Companies in the United States, when issued a warrant, have been required to hand over all requested data, including anything stored on offshore servers. One of the most prolific examples of this was in 2014, in an incident involving Microsoft. The Justice Department issued a warrant requesting all emails to and from a Microsoft customer who was a suspect in an international drug trafficking case. The company handed over all data stored on US soil, but refused to comply with requests for any data overseas.
The Justice Department, according to this article, fought Microsoft over the data stored in Ireland, pointing out that they were disregarding the court documents that had been issued. According to those documents, the company had to “deliver records, physical objects, and other materials,” on domestic soil. They claimed that since a US company owned and maintained the data, the server location was irrelevant. This was a legal gray area, thanks to the SCA warrant that had been issued.
An SCA warrant, or Stored Communications Act warrant, allows the government to gain access to any domestically held data. This includes emails, text messages, and any other similar electronic data. The DoJ tried to argue that since Microsoft was a US company that owned servers in other countries, the servers should be treated as if they were domestic. Therefore, the domestically held data would no different than internationally held data. Microsoft disagreed.
In New York, on the 14th of July, circuit Judges in The Second Circuit Court of Appeals took Microsoft’s side. The Judges ruled that offshore data was not meant to be included in the Stored Communications Act.
We conclude that Congress didn’t intend the SCA’s warrant provisions to apply extraterritorially. The SCA warrant in this case may not lawfully be used to compel Microsoft to produce to the government the contents of a customer’s email account stored exclusively in Ireland,” the Judges ruled.
This decision is considered a win for tech companies in the United States and especially welcoming news for Microsoft. Brad Smith, Microsofts general counsel, agreed with the ruling, saying:
As a global company we have long recognized that if people around the world are to trust the technology they use, they need to have confidence that their personal information will be protected by the laws of their own country. Today’s decision means it is even more important for Congress and the executive branch to come together to modernize the law.
He mentions that the decision indicated how important it is for Congress and the executive branch to work together on modernizing the law. The ruling by the Circuit Court Judges is a step in the right direction, and will hopefully inspire many more changes.