Barry Sookman
  • Bio & expertise
    • Bio
    • Technology & Internet Lawyer
    • Copyright and Intellectual Property Lawyer and Litigator
    • Privacy & CASL
    • Government Relations
    • Rankings
  • Books & Articles
  • Speeches & Media
  • Terms
    • Privacy Policy
This site is about technology, copyright, and privacy Law
Barry Sookman
Barry Sookman
  • Bio & expertise
    • Bio
    • Technology & Internet Lawyer
    • Copyright and Intellectual Property Lawyer and Litigator
    • Privacy & CASL
    • Government Relations
    • Rankings
  • Books & Articles
  • Speeches & Media
  • Terms
    • Privacy Policy
Subscribe
  • Privacy

Microsoft wins big in warrant fight to protect privacy of user data

  • July 15, 2016
  • Barry Sookman
Total
0
Shares
0
0
0

Microsoft scored a major victory for the privacy of its cloud computing users yesterday winning a closely watched case against U.S. Government. In Microsoft Corporation v USA (2nd.Cir. Jul. 14, 2016), the U.S. Second Circuit Court of Appeals held that a warrant issued under Section 2703 of the Stored Communications Act (ECA) did not have extra-territorial effect to require U.S. based Microsoft to access and provide the government with user data stored on servers operated by a subsidiary in Dublin Ireland.

The decision was based on a number of factors including the principle against the presumption of extra-territorial application of U.S law and the historical difference between a subpoena and a warrant, which in this case was held to apply only to Microsoft’s servers in the U.S.

According to the court:

These practical considerations cannot, however, overcome the powerful clues in the text of the statute, its other aspects, legislative history, and use of the term of art “warrant,” all of which lead us to conclude that an SCA warrant may reach only data “warrant,” all of which lead us to conclude that an SCA warrant may reach only data stored within United States boundaries.  Our conclusion today also serves the interests of comity that, as the MLAT process reflects, ordinarily govern the conduct of cross‐ boundary criminal investigations.  Admittedly, we cannot be certain of the scope of the obligations that the laws of a foreign sovereign—and in particular, here, of Ireland or the E.U.—place on a service provider storing digital data or otherwise conducting business within its territory.  But we find it difficult to dismiss those interests out of hand on the theory that the foreign sovereign’s interests are unaffected when a United States judge issues an order requiring a service provider to “collect” from servers located overseas and “import” into the United States data, possibly belonging to a foreign citizen, simply because the service provider has a base of operations within the United States.

Thus, to enforce the Warrant, insofar as it directs Microsoft to seize the contents of its customer’s communications stored in Ireland, constitutes an unlawful extraterritorial application of the Act.

We conclude that Congress did not intend the SCA’s warrant provisions to apply extraterritorially.  The focus of those provisions is protection of a user’s privacy interests.  Accordingly, the SCA does not authorize a U.S. court to issue and enforce an SCA warrant against a United States‐based service provider for the contents of a customer’s electronic communications stored on servers located outside the United States.  The SCA warrant in this case may not lawfully be used to compel Microsoft to produce to the government the contents of a customer’s e‐mail account stored exclusively in Ireland.  Because Microsoft has otherwise complied with the Warrant, it has no remaining lawful obligation to produce materials to the government.

The decision vindicates the position Microsoft took to protect the privacy of its users located outside the U.S. However, the decision only relates to the particular form of investigative document used by law enforcement in the case and did not make any definitive findings on whether a subpoena would have had a broader territorial ambit.

For a good summary of the case, see U.S. Cannot Compel By Warrant Microsoft’s Production of Emails Stored Outside of U.S.

Total
0
Shares
0
0
0
0
Related Topics
  • cloud computing
  • microsoft
  • warrant
Previous Article
  • blocking orders
  • Counterfeiting
  • Piracy

Blocking orders against ISPs to combat trade-mark infringement legal says Court of Appeal in Cartier

  • July 12, 2016
  • Barry Sookman
View Post
Next Article
  • CASL
  • Uncategorized

CASL’s private right of action

  • August 29, 2016
  • Barry Sookman
View Post

Subscribe

Subscribe now to our newsletter

You May Also Like
Digital Charter Implementation Act and CPPA
View Post
  • CPPA
  • Privacy

CPPA: problems and criticisms – automated decision making

  • Barry Sookman
  • December 18, 2022
Digital Charter Implementation Act and CPPA
View Post
  • CPPA
  • PIPEDA
  • Privacy

CPPA: problems and criticisms – anonymization and pseudonymization of personal information

  • Barry Sookman
  • December 5, 2022
Digital Charter Implementation Act and CPPA
View Post
  • CPPA
  • PIPEDA
  • Privacy

CPPA: problems and criticisms – service provider obligations

  • Barry Sookman
  • November 13, 2022
Digital Charter Implementation Act and CPPA
View Post
  • CPPA
  • Privacy

CPPA: problems and criticisms – appropriate purposes

  • Barry Sookman
  • October 31, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe

Subscribe now to our newsletter

Barry Sookman
This site is about technology, copyright, and privacy Law

Input your search keywords and press Enter.

We may be using cookies to give you the best experience on our website.

 

Barry Sookman
Powered by  GDPR Cookie Compliance
Privacy Overview

This website may use cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.