Yottabytes: Storage and Disaster Recovery

Feb 28 2018   11:37PM GMT

Supreme Court Hears Microsoft-Ireland Data Case

Sharon Fisher Sharon Fisher Profile: Sharon Fisher


It is not looking good for Microsoft after the first day of hearings at the Supreme Court for the case regarding whether the company has to turn over to law enforcement data that is stored on a server in Ireland.

So far, the debate appears to hinge on whether to rule on the case, or wait for Congress to update the law and not have to rule on it at all. “Justices Ruth Bader Ginsburg and Sotomayor both asked why they shouldn’t just let the lower court opinion (in Microsoft’s favor) stand and allow the case to be decided by congressional action,” writes Andrew Keane Woods, in Lawfare, in one of the best analyses of the day’s arguments. “This makes some intuitive sense:  If the Stored Communications Act (SCA) is so hard to apply to a global cloud, let Congress update it. And Congress is trying.” But it hasn’t done it yet, and Congress hasn’t been too good about finishing things it’s started this year.

On the other hand, Chief Justice John Roberts appears to have a good idea for a business model. “Nothing would keep Microsoft ‘from storing United States communications, every one of them, either in Canada or Mexico or anywhere else, and then telling their customers: Don’t worry if the government wants to get access to your communications; they won’t be able to,” without getting help from a from foreign government, Roberts told Microsoft lawyer Joshua Rosenkranz, according to Bloomberg.

Congratulations, Justice Roberts. You just invented Swiss Banks for data.

If you’re really a glutton for this stuff, the full transcript is available, and there’s some pretty neat stuff in it. For example, there’s this government argument: “Suppose that a defendant in federal court were convicted and ordered to pay a fine and the defendant said, I can’t do that with my domestic assets. They’re all located abroad. I am fairly confident that the courts would say the obligation falls on you. How you raise the money is your concern. It’s not an extraterritorial application of the statute to say bring the money home and pay the fine. And that’s the same that we’re asking to happen with the warrant.” The thing is, it’s not the mere possession of the data that’s the issue but the fact that the data could be used to send someone to jail – a point that nobody seemed to make.

There was also an interesting discussion about the distinction between a subpoena and a warrant, and how one of the main distinctions was how the subject of a subpoena could go to court and object to it while the subject of a warrant couldn’t. “A warrant allows the government to just come right in. If we had a warrant, and we could get a Rule 41 ordinary warrant if we wanted to, we would go to Microsoft headquarters and ask the gentleman sitting at the keyboard to step aside and sit down and do the work ourselves.”

Justice Alito also brought up an interesting point: “If this person is not Irish and Ireland played no part in your decision to store the information there and there’s nothing that Ireland could do about it if you chose tomorrow to move it someplace else, it is a little difficult for me to see what Ireland’s interest is in this.” On the other hand, Microsoft’s attorney noted, “We protect information stored within the United States and we don’t actually care whose information it is because we have laws that guard the information for everyone.”

The primary concern appears to be less about the person who has their data on an Irish server in the first place, and more on what the repercussions might be based on the Supremes’ decision. “Countries around the world are watching this case because it could be used as a precedent—privacy advocates have called it a dangerous precedent—for the state to exert extraterritorial control over the internet,” Woods writes. “If the U.S. can do it, the thought goes, then other states will do it.” The problem with that argument, he writes, is that there are already plenty of examples of foreign governments doing just that.

And then there’s this thing of beauty:

“There is not an international problem.This is largely a mirage that Microsoft is seeking to create. For the 20 or so –­ “

JUSTICE SOTOMAYOR: “You mean all those amici who have written complaining about how this would conflict with so much foreign law. We’ve got a bunch of amici briefs telling us how much this conflicts.”

The justices are expected to rule by June, which should be one humdinger of a month at this rate.

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Ibbaman1

    Hi Sharon,

    I have to disagree on the comparison argument made as there's a huge difference between getting a fine (and the government not caring how you get the money to pay it) or asking someone to deliver the proof to incriminate themselves.

    econd, wasn't the whole issue about an Irish guy and data stored in Ireland? The result of that combination is that EU Law states that the data doesn't have to be handed over to non-EU countries, even if the company is US based. Microsoft has to uphold US laws, but it can't break EU laws to uphold US laws. Only EU citizens are protected by EU laws, so this does not apply to a US citizen storing data abroad to avoid prosecution.

    10 pointsBadges:
  • Sharon Fisher
    The data is in Ireland.  I'm not sure we know the provenance of the owner. 
    9,680 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: