After a lengthy battle in the Second District Court of Appeals, Microsoft finally won its appeal to protect customer emails. The ordeal started when the US Department of Justice demanded Microsoft turn over a specific user's email account. Microsoft refused to hand over the contents of the email account. Since it physically resides in an Irish data center, Microsoft felt the request was outside the US's jurisdiction.
The technology giant refused the court order for a couple of reasons. It was important for the company to champion an individual's privacy. But also, Microsoft stated that laws regarding the access of data were woefully inadequate for just such a situation. Last year, Microsoft called upon Congress to:
grapple with the question whether, and when, law enforcement should be able to compel providers like Microsoft to help it seize customer emails stored in foreign countries. Only Congress has the institutional competence and constitutional authority to balance law enforcement needs against our nation’s sovereignty, the privacy of its citizens and the competitiveness of its industry.
Now that DOJ lost in the court of appeals, it looks like they are planning to circumvent the ruling. Since the DOJ can't compel Microsoft through the courts, the Wall Street Journal reports that the DOJ is going directly to the foreign countries to get at the data.
Last Friday, Brad Wiegmann, a senior official at the DOJ, discussed the administration's efforts to settle the issue through diplomacy. The Justice Department is pursuing agreements with other nations to allow certain types of cross-border data searches.
Foreign investigators could serve warrants across borders to either access stored information or monitor a suspect in real time. These would be reciprocal deals, so the US would gain the ability to serve warrants across borders by allowing other nations to serve warrants to technology companies in the US.
The first of such an agreement is being pursued with the UK. And Wiegmann assures that the Department of Justice would only enter such deals with select nations which clearly protect civil liberties.
Concerns from Privacy Advocates
But as the Wall Street Journal points out, there are some flaws with this approach. Privacy advocates, such as the Center for Democracy and Technology, say this results in “swapping out the U.S. law for foreign law." Other countries might protect some civil liberties. But these countries could have drastically lower standards for what it takes to issue a warrant.
Such agreements would also make the Second District Court of Appeals ruling a moot point. The DOJ could serve a warrant directly to Microsoft in Ireland, as long as the US enters such a cross-border data sharing agreement with the Irish government.
These agreements are certainly a more direct means for the DOJ to get the information it needs. However, circumventing the ruling and any public discussion of the bigger issues of the case only kicks the can down the road. Such direct agreements with other nations wouldn't require Congress to address privacy laws and how search and seizure applies to electronic data in our modern world.
The WSJ also reports the DOJ is considering appealing the recent ruling to the Supreme Court. So all of this may yet drastically change if the case is heard before the highest court in the land.