Microsoft Corp. v. United States

Last updated

Microsoft Corp. v. United States
Seal of the United States Supreme Court.svg
Supreme Court of the United States
Argued February 27, 2018
Decided April 17, 2018
Full case nameUnited States v. Microsoft Corp.
Docket no. 17-2
Citations584 U.S. ___ ( more )
138 S.Ct. 1186
Case history
PriorMicrosoft Corp. v. United States, S.D.N.Y. reversed, warrant quashed, and civil contempt ruling vacated (2nd Cir. 2016); cert. granted (S. Ct. 2018)
Holding
Second Circuit vacated and remanded after the controversy was mooted by passage of the CLOUD Act (March 2018).
Court membership
Chief Justice
John Roberts
Associate Justices
Anthony Kennedy  · Clarence Thomas
Ruth Bader Ginsburg  · Stephen Breyer
Samuel Alito  · Sonia Sotomayor
Elena Kagan  · Neil Gorsuch
Case opinion
Per curiam
Laws applied
Microsoft Corp. v. United States
Court United States Court of Appeals for the Second Circuit
Full case nameIn the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation
ArguedSeptember 9, 2015
DecidedJuly 14, 2016
Case history
Subsequent historyVacated by the U.S. Supreme Court as United States v. Microsoft Corp., No. 17-2, 584 U.S. ___ (2018), after the controversy was mooted by passage of the CLOUD Act (March 2018)
Holding
Reversed. Warrant quashed and civil contempt ruling vacated
Court membership
Judge(s) sitting Susan L. Carney, Gerard E. Lynch, Victor A. Bolden (District Judge)
Case opinions
MajorityCarney, Bolden
ConcurrenceLynch
Laws applied
Stored Communications Act of 1986

Microsoft Corp. v. United States, known on appeal to the U.S. Supreme Court as United States v. Microsoft Corp., 584 U.S. ___, 138 S. Ct. 1186 (2018), was a data privacy case involving the extraterritoriality of law enforcement seeking electronic data under the 1986 Stored Communications Act (SCA), Title II of the Electronic Communications Privacy Act of 1986 (ECPA), in light of modern computing and Internet technologies such as data centers and cloud storage.

Contents

In 2013, Microsoft challenged a warrant by the Federal Bureau of Investigation (FBI) to turn over emails of a target account stored in Ireland, arguing that a warrant issued under Section 2703 of the Stored Communications Act could not compel American companies to produce data stored in servers outside the United States. Microsoft initially lost in the Southern District of New York, with the judge stating that the nature of the Stored Communication Act warrant, as passed in 1986, was not subject to territorial restrictions. Microsoft appealed to the United States Court of Appeals for the Second Circuit, who found in favor of Microsoft by 2016 and invalidated the warrant. In response, the United States Department of Justice appealed to the Supreme Court of the United States, which decided to hear the appeal.

While the case was pending in the Supreme Court, Congress passed the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), which amended the SCA to resolve concerns from the government and Microsoft related to the initial warrant. The Supreme Court, following agreement from both the government and Microsoft, determined the passage of the CLOUD Act and a new warrant for the data filed under it made the case moot and vacated the Second Circuit's decision.

Background

As part of the investigation into a drug-trafficking case in December 2013, a United States magistrate judge in the United States District Court for the Southern District of New York issued a warrant under the Stored Communications Act of 1986 (SCA) requiring Microsoft to produce all emails and information associated with an account they hosted. While the information was held on Microsoft's United States servers, the emails were stored on a server in Dublin, Ireland, one of numerous servers Microsoft operates located around the world. [1]

Microsoft complied with providing the account information but refused to turn over the emails, arguing that a U.S. judge has no authority to issue a warrant for information stored abroad. Microsoft moved to vacate the warrant for the content held abroad on December 18, 2013. In May 2014, a federal magistrate judge, reviewing the history of the SCA (which had not been amended since its passage), disagreed with Microsoft and ordered it to turn over the emails, reasoning that unlike a typical warrant, SCA warrants function as both a warrant and a subpoena, and thus are not restricted by territorial constraints. [2] The magistrate judge considered that Microsoft had control of the material outside the United States, and thus would be able to comply with the subpoena-like nature of the SCA warrant. [2]

Microsoft appealed to a federal District Judge. [3] The district court upheld the magistrate judge's ruling, requiring Microsoft to provide the emails in full. [4] [5] [2]

