Data Centre


Oi, force Microsoft to cough up emails on Irish servers to the Feds, US states urge Supremes

AGs pressure America's top court to make Redmond hand over overseas messages

By Rebecca Hill


Microsoft should not be able to “shield evidence” held on Irish servers from US prosecutors, a group of 35 US state attorneys general has argued.

The group – which represents Vermont, New Jersey, Illinois, Florida among other states – submitted an amicus brief to the US Supreme Court backing the US Department of Justice’s appeal in its long-running battle against the Windows giant.

The legal wrangling began in 2014, when American prosecutors took Microsoft to court to force it to hand over crime suspects' emails that were stored overseas on Microsoft servers in Ireland. The Feds demanded the private messages, citing section 2703 of the US Stored Communications Act, and Redmond refused to play ball.

We'll drag Microsoft in front of Supremes over Irish email spat – DoJ


Microsoft argued that the search warrant Uncle Sam obtained from a New York court for the emails couldn’t reach beyond US borders. In other words, in Microsoft's view, the Feds should have gone to the Irish courts for the warrant, rather than getting one in the US and trying to apply it overseas. The prosectors argued Microsoft is an American corporation and therefore should obey an order from an American judge; where the data sought existed was immaterial – it could be accessed from Redmond's US offices.

In July 2016, the United States Court of Appeals for the Second Circuit ruled in Microsoft's favour. The DoJ appealed to the Supreme Court, and in October, was told the Supremes would hear the case.

In their written submission to the court this month, the attorneys general described the lower court’s decision as “remarkable,” and called for it to be reversed. “The court reached this conclusion even though Microsoft could easily access the stored data from its United States offices,” the group said, echoing a key argument in the DoJ’s case against Microsoft.

They argued that it means US internet service providers and hosting companies can thwart US government attempts to access emails by storing them on a server in a foreign country, and claim the case is already having a knock-on effect in their jurisdictions.

“In recent months, in state and federal courts around the country, providers have relied on the decision [in the lower court] to refuse to comply with search warrants issued under the Stored Communications Act and its state law counterparts,” the brief stated.

This pushback, we're told, has occurred even when a court has found probable cause that an email account sought by investigators was used in connection with a crime: even though the account holder and the provider are both on US soil, the crimes were allegedly committed in America, and the data can be accessed from the US, companies have argued the information is offshore and therefore out of bounds to US courts.

The brief stated that these refusals “have had a very real and detrimental impact on Amici States’ ability to investigate crimes in their jurisdictions and to protect the safety of their residents”.

The UK government has also submitted a brief [PDF] to the Supreme Court, and said it is in support of neither party in the legal war.

However, in its argument, Blighty's officials said that a "solely location-based approach to law enforcement access to data no longer makes sense in the digital age," where companies can choose to store electronic communications in multiple nations. They went on:

Because of such storage policies, and due to technological change and the global nature of the communications environment, the U.K. does not believe that the geographic storage location of data should be the determining factor for whether or not a nation may gain access to such communications.

The Brit government added that the Second Circuit’s decision “disrupts” the cooperative process between nations and acts as an “impediment to other bilateral agreements” between the two nations.

Meanwhile, the Irish government – which has lent its support to Microsoft – submitted a brief [PDF] that is in support of neither party.

It said that it “does not accept any implication that it is required to intervene into foreign court proceedings to protect its sovereignty” and that it “continues to facilitate cooperation with other states… in the fight against crime.”

Other submissions include one from the European Commission, which last week said it planned to submit to make sure European data protection laws are “correctly understood” on both sides of the Pond. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Welcome! Mimecast finds interesting door policies on email filters

Microsoft and Proofpoint servers ushered in 15,656 malware attachments

GOPwned: Republicans fall victim to email hack

NRCC says it was hit in run-up to 2018 mid-term elections

Footie fans calling for a red card over West Ham United CC email blunder

If you're after an away ticket, now you know who to call

When selling security awareness training by email, probably a good shout not to hit 'reply all'

The irony meter is quivering

US State Department confirms: Unclassified staff email boxes hacked

Pompeo's peeps get free credit monitoring after some inboxes cracked open, data swiped

Prank 'Give me a raise!' email nearly lands sysadmin with dismissal

Who, Me? Staffer learns hard way: boss jokes don't mix well with infosec demos

Baddies just need one email account with clout to unleash phishing hell

Outsiders realised uni was hacked before uni did

Sendgrid blurts out OWN customers' email addresses with no help from hackers

Along came some spiders and saw the unsubscribers...

TalkTalk ups the (dis)satisfaction ante as UK folk wake up to borked email

New approach to dealing with complaints working wonders

Brit watchdog fines child sex abuse inquiry £200k over mass email blunder

Breach identified potential victims taking part in probe