The US Supreme Court has agreed to hear arguments in a critical case over data privacy, the outcome of which will likely determine how easily law enforcement can gain access to information stored in tech companies’ overseas data centres. Microsoft will go head-to-head with the Justice Department, arguing that the agency cannot use a warrant to collect emails held in Microsoft’s Ireland data center.
In 2016, the Second Circuit Court of Appeals ruled in favour of Microsoft, asserting that a 1986 law, the Electronic Communications Privacy Act (ECPA), was not intended to grant law enforcement access to internationally-stored data. The Justice Department says that this ruling has hampered its investigative abilities in the digital age. In asking the Supreme Court to consider the case, the Justice Department argued that “hundreds if not thousands” of investigations into terrorism and child pornography “are being or will be hampered by the government’s inability to obtain electronic evidence.”
“The continued reliance on a law passed in 1986 will neither keep people safe nor protect people’s rights,” Microsoft’s chief legal officer Brad Smith wrote in a blog post about the Supreme Court’s decision. “We believe that people’s privacy rights should be protected by the laws of their own countries and we believe that information stored in the cloud should have the same protections as paper stored in your desk.”
Microsoft’s legal battle kicked off in 2013, when the Justice Department asked the company to hand over emails stored in its Ireland data center for a drug investigation. Microsoft successfully challenged the warrant, arguing that DOJ needed to pursue international data through a treaty process.
In today’s blog post, Smith argued that the issue belongs in Congress. He urged Congress to pass the International Communications Privacy Act to update the outdated ECPA.
“ICPA provides sensible ways for cross-border data access, including a robust legal process to access the email of Americans and notification of foreign countries, when required under international law,” Smith wrote. “Without these important clarifications, technology companies, law enforcement and the courts will continue to interpret and apply a law to technologies and circumstances far beyond what Congressional leaders envisioned in 1986.”