Data Collection

U.S. Top Court Rules That Microsoft Email Privacy Dispute is Moot

By Shaika Ahmed, J.D. Candidate 2019 | Posted on

Microsoft Corp. v. United States is a recent data privacy case concerning the extraterritorial reach of the Electronic Communications Privacy Act’s (of 1986) Stored Communications Act (the “SCA”).

In 2013, the US federal government issued Microsoft a warrant, asking it to turn over the email of a target who was being investigated in a drug-trafficking case. The warrant, issued by a US magistrate judge in the US District Court for the Southern District of New York, was issued under SCA. Pursuant to this warrant, Microsoft was to produce all emails and information associated with the target’s account. Microsoft denied the government’s request, arguing that the SCA precluded an extraterritorial application of a warrant for information stored on servers in Ireland.

After multiple failed attempts to block the government’s order, Microsoft appealed to the Second Circuit. A three-judge panel of the Second Circuit overturned the lower court’s ruling in July 2016, invalidating the government’s warrant. Relying on the US Supreme Court’s 2010 ruling in Morrison v. National Australia Bank, which held that the “longstanding principle of American law that legislation of Congress, unless a contrary intent appears, is meant to apply only within the territorial jurisdiction of the United States,” the Second Circuit found no mention of extraterritorial application in the SCA.

In June 2017, the US Department of Justice appealed to the Supreme Court, arguing that the Second Circuit’s decision allows large, data-laden companies to deny law enforcement officials with requested information stored on servers outside the US and warned that such prohibitions could hamper criminal investigations. The Supreme Court granted certiorari in October 2017 and the case, United States v. Microsoft Corp., was heard on Feb. 27, 2018.

The Supreme Court’s ruling was to be expected by June 2018, but in the time between the oral arguments in February and the expected decision in June, Congress passed the Clarifying Lawful Overseas Use of Data Act (the “Cloud Act”) on March 22, 2018. The Cloud Act allows US judges to issue warrants with an extraterritorial reach to obtain data such as the one at issue here; if the warrant’s scope conflicts with foreign law, then companies have means to object under the Cloud Act.

In response to the Cloud Act, the DOJ requested that the Court vacate the case and remand it to the Second Circuit. On April 17, 2018, the Court issued a per curium that per the passage of the Cloud Act, the case was rendered moot, vacating the case and remanding it.

While it may seem strange, Microsoft actually backed the Cloud Act. In its support for the Cloud Act, Microsoft stated that legislators, rather than the courts, are best situated to resolve such extraterritorial disputes, in that comprehensive legislation as opposed to “repeated court visits and legal battles” is proper. Microsoft’s hope is that legislation such as the Cloud Act will motivate “governments to move forward quickly to put new international agreements in place…a set of agreements that create an accepted model and establish clear international legal rules that satisfy law enforcement and privacy advocates alike.”

U.S. Top Court Rules That Microsoft Email Privacy Dispute is Moot

Federal Government May Have Spied on Your Yahoo Account

By Sheila Tabrizi, J.D. Candidate 2018 | Posted on

On Tuesday, October 4, 2016, Reuters revealed that Yahoo secretly scanned user emails for the federal government in 2015. Anonymous former Yahoo employees alleged that members of either the National Security Agency or Federal Bureau of Investigation issued a warrant under Section 702 of the Foreign Intelligent Surveillance Act (FISA), asking Yahoo to create software to search key words and/or phrases of user emails as part of an ongoing government investigation. Shortly after, Yahoo created a syphoning system by which the government could tap into user emails in real time and search for specific character strings that they believed were connected to national security threats. Yahoo has not denied these allegations.

(more…)

Can Artificial Intelligence Protect Us From Cybercrime?

By Erika Kiran Solanki, .D. Candidate 2017 | Posted on

According to Symantec’s Norton Report, the global cost of cybercrime was $113 billion in 2013. That is an astounding number. Human beings tend to be the biggest barriers to computer security in the sense that passwords are predictable, random USB drives do not cause pause, and we routinely visit less than secure websites.

The U.S. Department of Defense experiences 41 million scans, probes, and attacks a month. The U.S. military, once a vulnerable IT behemoth, is now reformed as an adept defender of its well-secured networks. According to the Pentagon, while technical upgrades and advanced technology are important, minimizing human error is even more critical. Despite the unified architecture and state-of-the-art technology, in almost every successful attack on the .mil network, people have been the weak link. Hackers capitalize on mistakes by network administrators and users, which create loopholes for successful penetration. Experts contend that simply consistent monitoring of systems—fixing known vulnerabilities and double-checking security configurations—can prevent the majority of attacks. It seems that technology can create a false sense of security. People matter as much as, if not more than, technology in building an ethos and culture that minimize risk.

(more…)

Can You Hear Me Now? Appeals Court Permits Bulk Collection of Metadata for One More Month

By Martin Salvucci, J.D. Candidate 2018 | Posted on

In a narrow ruling last week, a federal appeals court declined to enjoin the National Security Agency (NSA) from the bulk collection of metadata on domestic phone conversations. Controversy has dogged the once-secret bulk collection program since its existence was first revealed by Edward Snowden. Earlier this year, the same three-judge panel of the United States Court of Appeals for the Second Circuit had ruled that bulk collection fell outside the ambit of the USA PATRIOT Act. Amid heated debate this summer, Congress enacted companion legislation, the USA Freedom Act, which sought a groundwork for an alternative phone records program and proscribed bulk collection after a “transition period” of 180 days.

Although the federal government had obtained permission from the Foreign Intelligence Surveillance Court to operate the bulk collection program for the duration of this transition period, the American Civil Liberties Union (ACLU) sought injunctive relief against the N.S.A. on the theory that bulk collection violates the Fourth Amendment of the United States Constitution. In declining to intervene, the Second Circuit also punted on this constitutional question, suggesting that it would be unwise to address such a complex and weighty topic for the sake of a transition period that is, by definition, finite.

(more…)