Microsoft Corp. and the U.S. Justice Department will duke it out in front of the Supreme Court this week in a high-stakes case that could affect the online privacy of Americans. At issue is whether U.S. law enforcement officials conducting a criminal investigation can demand data held in other countries. A federal appeals court said no, it can’t. But both sides in the case agree that the law hasn’t kept up with modern technology.
1. What’s in the emails that prosecutors want so badly?
We have no idea. What’s known about the data is that it relates to a narcotics-trafficking investigation that dates to 2013 and that it’s stored in a giant server farm in Ireland. A federal judge in New York issued a search warrant for the emails, and Microsoft elected to challenge the order in court.
2. Why are the emails stored in Ireland?
The unidentified person at the center of the case registered for his Microsoft MSN email account as a resident of Ireland, according to one of the lower court opinions. Microsoft says its policy at the time of the search warrant was to store email content in the data center nearest to the customer’s self-declared country of residence.
3. How can I tell where my data is stored?
Regular folks would have a hard time finding out for sure. In the case of Microsoft, which tries to keep data in the user’s home region, it’s safe to say that the emails of Americans who register as Americans are probably stored somewhere in the U.S. (By contrast, Google Inc., in opposing a U.S. law enforcement request in a similar case, said even it doesn’t know the physical location of any specific piece of data, because its system can break a file into many pieces that get stored in multiple locations at once.) Microsoft says its cloud infrastructure includes more than 100 data centers located in more than 40 countries across the globe. It lets government and corporate customers choose to have data stored near where they operate.
4. Why is data stored all over the world?
To serve an increasingly global audience more quickly. Storing a client’s data close to where that client is reduces lag time. Ditto for running that client’s applications. And nobody wants a slow connection, whether processing millions of transactions a second or waiting for a photo to appear on Facebook. The biggest data-center operators, like Microsoft and Amazon, are always on the lookout for cheap land, tax breaks and access to cut-rate electrical power as they add more storage facilities.
5. Why is U.S. law not clear on this subject?
The law at issue in this case, the Stored Communications Act, which lets law enforcement gain access to electronic information once they obtain a warrant, dates back to 1986. That was three years before the advent of the World Wide Web and 20 years before Amazon opened the cloud computing era.
6. How is cloud computing involved?
There was a time in the not-so-distant past when law enforcement would have to look no further than your desktop computer to see your files. Now, consumers and businesses let companies like Microsoft, Amazon and Apple Inc. store data for them, in many cases not knowing or caring whether that means down the street or across the globe.
7. Why did Microsoft choose to fight this battle?
Two words: Edward Snowden. When the former National Security Agency contractor exposed clandestine data collection by the U.S. -- sometimes with industry collaboration -- in 2013, tech customers raised concerns that U.S. companies were acting as a conduit for government spying. Overseas customers in particular wanted assurances that data would be kept private. So Microsoft introduced the service that lets corporate clients have a say in where their information is stored. It also pledged that if it received a government demand for a customer’s records, it would seek to notify the customer, and it would object if the request sought overseas data that the company didn’t think the government was entitled to by law. Microsoft has said that unless it wins this case, some customers won’t store their data with any U.S. company.
8. Did Microsoft want to make its stand in a narcotics case?
It didn’t, according to its president and chief legal officer, Brad Smith. He said this case was the first to come along after the company announced its set of customer rights. That’s how Microsoft finds itself in the somewhat unappealing position of standing up for the rights of a suspected criminal instead of, say, the privacy of a human-rights campaigner.
9. What would Microsoft have had law enforcement do?
It cites the investigation that followed the 2015 shooting of journalists at Charlie Hebdo magazine in Paris. In that case, French authorities sought data stored by Microsoft in the U.S. not by approaching Microsoft directly but by working through U.S. law enforcement. Microsoft says that was the correct process, and that as a result, it handed over the attackers’ emails within 45 minutes. By contrast, in the case before the Supreme Court, the Justice Department did an end-run around Irish law enforcement and went straight to Microsoft to demand the files.
10. Who is siding with whom and why?
A who’s who of the tech and telecom industries have backed Microsoft, including rivals Apple and Amazon. So have privacy advocates and academics. The government received backing from the majority of U.S. states (though not Microsoft’s home state of Washington or tech-heavy California). Already, Google and Verizon Communications Inc.’s Yahoo have stopped complying with at least some search warrants for emails and other user data stored outside the country, the Justice Department said.
11. Could a new law resolve this situation?
Several bipartisan bills have failed to go anywhere. A new one has the backing of the tech industry and the Justice Department.
The Reference Shelf
- Legal briefs by Microsoft and the Department of Justice.
- Scotusblog’s page on the case.
- A Microsoft web page on "Where your data is located."
- Bloomberg View columnist Noah Feldman wrote that Microsoft’s case helps criminals, not privacy.
- Bloomberg Businessweek explained why the case could decide the future of U.S. cloud computing.
— With assistance by Greg Stohr