Microsoft Corp. v. United States is a recent data privacy case concerning the extraterritorial reach of the Electronic Communications Privacy Act’s (of 1986) Stored Communications Act (the “SCA”).
In 2013, the US federal government issued Microsoft a warrant, asking it to turn over the email of a target who was being investigated in a drug-trafficking case. The warrant, issued by a US magistrate judge in the US District Court for the Southern District of New York, was issued under SCA. Pursuant to this warrant, Microsoft was to produce all emails and information associated with the target’s account. Microsoft denied the government’s request, arguing that the SCA precluded an extraterritorial application of a warrant for information stored on servers in Ireland.
After multiple failed attempts to block the government’s order, Microsoft appealed to the Second Circuit. A three-judge panel of the Second Circuit overturned the lower court’s ruling in July 2016, invalidating the government’s warrant. Relying on the US Supreme Court’s 2010 ruling in Morrison v. National Australia Bank, which held that the “longstanding principle of American law that legislation of Congress, unless a contrary intent appears, is meant to apply only within the territorial jurisdiction of the United States,” the Second Circuit found no mention of extraterritorial application in the SCA.
In June 2017, the US Department of Justice appealed to the Supreme Court, arguing that the Second Circuit’s decision allows large, data-laden companies to deny law enforcement officials with requested information stored on servers outside the US and warned that such prohibitions could hamper criminal investigations. The Supreme Court granted certiorari in October 2017 and the case, United States v. Microsoft Corp., was heard on Feb. 27, 2018.
The Supreme Court’s ruling was to be expected by June 2018, but in the time between the oral arguments in February and the expected decision in June, Congress passed the Clarifying Lawful Overseas Use of Data Act (the “Cloud Act”) on March 22, 2018. The Cloud Act allows US judges to issue warrants with an extraterritorial reach to obtain data such as the one at issue here; if the warrant’s scope conflicts with foreign law, then companies have means to object under the Cloud Act.
In response to the Cloud Act, the DOJ requested that the Court vacate the case and remand it to the Second Circuit. On April 17, 2018, the Court issued a per curium that per the passage of the Cloud Act, the case was rendered moot, vacating the case and remanding it.
While it may seem strange, Microsoft actually backed the Cloud Act. In its support for the Cloud Act, Microsoft stated that legislators, rather than the courts, are best situated to resolve such extraterritorial disputes, in that comprehensive legislation as opposed to “repeated court visits and legal battles” is proper. Microsoft’s hope is that legislation such as the Cloud Act will motivate “governments to move forward quickly to put new international agreements in place…a set of agreements that create an accepted model and establish clear international legal rules that satisfy law enforcement and privacy advocates alike.”
U.S. Top Court Rules That Microsoft Email Privacy Dispute is Moot