Microsoft, DOJ Face Tough Questions Over Overseas Data Warrants at Supreme Court

Microsoft President and Chief Legal Officer Brad Smith, left, leaves the Supreme Court, Tuesday, Feb. 27, 2018, in Washington.

Microsoft President and Chief Legal Officer Brad Smith, left, leaves the Supreme Court, Tuesday, Feb. 27, 2018, in Washington. Andrew Harnik/AP

The government and the tech firm disagree over whether warrants under a 1986 law can reach emails stored overseas.

Supreme Court justices peppered Microsoft and Justice Department attorneys with questions Tuesday in the long-running dispute over whether U.S. warrants can reach internet data stored outside the country, but there was no clear indication where the court is leaning.

The case arose when Microsoft refused to comply with a 2013 warrant issued under the 1986 Stored Communications Act that demanded customer emails stored in a data center in Dublin.

Microsoft argued the emails were on Irish soil and so governed by Irish law, not American. The Justice Department argued the emails were really in the U.S. because Microsoft could retrieve them with just a few mouse clicks at its Redmond, Wash., headquarters.

Neither Microsoft nor the Justice Department has revealed the citizenship of the owner of the disputed emails, which were part of a narcotics trafficking case.

On one hand, upholding the decision from the U.S. Court of Appeals for the Second Circuit, which ruled in Microsoft’s favor, could severely hinder law enforcement investigations, Justice Samuel Alito said.

Unless Congress updates the 1986 law, that would mean U.S. police would have to obtain all overseas data using a process called Mutual Legal Assistance Treaties—effectively asking a host nation to request the data on the U.S.’s behalf—which can take months or years, Alito said.

The Second Circuit ruling has already made it difficult for the U.S. to comply with data requests from other nations, the government’s attorney Michael Dreeben said. That includes information requested under the 2004 Budapest Convention, which commits nations to help each other combat cybercrime.

A ruling for Microsoft might also incentivize tech companies to purposely store U.S. customers’ data outside the country as a service to customers who want to evade U.S. warrants, Chief Justice John Roberts worried.

That strategy would be technically possible, Microsoft attorney Josh Rosenkranz acknowledged, but it would be a very poor business decision because the added distance between people and their information would slow response times and cost the company money.

The easiest and cheapest alternate locations for U.S. data—Canada and Mexico—also routinely share data with U.S. law enforcement, he said.

There are also more effective ways for criminals to evade U.S. warrants online, Rosenkranz said, a likely reference to encrypted chat systems that FBI and Justice leaders have argued allow criminals and terrorists to “go dark” online.

If the high court reverses the Second Circuit ruling, however, it will be interpreting the 1986 statute in a context its authors never imagined, several justices argued.

“The government is asking this court to grant it an extraordinary power and it’s not a power Congress thought it was granting in 1986,” Rosenkranz said.

Justices Sonia Sotomayor and Ruth Bader Ginsburg both noted a bipartisan bill introduced in the House and Senate that would explicitly allow Stored Communications Act warrants for overseas data.

The Clarifying Lawful Overseas Use of Data, or CLOUD, Act, would give both the companies storing the data and the countries where the data is located a chance to object in U.S. court. A judge would then decide whether the warrant should be modified or denied entirely in the interests of maintaining good international relations.

“Why not leave the status quo as is and let Congress pass a bill in this new age that addresses potential problems your [interpretation of this bill] would create?” Sotomayor asked.

Dreeben replied that the CLOUD Act has not been marked up or passed through a committee in either chamber and that the court’s proper role is to interpret existing laws rather than wait for potential new ones.

Microsoft and other prominent tech companies have endorsed the CLOUD Act, but some civil liberties groups have criticized it, including the Center for Democracy and Technology and the Electronic Frontier Foundation.

Similar legislation that would moot the U.S.-Microsoft dispute has been introduced in the past two congresses but failed to gain traction.

The justices spent a fair amount of time during oral arguments Tuesday focusing on the basic question of whether the emails in Ireland were truly outside the U.S. in the way that paper files in a Dublin filing cabinet would be.

Dreeben described the emails as essentially in the U.S. because they could easily be retrieved in the U.S.

He compared it to a U.S. court ordering a person inside the U.S. to pay a fine. If that person claimed that all of her bank accounts are in another country it would not be considered “extraterritorial” for the court to demand that she withdraw funds from a U.S. ATM machine to pay her fine.  

Rosenkranz, on the other hand, described a series of complex technological processes that would be required before the Irish emails could appear in Redmond, Wash. When Justice Ginsburg demanded whether a human being in Ireland had to perform any of those processes, he replied that a robot did it.

However, “if you sent a robot into a foreign land to collect evidence,” he said, “it would certainly implicate foreign interests.”

Editor's note: This article has been updated to correct an attribution.