Microsoft Corp. v. United States

Microsoft Corp. v. United States, known on appeal to the U.S. Supreme Court as United States v. Microsoft Corp., was a data privacy case involving the extraterritoriality of law enforcement seeking electronic data under the 1986 Stored Communications Act, Title II of the Electronic Communications Privacy Act of 1986 (ECPA), in light of modern computing and Internet technologies such as data centers and cloud storage.

In 2013, Microsoft challenged a warrant by the federal government to turn over email of a target account that was stored in Ireland, arguing that a warrant issued under Section 2703 of the Stored Communications Act could not compel American companies to produce data stored in servers outside the United States. Microsoft initially lost in the Southern District of New York, with the judge stating that the nature of the Stored Communication Act warrant, as passed in 1986, was not subject to territorial limitations. Microsoft appealed to the United States Court of Appeals for the Second Circuit, who found in favor of Microsoft by 2016 and invalidated the warrant. In response, United States Department of Justice appealed to the Supreme Court of the United States, which decided to hear the appeal.

While the case was pending in the Supreme Court, Congress passed the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), which amended the SCA to resolve concerns from the government and Microsoft related to the initial warrant. The Supreme Court, following agreement from both the government and Microsoft, determined the passage of the CLOUD Act and a new warrant for the data filed under it made the case moot and vacated the Second Circuit's decision.

Microsoft Corp. v. United States
Seal of the United States Court of Appeals for the Second Circuit
CourtUnited States Court of Appeals for the Second Circuit
Full case nameIn the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation
ArguedSeptember 9, 2015
DecidedJuly 14, 2016
Case history
Subsequent action(s)Vacated by the U.S. Supreme Court as United States v. Microsoft Corp., No. 17-2, 584 U.S. ___ (2018), after the controversy was mooted by passage of the CLOUD Act (March 2018)
Holding
Reversed. Warrant quashed and civil contempt ruling vacated
Court membership
Judge(s) sittingSusan L. Carney, Gerard E. Lynch, Victor A. Bolden (District Judge)
Case opinions
MajorityCarney, Bolden
Laws applied
Stored Communications Act of 1986

Background

As part of the investigation into a drug-trafficking case in December 2013, a United States magistrate judge in the United States District Court for the Southern District of New York issued a warrant under the Stored Communications Act of 1986 (SCA) requiring Microsoft to produce all emails and information associated with an account they hosted. While the information was held on Microsoft's United States servers, the emails were stored on a server in Dublin, Ireland, one of numerous servers Microsoft operates located around the world.[1]

Microsoft complied with providing the account information but refused to turn over the emails, arguing that a U.S. judge has no authority to issue a warrant for information stored abroad. Microsoft moved to vacate the warrant for the content held abroad on December 18, 2013. In May 2014, a federal magistrate judge, reviewing the history of the SCA (which had not been amended since its passage), disagreed with Microsoft and ordered it to turn over the emails, reasoning that unlike a typical warrant, SCA warrants function as both a warrant and a subpoena, and thus are not restricted by territorial constraints.[2] The magistrate judge considered that Microsoft had control of the material outside the United States, and thus would be able to comply with the subpoena-like nature of the SCA warrant.[2]

Microsoft appealed to a federal District Judge.[3] The district court upheld the magistrate judge's ruling, requiring Microsoft to provide the emails in full.[4][5][2]

Second Circuit opinion

Microsoft then appealed to the Second Circuit.[2] Several United States-based technology, publishers, and individuals submitted amicus briefs supporting Microsoft's position.[6] The Irish government also filed a brief in support of neither party.[6] The Irish government considered that the U.S. government's action violated both the European Union's Data Protection Directive and Ireland's own data privacy laws, and maintained the emails should be disclosed only on request to the Irish government pursuant to the long-standing mutual legal assistance treaty (MLAT) between the U.S. and Ireland formed in 2001; the government offered to consider such a request in an expedited manner for this case.[7][8][9] Jan Philipp Albrecht of the European Parliament filed an amicus brief in support of Microsoft, stating that should the court grant execution of the warrant, it could "extend the scope of this anxiety to a sizable majority of the data held in the world’s data centers outside the U.S."[6]

In the appeal to the Second Circuit, the three-judge panel unanimously overturned the lower court's ruling in July 2016, and invalided the government's warrant.[10][11] The panel primarily focused on the extraterritoriality of the SCA, using a two-pronged test.[12] Circuit Judge Susan L. Carney wrote the opinion of Court with District Court Judge Victor A. Bolden. Circuit Judge Gerard E. Lynch wrote a concurring opinion. The court relied heavily on the United States Supreme Court's 2010 ruling in Morrison v. National Australia Bank that the "longstanding principle of American law that legislation of Congress, unless a contrary intent appears, is meant to apply only within the territorial jurisdiction of the United States" applies in all cases. The Second Circuit found no mention of extraterritorial application in the SCA nor in its legislative history. The court said the SCA's use of the term "warrant", as a term-of-art, suggested a specific territory. It also concluded that the primary focus of the SCA was protecting the privacy of users of electronic services.[12]