Second Circuit opinion

Microsoft then appealed to the Second Circuit. [2] Several United States–based technology companies, publishers, and individuals submitted amicus briefs supporting Microsoft's position. [6] The Irish government also filed a brief in support of neither party. [6] The Irish government considered that the U.S. government's action violated both the European Union's Data Protection Directive and Ireland's own data privacy laws, and maintained the emails should be disclosed only on request to the Irish government pursuant to the long-standing mutual legal assistance treaty (MLAT) between the U.S. and Ireland formed in 2001; the government offered to consider such a request in an expedited manner for this case. [7] [8] [9] Jan Philipp Albrecht of the European Parliament filed an amicus brief in support of Microsoft, stating that should the court grant execution of the warrant, it could "extend the scope of this anxiety to a sizable majority of the data held in the world's data centers outside the U.S.". [6]

In the appeal to the Second Circuit, the three-judge panel unanimously overturned the lower court's ruling in July 2016, and invalided the government's warrant. [10] [11] The panel primarily focused on the extraterritoriality of the SCA, using a two-pronged test. [12] Circuit Judge Susan L. Carney wrote the opinion of Court with District Court Judge Victor A. Bolden. Circuit Judge Gerard E. Lynch wrote a concurring opinion. The court relied heavily on the United States Supreme Court's 2010 ruling in Morrison v. National Australia Bank that the "longstanding principle of American law that legislation of Congress, unless a contrary intent appears, is meant to apply only within the territorial jurisdiction of the United States" applies in all cases. The Second Circuit found no mention of extraterritorial application in the SCA nor in its legislative history. The court said the SCA's use of the term "warrant", as a term-of-art, suggested a specific territory. It also concluded that the primary focus of the SCA was protecting the privacy of users of electronic services. [12]

In his concurrence, Judge Lynch noted that there was nothing in the record to indicate whether the owner of the e-mails being sought was a U.S. citizen or resident. He agreed with the government that the term "warrant" only implied the need for issuance under Fourth Amendment standards, rather than suggesting it was a search warrant with a specific place. He also noted that Microsoft chose to store the e-mails in Ireland based on the account holder's unverified statement of residence and on Microsoft's business interest in minimizing network latency. No one disputed that if Microsoft had chosen to store the emails in the U.S., the warrant would have been valid. While he agreed with the majority that the presumption against extraterritoriality, as clarified in Morrison, was decisive in this case, he did not believe it to be an optimal policy outcome and called on Congress to clarify and modernize the SCA. [12]

The U.S. government filed a petition for an en banc rehearing by the Second Circuit in October 2016. [13] [14] In January 2017, the full court split 4–4 on a vote to rehear the case, leaving in place the judgment in favor of Microsoft. Circuit Judge Jose Cabranes, who wrote in dissent, wrote that the held decision "has substantially burdened the government's legitimate law enforcement efforts; created a roadmap for the facilitation of criminal activity; and impeded programs to protect the national security of the United States and its allies", and called on a higher court or the U.S. Congress to rectify the outdated language of the SCA. [15]

Separately from its appeal, the U.S. Government has had at least one other ruling in its favor, and specially against the decision of the Second Circuit Court, for similar extraterritorial requests under the SCA. In February 2017, federal magistrate judge, presiding over a district court within the Third Circuit, ruled that Google must comply with a government warrant to turn over data from foreign servers. The magistrate judge rejected Google's reliance on the current standing from the Microsoft case, and stated in his opinion that the scope of the invasion of privacy for the case was entirely within the United States, and not where the electronic transfer of the data occurs, making the SCA warrant enforceable. [7] [16]

Supreme Court

The U.S. Department of Justice filed an appeal with the Supreme Court in June 2017. [17] Deputy Solicitor General Jeffrey Wall argued that the Second Circuit's order has led Microsoft, Google, and Yahoo! to deny law enforcement officials with requested information stored on servers outside the United States, hampering numerous criminal investigations. The department was joined by 33 states in support. [18] Microsoft argued that the Court should not take the case, and instead that Congress should deal with updating the language of the outdated 1986 law. [18]

Gnome-mime-sound-openclipart.svg
Oral arguments
Recording of oral arguments before the Supreme Court.
Problems playing this file? See media help.

