On March 30, 2018, Solicitor General Noel J. Francisco filed a motion with the U.S. Supreme Court in United States v. Microsoft Corporation that seeks to vacate the judgment of the U.S. Court of Appeals for the Second Circuit in the case (which held in favor of Microsoft) and to remand the case with directions to dismiss it as moot. The motion was submitted in response to the passage of the CLOUD Act on March 23, 2018, and the Solicitor General’s subsequent letter to the Court on that same date prefacing its intent to submit a supplementary filing to address the effect of the CLOUD Act on the Court’s disposition of the Microsoft case (see previous discussion here).

In its motion, the government “respectfully submits that this case is now moot” because the CLOUD Act “resolves the question presented” by amending the Stored Communications Act (SCA) in part to state that service providers subject to a court order issued under the SCA are obligated to produce information within their “possession, custody, or control” without regard to whether the information is stored within or outside of the United States. The government further discloses that following enactment of the CLOUD Act, the government actually obtained a new warrant thereunder, and consequently Microsoft’s objection that the prior warrant issued under the SCA impermissibly sought to compel extraterritorial action is no longer applicable.

The government argues straightforwardly that “Microsoft must produce information of the sort requested here” under the CLOUD Act (unless it can raise a comity argument as contemplated under the CLOUD Act), and explains that while the government believes the CLOUD Act compels such production under the original warrant, the government determined “that the most efficient means” of obtaining the information sought under the original warrant was to secure a new warrant under the CLOUD Act. The Solicitor General further argues that there is no need for the Court (or lower courts) to address any dispute concerning the retroactive applicability of the CLOUD Act, in part because the government is no longer relying on the original warrant, and further that vacatur of the Second Circuit’s decision is necessary and appropriate to limit the legal consequences of the now-superseded appellate decision “on critical issues involving extraterritoriality and privacy.”

On April 3, 2018, Microsoft filed a response in agreement with the government’s position concerning the disposition of the case. Microsoft stated that the government’s withdrawal of its original warrant, and obtainment of a new warrant under the CLOUD Act, “moots this case… [and] Microsoft agrees with the Government that there is no longer a live case or controversy between the parties” with respect to the proper legal interpretation of a prior version of the SCA. Microsoft also noted that it had long maintained that Congress, and not the courts, was the “proper branch” to address the underlying issue in this case, and that the CLOUD Act now “defines a new approach.” Interestingly, although Microsoft supports the government’s request to vacate the Second Circuit’s decision, Microsoft requests that the Court also vacate the underlying decisions of the magistrate judge and district court (which held for the government and against Microsoft), to avoid “collateral estoppel in any future dispute” between Microsoft and the government.

It therefore appears likely that the Court will vacate the Second Circuit’s decision and remand this case, and that the CLOUD Act has absolved the Court of its obligation to render a difficult decision concerning technology and privacy in the digital age.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kathleen Porter Kathleen Porter

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and…

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies’ privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.

Photo of Conor Duffy Conor Duffy

Conor Duffy is a member of Robinson+Cole’s Health Law Group and the firm’s Data Privacy and Security Team. Conor advises hospitals, physician groups, community providers, and other health care entities on general corporate matters and health care issues. He provides legal counsel on…

Conor Duffy is a member of Robinson+Cole’s Health Law Group and the firm’s Data Privacy and Security Team. Conor advises hospitals, physician groups, community providers, and other health care entities on general corporate matters and health care issues. He provides legal counsel on a full range of transactional and regulatory health law issues, including contracting, licensure, mergers and acquisitions, Medicare and Medicaid fraud and abuse laws and regulations, HIPAA compliance, and other data privacy and security matters. Read his rc.com bio here.