In his concurrence, Judge Lynch noted that there was nothing in the record to indicate whether the owner of the e-mails being sought was a U.S. citizen or resident. He agreed with the government that the term "warrant" only implied the need for issuance under Fourth Amendment standards, rather than suggesting it was a search warrant with a specific place. He also noted that Microsoft chose to store the e-mails in Ireland based on the account holder's unverified statement of residence and on Microsoft's business interest in minimizing network latency. No one disputed that if Microsoft had chosen to store the emails in the U.S., the warrant would have been valid. While he agreed with the majority that the presumption against extraterritoriality, as clarified in Morrison, was decisive in this case, he did not believe it to be an optimal policy outcome and called on Congress to clarify and modernize the SCA.[12]

The U.S. government filed a petition for an en banc rehearing by the Second Circuit in October 2016.[13][14] In January 2017, the full court split 4-4 on a vote to rehear the case, leaving in place the judgement in favor of Microsoft. Circuit Judge Jose Cabranes, who wrote in dissent, wrote that the held decision "has substantially burdened the government’s legitimate law enforcement efforts; created a roadmap for the facilitation of criminal activity; and impeded programs to protect the national security of the United States and its allies", and called on a higher court or the U.S. Congress to rectify the outdated language of the SCA.[15]

Separately from its appeal, the U.S. Government has had at least one other ruling in its favor, and specially against the decision of the Second Circuit Court, for similar extraterritorial requests under the SCA. In February 2017, federal magistrate judge, presiding over a District Court within the Third Circuit, ruled that Google must comply with a government warrant to turn over data from foreign servers. The magistrate judge rejected Google's reliance on the current standing from the Microsoft case, and stated in his opinion that the scope of the invasion of privacy for the case was entirely within the United States, and not where the electronic transfer of the data occurs, making the SCA warrant enforceable.[7][16]

Supreme Court

The U.S. Department of Justice filed an appeal with the Supreme Court in June 2017.[17] Deputy Solicitor General Jeffrey Wall argued that the Second Circuit's order has led Microsoft, Google, and Yahoo! to deny law enforcement officials with requested information stored on servers outside the United States, hampering numerous criminal investigations. The Department was joined by 33 states in support.[18] Microsoft argued that the Court should not take the case, and instead that Congress should deal with updating the language of the outdated 1986 law.[18]

The Supreme Court granted certiorari in October 2017.[19] The case, United States v. Microsoft Corp., was heard by the Court on February 27, 2018 with a ruling originally expected by the end of the Court's term in June 2018.[20]

While the case was being decided by the Supreme Court, Congress introduced the Clarifying Lawful Overseas Use of Data Act ("CLOUD Act") shortly after the oral hearings. Among other provisions, the CLOUD Act modified the SCA to specifically include cloud storage considerations of communication providers in the United States regardless of where the cloud servers may be located. The bill was supported by both the DOJ and Microsoft.[21] In March 2018, Congress passed the CLOUD Act as part of an omnibus government spending bill, which was signed into law by President Donald Trump on March 22.[22] By the end of March, the DOJ had issued a request for a new warrant for the original emails from the 2013 investigation under the new authority granted by the CLOUD Act, and no longer seeking resolution of the original warrant. It also requested that the Court vacate the case and remand it back to the Second Circuit, where the matter could then be rendered moot due to the passage of the CLOUD Act.[23][24] Microsoft agreed with the DOJ's position.[25] On April 17, 2018, the Court issued a per curiam opinion stating that the case was rendered moot and vacating and remanding the case back to the lower courts to dismiss the lawsuit.[26]