The Supreme Court granted certiorari in October 2017. [19] The case, United States v. Microsoft Corp., was heard by the Court on February 27, 2018, with a ruling originally expected by the end of the Court's term in June 2018. [20]

While the case was being decided by the Supreme Court, Congress introduced the Clarifying Lawful Overseas Use of Data Act ("CLOUD Act") shortly after the oral hearings. Among other provisions, the CLOUD Act modified the SCA to specifically include cloud storage considerations of communication providers in the United States regardless of where the cloud servers may be located. The bill was supported by both the DOJ and Microsoft. [21] In March 2018, Congress passed the CLOUD Act as part of an omnibus government spending bill, which was signed into law by President Donald Trump on March 22. [22] By the end of March, the DOJ had issued a request for a new warrant for the original emails from the 2013 investigation under the new authority granted by the CLOUD Act, and no longer seeking resolution of the original warrant. It also requested that the Court vacate the case and remand it back to the Second Circuit, where the matter could then be rendered moot due to the passage of the CLOUD Act. [23] [24] Microsoft agreed with the DOJ's position. [25] On April 17, 2018, the Court issued a per curiam opinion stating that the case was rendered moot and vacating and remanding the case back to the lower courts to dismiss the lawsuit. [26]

See also

Related Research Articles

<span class="mw-page-title-main">United States Foreign Intelligence Surveillance Court</span> U.S. federal court

The United States Foreign Intelligence Surveillance Court (FISC), also called the FISA Court, is a U.S. federal court established under the Foreign Intelligence Surveillance Act of 1978 (FISA) to oversee requests for surveillance warrants against foreign spies inside the United States by federal law enforcement and intelligence agencies.

<span class="mw-page-title-main">Electronic Communications Privacy Act</span>

The Electronic Communications Privacy Act of 1986 (ECPA) was enacted by the United States Congress to extend restrictions on government wire taps of telephone calls to include transmissions of electronic data by computer, added new provisions prohibiting access to stored electronic communications, i.e., the Stored Communications Act, and added so-called pen trap provisions that permit the tracing of telephone communications . ECPA was an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968, which was primarily designed to prevent unauthorized government access to private electronic communications. The ECPA has been amended by the Communications Assistance for Law Enforcement Act (CALEA) of 1994, the USA PATRIOT Act (2001), the USA PATRIOT reauthorization acts (2006), and the FISA Amendments Act (2008)

Email privacy is a broad topic dealing with issues of unauthorized access to, and inspection of, electronic mail, or unauthorized tracking when a user reads an email. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user's computer, or when the user reads the message. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters—therefore having legal protection from all forms of eavesdropping—is disputed because of the very nature of email.Morrison, Steven R. "What the Cops Can't Do, Internet Service Providers Can: Preserving Privacy in Email Contents". Va. JL & Tech.</ref>

Microsoft Corp. v. AT&T Corp., 550 U.S. 437 (2007), was a United States Supreme Court case in which the Supreme Court reversed a previous decision by the Federal Circuit and ruled in favor of Microsoft, holding that Microsoft was not liable for infringement on AT&T's patent under 35 U.S.C. § 271(f).

<span class="mw-page-title-main">Loretta Preska</span> American judge (born 1949)

Loretta A. Preska is an American lawyer who serves as a senior United States district judge of the United States District Court for the Southern District of New York. Born in Albany, Preska received law degrees from Fordham University School of Law and New York University School of Law. She practiced law in New York City from 1973 to 1992 at the law firms of Cahill Gordon & Reindel and Hertzog, Calamari & Gleason. President George H. W. Bush appointed her to the district bench in 1992. She served as chief judge of the court for a seven-year term from 2009 to 2016, and took senior status in 2017. President George W. Bush nominated Preska to the U.S. Court of Appeals for the Second Circuit in 2008, but the Senate did not act on the nomination.

<span class="mw-page-title-main">Stored Communications Act</span>

The Stored Communications Act is a law that addresses voluntary and compelled disclosure of "stored wire and electronic communications and transactional records" held by third-party Internet service providers (ISPs). It was enacted as Title II of the Electronic Communications Privacy Act of 1986 (ECPA).

Ontario v. Quon, 560 U.S. 746 (2010), is a United States Supreme Court case concerning the extent to which the right to privacy applies to electronic communications in a government workplace. It was an appeal by the city of Ontario, California, from a Ninth Circuit decision holding that it had violated the Fourth Amendment rights of two of its police officers when it disciplined them following an audit of pager text messages that discovered many of those messages were personal in nature, some sexually explicit. The Court unanimously held that the audit was work-related and thus did not violate the Fourth Amendment's protections against unreasonable search and seizure.

