US govt can't stop Microsoft taking its Irish email seizure fight to the Supreme Court
Message slurp faces scrutiny from America's highest judges
The US government has lost a legal appeal to have a critical case against Microsoft reheard, paving the way for a Supreme Court challenge.
In an even split of 4-4 judges, the Second Circuit Court of Appeals, based in New York, denied [PDF] the request for a full rehearing of the case in which Microsoft has refused to hand over to American investigators the emails of a non-US citizen held on a server in Ireland.
The case is seen as a critical test of how far legal jurisdiction in the internet era can stretch.
Back in 2014, the FBI used a law dating from 1986 (the Stored Communications Act) to ask for the emails; Microsoft refused to hand them over, arguing that search warrants did not reach beyond US borders.
In July 2016, the appeals court sided with Microsoft when it concluded that "the Stored Communications Act does not authorize courts to issue and enforce against US‐based service providers warrants for the seizure of customer email content that is stored exclusively on foreign servers."
That decision came following an unusual legal approach that Microsoft adopted in 2014, where it actively asked a New York judge to find it in contempt of court for refusing to honor the warrant.
The Justice Department was not happy with the Appeals Court's decision, and so in October it questioned the "unprecedented" decision and asked for a full-bench hearing. Its logic was that the search warrant should not depend on where the data was stored but instead on who controls access to it. Microsoft has never denied that it is able to bring up the emails on a system located in the United States.
Government lawyers pointed out that users have no choice about where their data resides, and raised concerns that if the judgment was allowed to stand, US companies could bypass domestic laws by simply storing their data on servers in other jurisdictions. They name-checked Google and Yahoo! as examples for how their entire databases could remain out of the reach of the authorities "even when the account owner resides in the United States and the crime under investigation is entirely domestic."
The case is clearly a difficult one, as the 4-4 judge split demonstrates. A further three judges recused themselves from the decision. The even split, however, means that the case will not be reheard.
The four dissenting judges each wrote their own opinion explaining why they felt the case should be reheard. One, Dennis Jacobs, was highly critical of the earlier ruling in Microsoft's favor, calling it "unmanageable, and increasingly antiquated."
To Jacobs' eyes, "If I can access my emails from my phone, then in an important sense my emails are in my pocket." He also queried the extent to which such a ruling would impact other areas, such as bitcoins or digital recordings.
The lead judge in the original appeal, Susan Carney, unsurprisingly disagreed with the dissenters and highlighted the Supreme Court's "strong presumption against extraterritoriality." Claiming that simply because something was accessible in the US made it subject to US law "runs roughshod" over that basic principle, she argued.
There did, however, remain the question about the dangerous precedent that could be set, particularly given the national security and public safety implications – which several judges noted should prove sufficient for a rehearing. Conversely, some have pointed out that the law could set a precedent for other countries to insist on access to US citizens' emails.
With a new administration in place, it is possible that the Justice Department will be asked to drop the case, but it is more likely that it will take the case to the Supreme Court, which will effectively be asked to decide where data lives and how far US laws stretch in the digital era.
As with several other legal cases working their way through the legal system – from fifth amendment protections on location data and mobile phone passcodes, to first amendment encryption questions, not to mention mass surveillance – the biggest issue is that the current laws in place are wholly unsuited to the modern world and are being stretched and pulled in different directions.
But with Congress in a decade-long impasse, the inability to develop new laws for the internet era is causing a slow build-up in problems within the legal system, of which this case is just one.
"We welcome today’s decision," Microsoft president Brad Smith said in a statement to El Reg.
"We need Congress to modernize the law both to keep people safe and ensure that governments everywhere respect each other’s borders. This decision puts the focus where it belongs, on Congress passing a law for the future rather than litigation about an outdated statute from the past." ®
Sponsored: Becoming a Pragmatic Security Leader