See also

References and sources

References
  1. ^ Barnes, Robert (October 16, 2017). "Supreme Court to consider major digital privacy case on Microsoft email storage". The Washington Post. Retrieved October 16, 2017.
  2. ^ a b c d "In re Warrant to Search a Certain Email Account Controlled & Maintained by Microsoft Corp". harvardlawreview.org. Harvard Law Review.
  3. ^ "Microsoft Ireland Case: Can a US Warrant Compel A US Provider to Disclose Data Stored Abroad?". cdt.org. Center for Democracy and Technology.
  4. ^ "The "Microsoft Ireland" Case (Amicus Brief)". brennancenter.org. Brennan Center for Justice.
  5. ^ "In re Warrant for Microsoft Email Stored in Dublin, Ireland". eff.org. Electronic Frontier Foundation.
  6. ^ a b c Scott, Mark (December 24, 2014). "Ireland Lends Support to Microsoft in Email Privacy Case". The New York Times. Retrieved April 4, 2018.
  7. ^ a b Brier, Jr., Thomas (2017). "Defining the Limits of Governmental Access to Personal Data Stored in the Cloud: An Analysis and Critique of Microsoft Ireland". Journal of Information Policy. 7: 327–371. doi:10.5325/jinfopoli.7.2017.0327. JSTOR 10.5325/jinfopoli.7.2017.0327.
  8. ^ Porter, Kathleen. "Microsoft versus the Federal Government; Round Three". jdsupra.com. JD Supra.
  9. ^ "Brief For Ireland As Amicus Curiae In Support Of Neither Party". Electronic Frontier Foundation. December 23, 2014. Retrieved April 4, 2018. Ireland Is Willing To Apply The MLAT Process To This Warrant...Ireland would be pleased to consider, as expeditiously as possible, a request under the treaty, should one be made.
  10. ^ "Microsoft wins: Court rules feds can't use SCA to nab overseas data". Ars Technica. Retrieved October 16, 2017.
  11. ^ Microsoft Wins Appeal on Overseas Data Searches, Nick Wingfield, Cecilia Kang, New York Times, July 14, 2016
  12. ^ a b c "Microsoft Corp. v. United States". Harvard Law Review. December 9, 2016. Retrieved October 16, 2017.
  13. ^ "PETITION OF THE UNITED STATES OF AMERICA FOR REHEARING AND REHEARING EN BANC" (PDF). Retrieved December 8, 2016.
  14. ^ "Court ruling stands: US has no right to seize data from world's servers". Ars Technica. Retrieved August 17, 2017.
  15. ^ Stempel, Jonathan (January 24, 2017). "Microsoft victory in overseas email seizure case is upheld". Reuters. Retrieved October 16, 2017.
  16. ^ Kerr, Orin (February 3, 2017). "Google must turn over foreign-stored emails pursuant to a warrant, court rules". The Washington Times. Retrieved October 17, 2017.
  17. ^ "Does US have right to data on overseas servers? We're about to find out". Ars Technica. Retrieved July 20, 2017.
  18. ^ a b Stohr, Greg (October 16, 2017). "Microsoft Email-Access Fight With U.S. Gets Top Court Review". Bloomberg Businessweek. Retrieved October 16, 2017.
  19. ^ "Court adds four new cases to merits docket". SCOTUSBlog. Retrieved October 16, 2017.
  20. ^ Jeong, Sarah (February 26, 2018). "What's at stake in the Microsoft Supreme Court case". The Verge. Retrieved February 26, 2018.
  21. ^ Breland, Ali (August 1, 2017). "Senate bill would ease law enforcement access to overseas data". The Hill. Retrieved March 23, 2018.
  22. ^ Brandom, Russell; Lecher, Colin (March 22, 2018). "House passes controversial legislation giving the US more access to overseas data". The Verge. Retrieved March 23, 2018.
  23. ^ Stohr, Greg (March 31, 2018). "Justice Department Asks Court to Drop Microsoft Email Case". Bloomberg Businessweek. Retrieved April 2, 2018.
  24. ^ Nakashima, Ellen (March 31, 2018). "Justice Department asks Supreme Court to moot Microsoft email case, citing new law". The Washington Post. Retrieved April 2, 2018.
  25. ^ Hurley, Lawrence (April 3, 2018). "Microsoft calls for dismissal of U.S. Supreme Court privacy fight". Reuters. Retrieved April 4, 2018.
  26. ^ "Supreme Court rules that Microsoft email privacy dispute is moot". Reuters. April 17, 2018. Retrieved April 17, 2018.
Sources

External links

Brad Smith (American lawyer)

Bradford Lee Smith (born January 17, 1959) is an American attorney and technology executive currently serving as President of Microsoft, concurrently serving as chief legal officer. On behalf of Microsoft, Smith has settled multibillion-dollar lawsuits with other companies and the European Union, has filed multiple lawsuits against the United States government to protect customer privacy, led efforts to bring broadband and technology jobs to rural America, and signed partnerships with the United Nations Office on Human Rights. He has led philanthropic efforts on immigration and education. Smith has been called one of the most influential lawyers in the United States.

CLOUD Act

The Clarifying Lawful Overseas Use of Data Act or CLOUD Act (H.R. 4943) is a United States federal law enacted in 2018 by the passing of the Consolidated Appropriations Act, 2018, PL 115-141, section 105 executive agreements on access to data by foreign governments. Primarily the CLOUD Act amends the Stored Communications Act (SCA) of 1986 to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil.

