After years of legal dispute, Microsoft finally won the case before an appeals court. The Justice Department was left with nothing but a call to the Supreme Court. The US Department of Justice wasn’t happy with this, and took it to the second court of appeals and an 8 judge panel. In January of this year, the court had a split vote, meaning the previous decision was upheld. Microsoft argues that the DoJ must request the data via an Irish warrant, while the DoJ believes Microsoft has a duty as a US company to hand over the information. It says the treaty process would delay the investigation unnecessarily, quoting the Electronic Communications Privacy Act (EPCA). However, it’s clear this has become much more than a single case. After five years of delays, the DoJ is unlikely to solve the investigation in question. The battle will instead set a legal precedent going forward – one that could affect internet users across the world. “The continued reliance on a law passed in 1986 will neither keep people safe nor protect people’s rights. If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what’s to stop the government of another country from getting your emails even though they are located in the United States?” argued Microsoft Chief legal officer Brad Smith in October. “We believe that people’s privacy rights should be protected by the laws of their own countries and we believe that information stored in the cloud should have the same protections as paper stored in your desk.” Microsoft argues that the act would be a breach of Ireland’s sovereignty and would give the U.S. the power to ignore treaties. In January, 289 groups from 37 different countries signed legal briefs supporting that statement.
A Logistical Nightmare
Tech companies hold that data isn’t literally stored in the clouds; it has a set physical location. If Microsoft was to access the data, it would need to make a copy and import it to the US. That’s a complex issue that shouldn’t be bypassed with a key press. In the DoJ’s defense, such a system could quickly become a logistical nightmare. In this case, it’s only Ireland it’s looking to access, but increasingly, cloud data is split across multiple data centers in different countries. It would have to go through the process for each location, which could cripple any investigation. For the Supreme Court, it’s an incredibly complex minefield to navigate, but parts of its decision could be overridden. Earlier this month, Republication senator Orrin Hatch introduced the Cloud Act, which acts as a compromise between Google, Microsoft, Apple, and law enforcement. It would allow EPCA warrants to apply to overseas data, but would also let Microsoft challenge them if they violate that country’s laws. However, the EFF believes this still raises privacy concerns. US law enforcement could compel any service provider to hand over data, and the president would have the power to enter executive agreements. This would let other governments seize US data without a request if it’s not targetting a US citizen. He would not need congressional approval to do so. Whatever the eventual outcome, this Supreme Court hearing will be a huge one. For Microsoft, it’s competitors, and all their customers.