of the request by providing some records on the account stored within its U.S.-based systems. At the same time, the company declined to hand over any data stored on servers at a data center in Dublin, which included the contents of the email account itself. Though Microsoft can access the account from the United States, that data—the zeroes and ones electromagnetically inscribed on a computer server—is physically located in the Irish capital. Microsoft’s lawyers argued this placed it beyond Section 2703’s intended reach.
The magistrate judge rejected Microsoft’s efforts to nix the warrant, as did a federal district court on appeal. The case then moved to the Second Circuit Court of Appeals, where a three-judge panel sided with the tech giant. In her majority opinion, Judge Susan Carney concluded that Congress did not intend for Section 2703 to apply overseas when it drafted the Stored Communications Act in the mid-1980s.
“In keeping with the pressing needs of the day, Congress focused on providing basic safeguards for the privacy of domestic users,” she wrote. “Accordingly, we think it employed the term ‘warrant’ in the act to require pre-disclosure scrutiny of the requested search and seizure by a neutral third party, and thereby to afford heightened privacy protection in the United States.” Accordingly, Carney ruled, Congress did not explicitly allow the provision to apply overseas.
Microsoft has used the case to urge Congress to revise the Stored Communications Act, which predates the internet revolution by a decade but still governs how prosecutors interact with it. Mass adoption of email didn’t go far beyond academic and military networks until the mid-1990s. Even then, only about one-third of Americans owned a personal computer in 1995; that number grew to 84 percent by 2014, according to the Pew Research Center.
“The continued reliance on a law passed in 1986 will neither keep people safe nor protect people’s rights,” Brad Smith, the company’s chief lawyer, wrote on Monday. He also raised privacy concerns about the government’s interpretation of Section 2703. “If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what’s to stop the government of another country from getting your emails even though they are located in the United States?” Smith asked.
For the government, the case is a frustrating dispute in which an American company based on U.S. soil won’t hand over potential criminal evidence to which it has unrestricted access. The Justice Department told the Supreme Court that the Second Circuit’s ruling “is causing immediate, grave, and ongoing harm to public safety, national security, and the enforcement of our laws” in its petition filed earlier this year.
“Under this opinion, hundreds if not thousands of investigations of crimes—ranging from terrorism, to child pornography, to fraud—are being or will be hampered by the government’s inability to obtain electronic evidence,” the government claimed. Thirty-three states also filed a brief with the court urging the justices to review the case. Tech companies have begun using the Second Circuit’s ruling to resist warrants from their law-enforcement agencies as well, the states said.
The Court has yet to set oral arguments for the case, which will likely occur sometime next spring. A final decision will be issued after then and before the justices’ annual June recess.