Microsoft has begun the latest round in a test case that will determine the extent of state power to sequester data from servers held overseas.
The long-running case between Microsoft and the US government revolves around a demand by US government agencies to access private Hotmail emails held on Microsoft data centres located in Ireland. Microsoft claims that the demand exceeds US authorities’ jurisdictions, while the US government claims that Microsoft is obliged to hand over any data that it demands, held anywhere in the world.
The case has implications for major US cloud computing providers, who could be faced with a customer exodus if the US government succeeds.
“The filing begins by imagining how the US government might react if the shoe were on the other foot. For example, how would the United States react if a foreign government attempted to sidestep international law by demanding that a foreign company with offices in the United States produce the personal communications of an American journalist?” writes Microsoft general counsel Brad Smith (pictured) in a blog posting.
Smith argues that the “case involves timeless principles and their enduring importance to a future with global technology”, and also has implications for the data privacy of US individuals and organisations, as well as across the internet more generally, which is why Microsoft has decided to take the case all the way to the highest court.
“The government puts at risk the fundamental privacy rights Americans have valued since the founding of the postal service. This is because it argues that, unlike your letters in the mail, emails you store in the cloud cease to belong exclusively to you.
“Instead, according to the government, your emails become the business records of a cloud provider. Because business records have a lower level of legal protection, the government claims it can use a different and broader legal authority to reach emails stored anywhere in the world,” writes Smith.
In its earlier round, in the Court of Appeals in the Second Circuit in Manhattan, New York, Judge Loretta Preska ruled that the emails the US government wanted access to were “business records” rather than private communications, and that that distinction meant that the data grab was lawful.
But this judgment, argued Smith, “challenges people’s ability around the world to rely on the privacy protections of their own governments and laws”.
The decision has also been formally attacked by the European Union. Indeed, the EU Commissioner for Justice said that it “bypasses existing formal procedures that are agreed between the EU and the US” and “may be in breach of international law”.
Microsoft’s filing can be read in full here.