The case centers on emails police demanded in a 2013 search warrant for a drug-trafficking investigation. Those files were stored at one of Microsoft’s data centers in Ireland, so Microsoft refused to turn over the emails, arguing they fall outside the investigators’ jurisdiction. Two federal courts agreed with the U.S. Department of Justice before the 2nd U.S. Circuit Court of Appeals sided with Microsoft.
The government will likely appeal the ruling, according to The Seattle Times.
The dispute hinges on interpretations of the Stored Communications Act as part of the broader Electronic Communications Privacy Act that Congress passed in 1986. It was designed to “protect user privacy in the context of new technology that required a user’s interaction with a service provider,” according to the ruling. The court noted the original law did not consider overseas application nor did it anticipate the complexity of today’s technological landscape.
“Three decades ago, international boundaries were not so routinely crossed as they are today, when service providers rely on worldwide networks of hardware to satisfy users’ 21st–century demands for access and speed and their related, evolving expectations of privacy,” according to the ruling.
The decision is important for three reasons: it ensures that people’s privacy rights are protected by the laws of their own countries; it helps ensure that the legal protections of the physical world apply in the digital domain; and it paves the way for better solutions to address both privacy and law enforcement needs.
Previous rulings determined that the warrant for the data was more like a subpoena. Law enforcement officers weren’t going to travel to Ireland to physically confiscate evidence, so the location of the evidence is not relevant. The appeals court disagreed with that interpretation.
The years-long case has become a flash point in the battle over online privacy. Smith noted in his blog post that amicus briefs supporting Microsoft’s claim were filed by 28 technology and media companies, 23 trade associations and advocacy groups, 35 of the nation’s leading computer scientists and the government of Ireland.
Apple’s refusal to help the FBI unlock an iPhone used by a terrorist during the December attack in San Bernardino, California is another high-profile example of this tug-of-war between tech giants and governments. Apple argued that decrypting the phone’s data and breaking into it would weaken security for all users. Apple and the FBI were heading towards a trial earlier this year until a third party emerged to help the FBI successfully hack the phone.
Smith closed his blog post by pleading with Congress to modernize communications law.
“We should not continue to wait,” Smith wrote. “We’re confident that the technology sector will continue to roll up its sleeves to work with people in government in a constructive way. We hope that today’s decision will bring an impetus for faster government action so that both privacy and law enforcement needs can advance in a manner that respects people’s rights and laws around the world.