Microsoft Corporation’s (Microsoft U.S.) reply brief is due this week in its appeal of The District Court for the Southern District of New York’s order to comply with the U.S. government’s warrant requiring the turnover of a customer’s emails stored in Ireland by its Irish subsidiary. The warrant was issued pursuant to the US Stored Communications Act, which permits the government to request disclosure of a U.S. company’s overseas records.
To date, Microsoft has refused to turn over the stored emails, on the grounds that the U.S. government has no grounds to order a company to execute a search warrant on private emails stored overseas. Several Microsoft competitors, as well as industry and business groups, the European Union and the Irish governments, have filed amicus briefs in support of Microsoft’s position in this case. The Second Circuit Court of Appeals will hear arguments on the case later this Spring.
At issue is whether the U.S. federal government can require Microsoft U.S. execute a “warrant” to seize private emails of customers from an overseas server owned by an affiliate corporation, and return them to the U.S. for viewing by prosecutors. Microsoft and its supporters argue that the private emails in question are protected by Irish and European Union laws, and any request to turn them over should be decided by a court in those jurisdictions rather than a U.S. court. Alternatively, Ireland argues that the emails should be disclosed to the U.S. only upon approval of a request to the Irish government pursuant to the long standing Mutual Legal Assistance Treaty (MLAT) between the U.S. and Ireland. The MLAT sets forth a process by which the U.S. government could request the information for law enforcement purposes, in this case, the prosecution of a suspected drug trafficker, and the Irish Government would consider the request and whether to grant it.
If Microsoft should lose this case, the impact could affect cloud computing arrangements globally, and U.S. owned or controlled cloud providers specifically. Individuals, foreign companies and governments might hesitate to store data in the cloud of a U.S. owned or controlled company for fear it is not secure. Germany has already required that any company providing cloud services to the German government must certify that the stored data will not be subject to seizure by a foreign government.
See In the matter of a Warrant to Search a certain e-mail account controlled and maintained by Microsoft Corporation 14-2985-cv. Microsoft Corporation, Appellant, v. United States of America, Appellee.