A federal appeal is set to decide whether major US corporations handling foreign data should be subjected to American law when it comes to data collection requests. It will settle a four-year dispute between Microsoft and US authorities, with whom the company refused to share the data of a foreign suspect, located in one of its data centers in Dublin, Ireland.
In 2013, federal authorities requested that Microsoft hand over the emails, which they said would provide evidence of drug trafficking. They obtained a search warrant, and the company was held in contempt for refusing to hand over the files, but in 2016 the US Second Circuit Court of Appeals finally sided with Microsoft.
The accused individual had registered an account as a resident of Ireland, which, according to the previous ruling, exempted them from the jurisdiction of US law.
Thirty-three states were part of the campaign to have the case reviewed, claiming that a Microsoft victory would set a precedent for criminals, making it easier for them to avoid being investigated by US authorities.
In a blog post, Microsoft president and legal chief officer Brad Smith outlined the company’s stance, stating that US law enforcement should not be using “traditional search warrants to seize emails of citizens of foreign countries” located in foreign data centers.
”We believe that people’s privacy rights should be protected by the laws of their own countries and we believe that information stored in the cloud should have the same protections as paper stored in your desk. Therefore, Congress needs to modernize the law and address these fundamental issues.”
The case falls under the 1986 Electronic Communications Privacy Act (which, Smith pointed out, was written before Tim Berners-Lee invented the World Wide Web), which stipulates that US companies are subjected to US laws, but the 2016 decision clarified that the rule doesn’t apply when companies are operating abroad.
Deputy Solicitor General Jeffrey Wall previously told Bloomberg that this would amount to hampering investigations into “terrorism,” “child pornography” and “fraud.”
An updated version of the Act was referred to both the Senate Judiciary Committee and the House last year. If passed, US law enforcement would only be allowed to exercise the American rule of law when the two governments involved have signed a ’Law Enforcement Cooperation Agreement,’ or if the foreign country in question doesn’t object to disclosure.
The case marks a significant development for major cloud service providers like Microsoft, that tend to comply with domestic data requests, but whose treatment of foreign data is a contentious issue in other countries, especially in Europe.
Other companies, including HP, Apple and Amazon, have come out in support of Microsoft, as they all stand to lose in terms of public image and customer trust if a court rules in favor of the US state authorities.
The Supreme Court will begin receiving official arguments early next year, and is expected to make its decision in June.