News

U.S. Supreme Court To Review Microsoft's Dublin Datacenter Case

The years-long dispute over whether Microsoft must submit to government requests for data stored in an offshore datacenter is going to the U.S. Supreme Court.

The case goes back to 2013, when Microsoft was ordered to turn over e-mails stored in its datacenter in Dublin, Ireland by U.S. authorities pursuing an unnamed person suspected of illegal drug activities. Lower courts had consistently told Microsoft to hand over the data, though Microsoft appealed those rulings with the backing of other cloud service providers, including Apple, AT&T, Cisco and Verizon.

On July 2016, the Court of Appeals for the Second Circuit determined that Microsoft did not have to turn over the e-mails. On Monday, the Supreme Court ordered a review of that ruling.

Microsoft's current stance is that "U.S. federal or state law enforcement cannot use traditional search warrants to seize emails of citizens of foreign countries that are located in data centers outside the United States," according to Brad Smith, president and chief legal officer at Microsoft, in an announcement Monday.

Microsoft also doesn't agree with the government's view that the service provider owns the e-mail data, "which would cause people to lose their rights when they go online," Smith noted.

Current U.S. laws associated with the 1986 Electronic Communications Privacy Act are outdated and inadequate in the cloud computing world, and weren't intended for use outside the United States, Smith contended. For its part, Microsoft is backing a congressional effort to address "cross-border data access" issues. The effort, International Communications Privacy Act of 2017 (S.2986), sponsored in the Senate by Orrin Hatch, defines how such warrants should be processed. It permits search warrants "only if the foreign government does not have a Law Enforcement Cooperation Agreement with the United States or, if it does have such a Law Enforcement Cooperation Agreement, the foreign government does not object to disclosure."

A Law Enforcement Cooperation Agreement means a mutual agreement or treaty, or it can be an executive agreement between the United States and "one or more countries," according to S.2986.

The bill was introduced last year and was referred to the Senate Judiciary Committee. There's also an identical bill in the House (H.R.5323).

Microsoft, being a U.S.-based company, has to follow U.S. laws, but the bill, if passed, would free service providers in general, including Microsoft, from having to side with one government over another in cases where the data are stored abroad, an important consideration for cloud service providers. The bill mostly seems to be a clarifying measure. It seems to streamline search warrants even when the U.S. government doesn't have a Law Enforcement Cooperation Agreement in place with a foreign government, although it's unclear how such warrants would be enforced.

Microsoft regularly complies with U.S. law enforcement requests for domestic data, with some challenges. However, this case could prove important for Microsoft and other service providers to gain trust internationally, especially in Europe, where data sovereignty and privacy issues are more greatly pursued than in the United States.

The case is known as United States v. Microsoft Corp., 17-2.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

  • With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

    Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

  • Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

    A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.