Microsoft has been in an ongoing legal battle regarding whether or not they have to turn over data that is stored in their Dublin data center. The tech giant was ordered to turn over data that authorities needed for a case regarding suspected illegal drug activities. Microsoft took the issue to court, and repeatedly was told that they must turn the data over by the lower courts.
Last year, however, the Court of Appeals for the Second Circuit said that they actually did not have to turn these emails over to the authorities. This is due in large part to the fact that the data in question was housed in a foreign country, specifically Ireland, which calls into question the right for a US law enforcement agency to demand the data.
The US Supreme court has now ordered a review of the appellate court’s ruling. This could result in the case being heard by the supreme court. Microsoft’s case is being supported by other major tech companies that offer cloud services including Cisco, Verizon, and Apple. They each recognize that the outcome of this case will set a precedent for future cases where law enforcement attempts to get data from one of their data centers.
Microsoft made an announcement related to the case saying, “U.S. federal or state law enforcement cannot use traditional search warrants to seize emails of citizens of foreign countries that are located in data centers outside the United States.”
This is a fairly straight forward position. The reason it is causing issues is because the laws governing this type of case come from the 1986 Electronic Communications Privacy Act. Any law related to the IT or data center industries that comes from 1986 is clearly going to be very outdated. The Internet has changed so dramatically that attempting to apply standards from the mid-1980’s is ridiculous. Microsoft is pushing to make this argument in the courts.
Unrelated to this specific case, there are some legislative efforts being made to update the laws that would apply to this situation. The International Communications Privacy Act of 2017, for example, covers exactly how these types of warrants should be processed. If passed, the law would say that these types of warrants are only permitted, “if the foreign government does not have a Law Enforcement Cooperation Agreement with the United states or, if it does have such a Law Enforcement Cooperation Agreement, the foreign government does not object to disclosure.”
Not surprisingly, Microsoft and many other tech companies are taking steps to support that new legislation. Whether this particular piece of legislation passes or not, it is clear that some type of updated laws are needed in this area.
What is equally clear is that companies, especially those offering cloud based services, need to put a lot of thought into where they are buying or building their data centers. Depending on the type of business being done, this can have a significant impact on a company no matter where they are headquartered.