<i>United States v. Kilbride</i>

United States v. Kilbride, 584 F.3d 1240 is a case from the United States Court of Appeals for the Ninth Circuit rejecting an appeal from two individuals convicted of violating the Can Spam Act and United States obscenity law. The defendants were appealing convictions on 8 counts from the District Court of Arizona for distributing pornographic spam via email. The second count which the defendants were found guilty of involved the falsification of the "From" field of email headers, which is illegal to do multiple times in commercial settings under 18 USC § 1037(a)(3). The case is particularly notable because of the majority opinion on obscenity, in which Judge Fletcher writes an argument endorsing the use of a national community obscenity standard for the internet.

<i>United States v. Warshak</i>

United States v. Warshak, 631 F.3d 266 is a criminal case decided by the United States Court of Appeals for the Sixth Circuit holding that government agents violated the defendant's Fourth Amendment rights by compelling his Internet service provider (ISP) to turn over his emails without first obtaining a search warrant based on probable cause. However, constitutional violation notwithstanding, the evidence obtained with these emails was admissible at trial because the government agents relied in good faith on the Stored Communications Act (SCA). The court further declared that the SCA is unconstitutional to the extent that it allows the government to obtain emails without a warrant.

United States v. Jones, 565 U.S. 400 (2012), was a landmark United States Supreme Court case in which the court held that installing a Global Positioning System (GPS) tracking device on a vehicle and using the device to monitor the vehicle's movements constitutes a search under the Fourth Amendment.

<i>United States v. Graham</i>

United States v. Graham, 846 F. Supp. 2d 384, was a Maryland District Court case in which the Court held that historical cell site location data is not protected by the Fourth Amendment. Reacting to the precedent established by the recent Supreme Court case United States v. Jones in conjunction with the application of the third party doctrine, Judge Richard D. Bennett, found that "information voluntarily disclosed to a third party ceases to enjoy Fourth Amendment protection" because that information no longer belongs to the consumer, but rather to the telecommunications company that handles the transmissions records. The historical cell site location data is then not subject to the privacy protections afforded by the Fourth Amendment standard of probable cause, but rather to the Stored Communications Act, which governs the voluntary or compelled disclosure of stored electronic communications records.

The third-party doctrine is a United States legal doctrine that holds that people who voluntarily give information to third parties—such as banks, phone companies, internet service providers (ISPs), and e-mail servers—have "no reasonable expectation of privacy" in that information. A lack of privacy protection allows the United States government to obtain information from third parties without a legal warrant and without otherwise complying with the Fourth Amendment prohibition against search and seizure without probable cause and a judicial search warrant.

<i>In re Application of the United States for Historical Cell Site Data</i>

In re Application of the United States for Historical Cell Site Data, 724 F.3d 600, was a case in which the United States Court of Appeals for the Fifth Circuit held that the government can access cell site records without a warrant. Specifically, the court held that court orders under the Stored Communications Act compelling cell phone providers to disclose historical cell site information are not per se unconstitutional.

<i>United States v. Davis</i> (2014)

United States v. Quartavious Davis is a United States federal legal case that challenged the use in a criminal trial of location data obtained without a search warrant from MetroPCS, a cell phone service provider. Mobile phone tracking data had helped place the defendant in this case at the scene of several crimes, for which he was convicted. The defendant appealed to the Eleventh Circuit Court of Appeals, which found the warrantless data collection had violated his constitutional rights under the Fourth Amendment to the United States Constitution, but declined to order a new trial because the evidence was collected in good faith. The Eleventh Circuit has since vacated this decision pending a rehearing by the Eleventh Circuit en banc. United States v. Davis, 573 Fed. Appx. 925. On 5 May 2015, the en banc order upheld the use of the information. On 9th Nov 2015, the Supreme Court of the United States declined to hear this case on appeal.

The Email Privacy Act is a bill introduced in the United States Congress. The bipartisan proposed federal law was sponsored by Representative Kevin Yoder, a Republican from Kansas, and then-Representative Jared Polis, a Democrat of Colorado. The law is designed to update and reform existing online communications law, specifically the Electronic Communications Privacy Act (ECPA) of 1986.

