Microsoft may have won its fight to protect overseas data from American search warrants, but it can’t rest easy. The Supreme Court has agreed to hear the Department of Justice’s petition to review the case, virtually guaranteeing that the case will set the basis for how US law enforcement can access data abroad. We don’t have a court date as of this writing, but the arguments on both sides are already well-established.
A New York district court and the DOJ contend that companies, not users, own data stored abroad — in this case, email held in an Irish data center. As such, any warrant targeting an American company would be considered a domestic request and wouldn’t have to face extra scrutiny.
Both Microsoft and the Second Circuit Court of Appeals (which ruled in favor of Microsoft last year) see it very differently. They don’t believe that laws like the Electronic Communications Privacy Act were intended to reach beyond American borders, and that this creates conflicts with privacy laws in Europe and other corners of the world. Microsoft also sees this as a Pandora’s box. If you don’t own your data, then that theoretically means you lose your right to privacy the moment you step online. And if the US can use a warrant to take any data so long as it’s held by an American company, doesn’t that invite foreign governments to do the same thing?
Whether that’s a valid concern or irrational fear, Microsoft is upbeat about the Supreme Court challenge. Even if it loses, it knows that there are bills in progress (such as the Senate’s International Communications Privacy Act) that could restrict access to overseas data. The DOJ may get what it wants and still have to limit the scope of law enforcement’s data collection