Yottabytes: Storage and Disaster Recovery

Jun 30 2017   8:48AM GMT

Microsoft-DoJ Case Headed to the Supremes

Sharon Fisher Sharon Fisher Profile: Sharon Fisher


Experts who have been saying for a while now that the Microsoft-Department of Justice case would eventually end up before the Supreme Court are finally being proven right: the DoJ requested earlier this month that the Court handle the case.

As you may recall, the case, which started in 2014,  involved whether Microsoft must release data stored on one of its servers to a U.S. government agency, even though the data in question is outside the U.S., setting the stage for a massive worldwide confrontation on just who has the right to have access to data where. Most recently, in January the Second Circuit Court of Appeals denied a rehearing of the case, which left the Supreme Court as the only option.

Now, at the very last minute – and after two extensions – the DoJ has decided it wants to take the case to the Supreme Court to be decided once and for all.

Microsoft, as well as the other technology companies that have been anxiously watching the proceedings and filing amicus briefs, were surprised, because they had thought that the federal government had agreed with some lower courts that the real solution was a legislative one. This would most likely involve updating the 1986 Electronic Communications Privacy Act and the Stored Privacy Act on which the case was based.

Indeed, Sen. Orrin Hatch (R-Utah) (who is, incidentally, third in line to become President), put forth legislation last year, the International Communications Privacy Act, where it has languished since then. A legislative solution could solve a number of current problems, including making it easier to request such data from foreign governments.

In addition, a new law, the General Data Protection Regulation, governing this issue is also scheduled to take effect in Europe next year. “In less than one year, a new European data protection law will go into effect,” writes Brad Smith, Microsoft’s president and chief legal officer, in a blog post. “Under that law – called the General Data Protection Regulation – it would be illegal for a company to bring customer data from Europe into the U.S. in response to a unilateral U.S. search warrant.” Depending on how the Supreme Court rules, a vendor could find itself violating international law by following American law, or vice versa, he warns.

And the whole thing is predicated on treating digital data – by virtue of its accessibility – differently from other, physical, types of evidence, writes Karlin Lillington in the Irish Times. “If the desired evidence were concrete (say, paper documents) rather than digital, US authorities would have to use existing international law-enforcement agreements,” she writes.

A favorable Supreme Court ruling sets a dangerous precedent for the cloud computing industry, Lillington continues. “If the US government has the right to directly seize internationally-held data, then other countries will of course, expect the same right to in effect conduct international digital raids for American or other nations’ data, in the US or around the world, with near-impunity,” she writes. “This raises obvious data-protection, data-privacy, and surveillance concerns. It also completely undermines the whole concept of cloud computing – the movement and storing of data by organizations in international jurisdictions – and suggests businesses would have to run stand-alone operations and data centers in every geography in which they operate.”

Part of the problem is that while Microsoft has been prevailing legally, a similar, later case with Google was won by the government. In April, a federal magistrate judge in San Francisco denied Google’s attempt to quash a warrant seeking data stored abroad, writes Ben Hancock in Law.com. “It was at least the third such decision involving Google in as many months, and another magistrate judge in Florida in early April forced Yahoo to hand over data in a similar ruling.” Google, like Microsoft, prefers a legislative solution.

However, Google has also been using a different legal argument from the one Microsoft has been using, Hancock writes. “Microsoft argued that if authorities in New York wanted the email data in Ireland, all they had to do was go through a treaty process with Irish authorities,” he writes. “By contrast, Google has essentially argued—in part because of its practice of ‘sharing’ [he means “sharding” – he’s a lawyer, not an engineer] data into pieces spread across servers around the globe, for the purpose of network efficiency—that data stored outside the United States cannot be accessed by U.S. authorities or by authorities in any other jurisdiction.”

If the Supreme Court decides to hear the case, how the Court might rule is undetermined, particularly since there are a couple of new factors. First, the Court has a new member, so it can’t tie and not have its ruling used as a precedent. Second, the new member, Neil Gorsuch, is reportedly very conservative, even activist, according to the Los Angeles Times. Third, the rumor is that swing justice Anthony Kennedy is going to retire before the next session. All of these factors apparently make the government think it is more likely to prevail in this case, rather than waiting on the legislative solution — no matter the consequences.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • spintreebob
    "All your data belong to us" is in a headline and "data about one of its web-based email users" is in the body of the 2014 article. Those phrases are quit different issues. The current article should clarify what exactly would be at the SCOTUS. Is it "all" or is is "one" user/data? Would the SCOTUS have before it the substance? or a procedural issue? Or a jurisdictional issue?
    70 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: