News Stay informed about the latest enterprise technology news and product updates.

Microsoft wins email privacy court battle with U.S. government

The U.S. Court of Appeals ruled in favor of Microsoft regarding a controversial email privacy case with the U.S. government that involves data stored in an offshore data center.

Microsoft won a major decision in a controversial legal battle over email privacy with the U.S. government.

The U.S. Court of Appeals overturned a 2014 decision by U.S. Magistrate Judge James Francis ordering Microsoft to turn over emails of a suspected drug dealer under investigation by the U.S. Department of Justice (DOJ). Microsoft opposed the judge's order and the original warrant in the case because the emails were not stored in the U.S. -- they were held in a data center in Dublin, Ireland. The software giant argued the data center was outside the jurisdiction of U.S. law enforcement, so the DOJ should go through established channels with the Irish government to obtain the data.

The U.S. government claimed the emails were business records of Microsoft, rather than personal messages of the suspected drug trafficker; therefore, the messages should be turned over to law enforcement. Government lawyers also argued,  under the Stored Communications Act (SCA), the digital content of the emails was different than physical evidence.

Microsoft, however, opposed those claims and argued the U.S. government's actions in the case would allow it, as well as foreign governments, to reach outside jurisdictions and violate the privacy of customers using cloud services. Microsoft was supported by many other companies, including Amazon and Apple, which filed amicus briefs in 2014, arguing a ruling in favor of the U.S. government would have a chilling effect on cloud data privacy.

The three-judge panel for 2nd Circuit Court of Appeals agreed with Microsoft's stance on email privacy and ruled in the company's favor. "We conclude that § 2703 of the Stored Communications Act does not authorize courts to issue and enforce against U.S.‐based service providers warrants for the seizure of customer email content that is stored exclusively on foreign servers," the decision stated.

In the panel's opinion, Judge Susan Carney stated the government's Stored Communications Act warrant could not be used to compel Microsoft to turn over customers' emails stored outside the U.S. "We conclude that Congress did not intend the SCA's warrant provisions to apply extraterritorially," Carney wrote. "The focus of those provisions is protection of a user's privacy interests. Accordingly, the SCA does not authorize a U.S. court to issue and enforce an SCA warrant against a United States‐based service provider for the contents of a customer's electronic communications stored on servers located outside the United States."

In a separate concurring opinion, however, Judge Gerard Lynch wrote that "the government's arguments are stronger than the court's opinion acknowledges," and emphasized "the need for congressional action to revise a badly outdated statute." Lynch also wrote that the court's decision should not be "celebrated as a milestone in protecting privacy."

Nevertheless, Microsoft declared the ruling as an important decision for protecting cloud data privacy in the 21st century. Brad Smith, Microsoft's president and chief legal officer, said customers across the globe want traditional privacy protections for information stored in the cloud, and the court's decision this week helped to ensure those protections.

"We obviously welcome today's decision by the United States Court of Appeals for the Second Circuit," Smith wrote in a blog post. "The decision is important for three reasons: It ensures that people's privacy rights are protected by the laws of their own countries; it helps ensure that the legal protections of the physical world apply in the digital domain; and it paves the way for better solutions to address both privacy and law enforcement needs."

Next Steps

Microsoft issues call for strong encryption and privacy protections

What the EU GDPR privacy regulation means for cloud services

Microsoft national cloud program GM weighs in on email privacy case

Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What effect will Microsoft's court victory have on cloud data privacy?
Cancel
If that is the case I can see a lot more data centers moving off shore for that reason. The U.S, does not have jurisdiction over them. I guess it would go for any type of server as well, just not e-mail but file sharing could be done off shore.
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close