As expected, the US Government is dragging Microsoft to Supreme Court over long-running cross-border data jurisdiction case. Microsoft today revealed that the US Supreme Court granted the Department of Justice’s petition to review Microsoft’s victory. Last year, the Court of Appeals for the Second Circuit gave judgement in Microsoft’s favor. It said that U.S. federal or state law enforcement cannot use traditional search warrants to seize emails of citizens of foreign countries that are located in data centers outside the United States. Judge Lynch even urged Congress to act. Some members of Congress have publicly sided with Microsoft and they have also proposed a legislation in both houses to update the law.
Microsoft challenged DOJ because of its interpretation of the ECPA law which was enacted in 1986 when internet was not even invented. Microsoft believes this law is problematic in below ways.
- It contradicts the basic premise that before a U.S. statute reaches across another country’s borders, it should be clear that’s what Congress intended when it passed the law.
- We disagree with the premise of the government’s argument in favor of the warrant that customer email is the property of the email provider, not the customer, which would cause people to lose their rights when they go online.
- It creates conflicts with the laws of countries in Europe and elsewhere around the globe, which are intended to protect privacy interests and restrict the disclosure and transfer of personal data to a third country.
- It puts everyone’s emails at risk – if the U.S. government can unilaterally use a warrant to seize emails outside the United States, what’s to stop other governments from acting unilaterally to seize emails stored inside the United States? At a time when countries are rightly worried about foreign government hacking, the DOJ’s interpretation would open the door to accomplishing the same thing.
You can read more about this issue from Microsoft’s blog post here.