Factually, this case begins as a narcotics investigation in New York City. The U.S. Attorney’s Office there issued Microsoft at its corporate headquarters in Redmond, Washington warrant to obtain the contents of a subscriber’s HotMail account. Microsoft provided what its central administration servers had in Redmond, account information (or “metadata”) but was unable to satisfy the warrant completely because the content resided on servers located in its Dublin, Ireland subsidiary. U.S. attorneys pressed the matter in federal district court which denied Microsoft’s motion to quash the warrant and found the company in contempt of court for failure to produce the evidence in question. Microsoft appealed the decision. The Appeals Court for the Second District (which includes New York) reversed the district court. In finding for Microsoft, the Court vacated the original warrant and dismissed the contempt ruling.
Procedurally, this case would be notable for its decision alone. To be sure, a plain reading of ECPA clearly does not state extraterritorial jurisdiction for which extradition treaties have long existed before the Internet. What knocks the ball out of the park is the reasoning behind the decision. First, the Court explains how the technology works in an enterprise “cloud” system. Electronic content has physical location. “Microsoft asserts that, after the migration is complete, the “only way to access” user data stored in Dublin and associated with one of its customer’s web‐based e‐mail accounts is “from the Dublin datacenter.” Second, the Court makes a clear reading of the legislation, Title II, Stored Communications – the legislation upon which the original warrant was served -- that is muddy text, to say the least. That clear reading re-establishes a fundamental component of ECPA when Congress originally passed it in 1986, seven years before the Internet became fully open to the public: ECPA rests upon the Fourth Amendment. Metadata might be available with a subpoena, but content requires a warrant.
This support not only creates its own precedential effect in a legal environment that over the last thirty years has all but forgotten and/or eviscerated the Fourth Amendment, but also becomes central to the next step in their reasoning. The Court adopts Microsoft’s position that access to the email content functions in electronic space as it does in physical space. “It [Microsoft] understands such a warrant as more closely resembling a traditional warrant than a subpoena. In its view, a warrant issued under the Act cannot be given effect as to materials stored beyond United States borders, regardless of what may be retrieved electronically from the United States and where the data would be reviewed. To enforce the Warrant as the government proposes would effect an unlawful extraterritorial application of the SCA, it asserts, and would work an unlawful intrusion on the privacy of Microsoft’s customer.”
If I had a nickel for every time in higher education policy administration or in classrooms from Ithaca to Rome to Springfield where I have stressed that “whatever is legal in physical space is legal in cyberspace, and so to illegality it also goes” I could get that villa I have been guilt tripping my children all their lives. It is therefore worth quoting more of the Court’s decision on that point. “Although electronic data may be more mobile, and may seem less concrete, than many materials ordinarily subject to warrants, no party disputes that the electronic data subject to this Warrant were in fact located in Ireland when the Warrant was served. None disputes that Microsoft would have to collect the data from Ireland to provide it to the government in the United States.”
“When interpreting the laws of the United States, we presume that legislation of Congress “is meant to apply only within the territorial jurisdiction of the United States,” unless a contrary intent clearly appears. Id. at 255 (internal quotation marks omitted); see also RJR Nabisco, Inc. v. European Cmty., 579 U.S. __, __, 2016 WL 3369423, at *7 (June 20, 2016). This presumption rests on the perception that “Congress ordinarily legislates with respect to domestic, not foreign matters.” Id. The presumption reflects that Congress, rather than the courts, has the “facilities necessary” to make policy decisions in the “delicate field of international relations.” Kiobel v. Royal Dutch Petroleum Co., 133 S.Ct. 1659, 1664 (2013) (quoting Benz v. Compania Naviera Hidalgo, S.A., 353 U.S. 138, 147 (1957)). In line with this recognition, the presumption is applied to protect against
“unintended clashes between our laws and those of other nations which could result in international discord.” Equal Emp’t Opportunity Comm’n v. Arabian American Oil Co., 499 U.S. 244, 248 (1991) (“Aramco”); see generally Park Central Global Hub Ltd. v. Porsche Auto. Holdings SE, 763 F.3d 198 (2d Cir. 2014) (per curiam).”
Thus, the reasoning of the Court is complete. If legal access to the contents of an electronic mail account must follow the same process as if legal access were executed in physical space, and the law does not include reach outside of the United States, then the original warrant cannot be executed. Accordingly, the Court dismissed the warrant and remanded to the district court to dismiss the contempt order under which Microsoft sat for its failure to comply in the first instance.
Infrequently in a blog post do I delve into case law textual analysis, but the significance of this one demands it. Reading the U.S. position throws light on much of what the government has been thinking if not before at least since the events of 9/11 and the USA-Patriot Act. With what feels like a sleight-of-hand, the government emphasizes the differences between electronic and physical space to get what it wants with the lightest of touch. Back when I first became the Director of IT Policy at Cornell, the notion that “legitimate use of a computer or network system does not extend to whatever an individual is capable of doing with it” provided the foundation upon which the university structured sound policy. Whether in gaining easy access to email accounts or network traffic, gathering telephone contact numbers for everyone in the United States, or setting up back door access at Google and Facebook, the courts – both secret and public — and agencies such as the Department of Justice and National Security Administration have stomped all over this basic principle of applying law to the Internet. Founding Fathers made government access arduous on purpose. They may not have contemplated such technological development as now exists but there is no doubt that they meant their principles to be the core relationship between the individual and the federal government no matter what the context. It is time to get those principles back in place.
Microsoft’s position has always been one of legal access, not no access. Notably, Microsoft prevailed pressing the courts to set this precedent. In a previous blog, I distinguished the Apple iPhone case from this one. The common denominator was trust. Notwithstanding long-standing and deep disappointment with the U.S. government, its agencies and its courts on matters of electronic privacy and due process, I retain a fundamental faith in it. Not blinded by illusions, but filled with the belief that if reasonable people, including corporations, can persist in making clear and honest points, help to educate people not only in the how but the why to do it, we can all get to a better place. That better place is one in which research and innovation continues to amaze, business thrives, people can feel secure and the law complements the principles of a democratic republic.
This case achieves that promise. Upon it could be built support for legal reform such as the International Communications Privacy Act (formerly known as the LEADS Act) currently before Congress (that would fix the problem that this case raised) and other ECPA updates. It should begin a much longer process of re-establishing the good name of the U.S. among our allies in matters of electronic privacy because of the respect for their autonomy that is built into this decision. With this precedent, we have reason to expect foundational Fourth Amendment protections on electronic content from the courts. So, too, might we use this case to ask hard questions of the government in the continued unanswered wake of Snowden disclosures. Now that a regular, Title III Court has demonstrated its ability to understand how technology in a business process works, and to apply the law underscored by constitutional principles to it, we might even want to challenge the need for a secret FISA Court. Perhaps I am getting a bit too optimistic, but with respect and trust in government comes a dose of hope to make better tomorrow what seemed impossible yesterday.
Read more by
You may also be interested in...
Inside Higher Ed’s Blog U
What Others Are Reading