DOJ Asks High Court to Clarify Email Warrants Abroad

The Justice Department wants the Supreme Court to iron out how and when the U.S. government can compel U.S. tech companies to turn over customer emails stored outside the United States.

The question has been roiling government and the tech industry since 2014 when Microsoft refused to turn over customer emails stored in a Dublin data center.

Microsoft argued those emails were only subject to an Irish warrant and that U.S. authorities should ask the Irish government to demand and then turn over the emails using an official request called a Mutual Legal Assistance Treaty.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Microsoft’s argument doesn’t hold water, however, because the company could simply produce the emails in its Washington state headquarters with a few clicks of a mouse, the Justice Department said in its petition to the high court Friday.

The warrant was issued under the 1986 Electronic Communications Privacy Act, which long predates the modern internet.

The government won before a magistrate judge and in a U.S. District Court in New York but Microsoft prevailed before the U.S. Court of Appeals for the Second Circuit.

As a result of the Second Circuit ruling, tech companies including Google and Yahoo have declined to turn over extraterritorial data in response to warrants, the Justice Department argues in its petition to the high court.

That, in turn, has stymied numerous investigations, including into child sex trafficking, drug trafficking and child pornography, the government lawyers write.

If the Second Circuit decision stands, they write, it will offer “a roadmap for terrorists and criminals in the United States to insulate electronic communications from U.S. investigators” simply by duping email providers into believing the email owners are located outside the U.S.

Requiring Microsoft and other email providers to turn over foreign-stored emails without the assent of the emails’ host country, however, would cause more harm than good, Microsoft President and Chief Legal Officer Brad Smith responded in a blog post.

First, the decision would set a precedent for other nations to demand Americans’ emails stored inside the United States, Smith said. Second, it would make non-Americans warier of doing business with U.S. companies, he said.

Smith argued the Justice Department should let Congress write a new law governing internet data rather than trying to shoehorn the modern internet into the three-decade-old ECPA.

The House and Senate both considered legislation during the past two Congresses that would clarify how and when the government can issue warrants for extraterritorial data but that legislation has yet to pass either chamber.

The International Communications Privacy Act, which Sens. Orrin Hatch, R-Utah, Chris Coons, D-Del., and Dean Heller, R-Nev., introduced in 2016, would allow the Justice Department to issue warrants for U.S. citizens’ digital information regardless of where it’s stored but limit such warrants for foreigners to cases where the country storing the data has not objected or does not have a law enforcement cooperation agreement with the U.S.

The government’s petition argues there’s no time to wait for a legislative fix that may be years off. Nor is it possible to rely on international legal cooperation agreements, because many nations do not have effective cooperation agreements with the U.S., the government petition states.

In other cases, the petition notes, such agreements would also do little good. Google, for example, often fragments customer data so portions of the same email may exist in numerous locations or change location throughout the course of a day.