Electronic evidence

Electronic evidence consists of these two sub-forms:

analog (no longer so prevalent, but still existent in some sound recordings e.g), and

digital evidence (see longer article)This rather complex relationship can be depicted graphically as shown in this part of a EU-funded project on the topic embedded here at the right. Chapter 10 of the associated 2018 book goes into more detail, as does the website, http://www.evidenceproject.eu/categorization

Electronic evidence can be abbreviated as e-evidence, and this shorter term is gaining in acceptance in Continental Europe. This page covers mainly activity there and on the international level.

Privacy and the US government

Privacy and the United States government consists of enacted legislation, funding of regulatory agencies, enforcement of court precedents, creation of congressional committees, evaluation of judicial decisions, and implementation of executive orders in response to major court cases and technological change. Because the United States government is composed of three distinct branches governed by both the separation of powers and checks and balances, the change in privacy practice can be separated relative to the actions performed by the three branches.

The purpose of the legislative branch: To perform congressional actions that clarify what constitutes privacy tort, to outline punishments for those who violate privacy law, and to protect the people's “right to privacy” through regulation.

The purpose of judiciary branch: To examine individual privacy issues and create widespread precedent that both protects and infringes upon existing personal privacy law vested within Congressional legislation and constitutional amendments.

The purpose of executive branch: To pursue actions that help emphasize certain issues and expedite the process regarding particular policy through platform politics, executive orders, and pushing and signing of bills into law.Congress, the Supreme Court, and the Presidency work closely with one another to help define privacy law in the United States and often build upon each other when improving privacy practice and regulation. Prior to implementation of these branch actions, the notion of privacy rights can be traced back to the First, Third, Fourth, Fifth, Ninth and Fourteenth Amendments of the United States Constitution.

Right of access to personal data

The Right of Access, also referred to as Right to Access and [data] subject access, is one of the most fundamental rights in data protection laws around the world. The European Union states that: "The right of access occupies a central role in EU data protection law's arsenal of data subject empowerment measures." This right is often operationalised as a Subject Access Request.

United States v. Microsoft Corp.

United States v. Microsoft Corporation, 253 F.3d 34 (D.C. Cir. 2001), was a noted American antitrust law case in which the U.S. government accused Microsoft of illegally maintaining its monopoly position in the PC market primarily through the legal and technical restrictions it put on the abilities of PC manufacturers (OEMs) and users to uninstall Internet Explorer and use other programs such as Netscape and Java. At trial, the district court ruled that Microsoft's actions constituted unlawful monopolization under Section 2 of the Sherman Antitrust Act of 1890, and the U.S. Court of Appeals for the D.C. Circuit affirmed most of the district court's judgments.

The plaintiffs alleged that Microsoft had abused monopoly power on Intel-based personal computers in its handling of operating system and web browser integration. The issue central to the case was whether Microsoft was allowed to bundle its flagship Internet Explorer (IE) web browser software with its Windows operating system. Bundling them is alleged to have been responsible for Microsoft's victory in the browser wars as every Windows user had a copy of IE. It was further alleged that this restricted the market for competing web browsers (such as Netscape Navigator or Opera), since it typically took a while to download or purchase such software at a store. Underlying these disputes were questions over whether Microsoft had manipulated its application programming interfaces to favor IE over third-party web browsers, Microsoft's conduct in forming restrictive licensing agreements with original equipment manufacturers (OEMs), and Microsoft's intent in its course of conduct.

Microsoft stated that the merging of Windows and IE was the result of innovation and competition, that the two were now the same product and inextricably linked, and that consumers were receiving the benefits of IE free. Opponents countered that IE was still a separate product which did not need to be tied to Windows, since a separate version of IE was available for Mac OS. They also asserted that IE was not really free because its development and marketing costs may have inflated the price of Windows.

The case was tried before Judge Thomas Penfield Jackson in the United States District Court for the District of Columbia. The DOJ was initially represented by David Boies. Compared to the European Decision against Microsoft, the DOJ case is focused less on interoperability and more on predatory strategies and market barriers to entry.

United States v. Microsoft Corp. (disambiguation)

United States v. Microsoft Corp. may refer to:

United States v. Microsoft Corp. (2001), 253 F.3d 34 (D.C. Cir. 2001), a U.S. antitrust law case

Microsoft Corp. v. United States, also known as the "Microsoft Ireland" case, a data privacy case that was appealed to the U.S. Supreme Court as "United States v. Microsoft Corp." during the 2017-2018 term

This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.