US Supreme Court

The Supreme Court will deal with the four-year-old e-mails of a suspected drug dealer in an exemplary case. This was announced by the highest court in the United States on Monday.

The case was known as the “warrant case” in 2013 in which the US government presented Microsoft with a search warrant for a suspect’s e-mail account, signed by a New York District Judge, in a case of drug-related crime. But Microsoft refused to issue the e-mails because they were stored on a server in Ireland and the company felt that such a (special) search warrant from the US was not valid in another country. At least not without the consent of the other government or court.

The US administration, on the other hand, was convinced that it had certain extraterritorial rights in cases like this. It considers this approach to be based on a law passed long before the era of cloud computing – the Electronic Communications Privacy Act (ECPA) of 1986.

After years of legal dispute, Microsoft finally won the case before an appeal court. The Justice Department was left with nothing but a call to the Supreme Court. The US Department of Justice wasn’t happy with this, and took it to the second court of appeals and an 8 judge panel. In January of this year, the court had a split vote, meaning the previous decision was upheld.

Other countries could follow the verdict

The US Supreme Court will now deal with the case. A decision is expected by summer 2018. Microsoft continues to believe that Congress should legislate on the powers of the government and not leave it to the courts. The company would prefer the US to negotiate with other countries to modernize the so-called mutual legal assistance treaties (MLATs). These are mutual legal assistance agreements that regulate the cross-border exchange of data. However, proceedings under these agreements currently usually take so long that they are not helpful for prosecutors.

Such agreements would at best prevent other countries from following the US and also from passing laws that apply beyond their borders – and cloud companies from deciding in the future whose laws they would break if they were to hand over data stored abroad to a government or not.

Favoring financially strong companies

So far, Microsoft has attempted to circumvent this situation by storing customer data on request (and for an extra fee) in one of two special data centers in Germany. Although the hardware is owned by Microsoft, the company does not have any access to the data. Only the Deutsche Telekom subsidiary T-Systems, the so-called data trustee and operator of the data center, can access the data. However, the problem with such a model is, that only financially strong companies that find suitable partners and data centers abroad might be able to afford it – like Microsoft.

Microsoft’s attorney-in-chief Brad Smith has already commented on the Supreme Court’s announcement:

” The continued reliance on a law passed in 1986 will neither keep people safe nor protect people’s rights.  If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what’s to stop the government of another country from getting your emails even though they are located in the United States?  We believe that people’s privacy rights should be protected by the laws of their own countries and we believe that information stored in the cloud should have the same protections as paper stored in your desk. Therefore, Congress needs to modernize the law and address these fundamental issues.”