In a ruling earlier today, the United States Supreme Court decided to dismiss the Microsoft email privacy case between the company and the Justice Department.
The original case was monumental, and raised the question of whether the government can force tech companies to hand over data that is store in overseas data centers. This dispute has been going on for quite some time, with the original Microsoft email privacy case filed back in 2013. A recent ruling from Congress basically makes the need for a decision in this case no longer needed, and according to the court “no love dispute remains between the parties over the issue.
As far as how the Microsoft email privacy case first came to be, it was originally created due to a drug trafficking case in which the Justice Department provided a warrant to the tech company for emails that were stored at a data center in Ireland. Microsoft, in the interest of users’ privacy, challenged the warrant – stating that the fact that the data center was located in Ireland meant that the Justice Department couldn’t compel them to hand over the information. The department argued back that Microsoft should be forced to comply with the warrant seeing as the company is based in the United States. It was an interesting legal dilemma and a battle that had been going on for over 5 years at this point, and recent legislation passed through Congress has decided the issue with new guidelines on the government’s right to issue warrants for data stored overseas.
The Clarifying Lawful Overseas Use of Data Act (CLOUD Act) was recently passed by Congress and was signed into law, which provides a new legal framework for how exactly these government warrants should be approached when access data stored outside of the US – effectively resolving the Microsoft email privacy case without the need for a ruling.
According to Microsoft President and Chief Legal Officer Brad Smith in a recent blog post,
“As information has moved to the cloud, tech companies have had to assume a more important role in protecting people’s privacy rights. Before cloud computing, individuals stored their digital information on a computer at home and companies typically stored their information on server computers in their offices. In practical terms, this meant that if the government obtained a warrant to search someone’s information on a computer, officials had to enter one’s premises to access a device. As a result, individuals or companies knew about the search and could mount a legal defense if they chose.
As information moved to the cloud, however, the government could search digital information by serving warrants on a cloud service provider rather than on the individual or company that owned the information itself. This changed the privacy equation between citizens and the state. No longer would an individual or company necessarily know when the government was searching its information. And without that knowledge, individuals and companies lacked the ability to protect their rights.”
“The CLOUD Act both creates the foundation for a new generation of international agreements and preserves rights of cloud service providers like Microsoft to protect privacy rights until such agreements are in place.”
Elsewhere in the post, Smith stated that “while litigation was important, we needed new legislation and new international agreements to reform the process by which law enforcement officials around the world gather digital evidence and investigate crimes. And we said international agreements must have strong protections for privacy and other human rights.”
The CLOUD Act may just provide the protections that the company was looking for with the Microsoft email privacy case, and the Justice Department has since obtained a new warrant that complies with the new law. While Microsoft was not necessarily seeking to obstruct the apprehension of criminals, the legislation that was in place was not sufficient enough for them to provide information without setting a dangerous precedent. As a compromise that gives law enforcement officials guidelines for obtaining warrants and outlines clear legislation that is amenable to technology companies like Microsoft, we may see fewer situations like the Microsoft email privacy case moving forward.
“Most importantly, the passage of the CLOUD Act is an important milestone in the journey to modernize the law, enable enforcement officials to do their jobs and protect people’s privacy rights across borders. It has strong and broad support. But it’s not the end of the road. There remains important and urgent work ahead of us.”