Microsoft Corp. lost its challenge to a U.S. government search warrant ordering the software giant to produce e-mails of an unidentified customer stored in a data center in Ireland.
U.S. District Judge Loretta Preska in Manhattan today upheld a federal magistrate’s decision requiring the company to turn over e-mails in a drug investigation. Preska delayed the effect of her ruling to give Microsoft time to appeal.
Preska rejected Microsoft’s argument that the warrant, which requires the company to provide investigators with the contents of the customer’s MSN.com Web-based e-mail, calls for an illegal search and seizure outside the U.S. The nation in which the customer lives wasn’t disclosed.
The judge delivered her ruling from the bench after a two-hour hearing, endorsing an April decision by U.S. Magistrate Judge James C. Francis IV. Today’s ruling sets up an appeal that may help dictate how courts apply legal protections to electronic data, particularly information stored by Internet service providers outside the U.S.
“Congress intended in this statute for ISPs to produce information under their control, albeit stored abroad, to law enforcement in the United States,” Preska said. “As Judge Francis found, it is a question of control, not a question of the location of that information.”
During the hearing, lawyers for both sides argued over the reach of the Stored Communications Act, or SCA, part of the Electronic Communications Privacy Act of 1986. The SCA allows law enforcement agents to obtain information through subpoenas, court orders or warrants, depending on the records sought.
“The only issue that was certain this morning was that the district court’s decision would not represent the final step in this process,” Microsoft’s general counsel, Brad Smith, said in a statement after the hearing. “We will appeal promptly and continue to advocate that people’s e-mail deserves strong privacy protection in the U.S. and around the world.”
Redmond, Washington-based Microsoft argued that the government should be required to get the e-mails through procedures dictated by a law-enforcement treaty between the U.S. and Ireland.
Assistant U.S. Attorney Serrin Turner told Preska that the treaty process, which can be complicated and time-consuming, isn’t legally required.
“We don’t need to go to a foreign country to get the records,” Turner said. “The provider is right here.”
E. Joshua Rosenkranz, a lawyer for Microsoft, argued that the government is seeking to “conscript Microsoft here in the United States to search files abroad.” He said that if other countries required Microsoft to provide them with e-mails of customers located in the U.S. “we would consider that an astounding infringement of our sovereignty.”
“That is a very, very dangerous principle that the government is articulating,” Rosenkranz said.
Rosenkranz told Preska that officials in China this week demanded a password to seek e-mail information in the U.S.
“Mr. Turner, what do you say to that?” Preska asked. “It’s pretty scary.”
Turner said concerns about what other countries may do should be addressed “through political and diplomatic channels,” not by ignoring the terms of the SCA.
Preska also heard arguments from lawyers representing AT&T Inc., Verizon Communications Inc., Apple Inc. and Cisco Systems Inc., which supported Microsoft’s position.
“Today’s decision is a major blow not just for Microsoft, but for the entire U.S. cloud-computing industry,” Christopher Soghoian, the principal technologist for the American Civil Liberties Union, said in a statement today. “If these companies wish to regain the trust of their global customers, they must embrace security technologies such as cloud cryptography, which can provide real privacy protections where the law does not.”
The case is In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp., 13-mj-02814, U.S. District Court, Southern District of New York (Manhattan).