<i>Microsoft v. United States</i> (2016)

Microsoft Corporation v. United States of America was a complaint for declaratory judgment action filed in the U.S. District Court in Seattle, Washington. At issue was the 1986 Electronic Communications Privacy Act. with Microsoft arguing that secrecy orders were preventing them from disclosing warrants to customers in violation of the company's and customers' rights. The case was started in April 2016 and although the government bid for dismissal of the suit, in February 2017 a federal judge set a trial date set for June 2018. Microsoft was supported in its lawsuit by companies such as Amazon, Apple, Google, Dropbox and Salesforce. The case was dropped by Microsoft in October 2017 after policy changes at the Department of Justice. Although no laws were changed, the new DOJ policy "changed data request rules on alerting Internet users about agencies accessing their information," and mandated defined periods of time for secrecy orders from the government. Although the change represented "most of what Microsoft was asking for," Microsoft did not rule out future litigation.

Carpenter v. United States, 585 U.S. ___, 138 S.Ct. 2206 (2018), is a landmark United States Supreme Court case concerning the privacy of historical cell site location information (CSLI). The Court held that the government violates the Fourth Amendment to the United States Constitution when it accesses historical CSLI records containing the physical locations of cellphones without a search warrant.

Data sovereignty is the idea that data are subject to the laws and governance structures of the nation where they are collected. The concept of data sovereignty is closely linked with data security, cloud computing, network sovereignty and technological sovereignty. Unlike technological sovereignty, which is vaguely defined and can be used as an umbrella term in policymaking, data sovereignty is specifically concerned with questions surrounding the data itself. Data sovereignty as the idea that data is subject to the laws and governance structures within one nation is usually discussed in two ways: in relation to Indigenous groups and Indigenous autonomy from post-colonial states or in relation to transnational data flow. With the rise of cloud computing, many countries have passed various laws around the control and storage of data, which all reflect measures of data sovereignty. More than 100 countries have some sort of data sovereignty laws in place. With self-sovereign identity (SSI) the individual identity holders can fully create and control their credentials, although a nation can still issue a digital identity in that paradigm.

<span class="mw-page-title-main">CLOUD Act</span> United States federal data privacy and government surveillance law

The Clarifying Lawful Overseas Use of Data Act or CLOUD Act is a United States federal law enacted in 2018 by the passing of the Consolidated Appropriations Act, 2018, PL 115–141, Division V.

Byrd v. United States, 584 U.S. ___ (2018), was a United States Supreme Court case that held that drivers of rental cars have rights protecting them from unconstitutional searches by police, even if the drivers are not listed on the rental agreement.

References

  1. Barnes, Robert (October 16, 2017). "Supreme Court to consider major digital privacy case on Microsoft email storage". The Washington Post . Retrieved October 16, 2017.
  2. 1 2 3 4 "In re Warrant to Search a Certain Email Account Controlled & Maintained by Microsoft Corp". harvardlawreview.org. Harvard Law Review. January 12, 2015.
  3. "Microsoft Ireland Case: Can a US Warrant Compel A US Provider to Disclose Data Stored Abroad?". cdt.org. Center for Democracy and Technology. July 30, 2014.
  4. "The "Microsoft Ireland" Case (Amicus Brief)". brennancenter.org. Brennan Center for Justice.
  5. "In re Warrant for Microsoft Email Stored in Dublin, Ireland". eff.org. Electronic Frontier Foundation. June 12, 2014.
  6. 1 2 3 Scott, Mark (December 24, 2014). "Ireland Lends Support to Microsoft in Email Privacy Case". The New York Times . Retrieved April 4, 2018.
  7. 1 2 Brier, Thomas Jr. (2017). "Defining the Limits of Governmental Access to Personal Data Stored in the Cloud: An Analysis and Critique of Microsoft Ireland". Journal of Information Policy. 7: 327–371. doi: 10.5325/jinfopoli.7.2017.0327 . JSTOR   10.5325/jinfopoli.7.2017.0327.
  8. Porter, Kathleen. "Microsoft versus the Federal Government; Round Three". jdsupra.com. JD Supra.
  9. "Brief For Ireland As Amicus Curiae In Support Of Neither Party". Electronic Frontier Foundation. December 23, 2014. Retrieved April 4, 2018. Ireland Is Willing To Apply The MLAT Process To This Warrant...Ireland would be pleased to consider, as expeditiously as possible, a request under the treaty, should one be made.
  10. "Microsoft wins: Court rules feds can't use SCA to nab overseas data". Ars Technica. Retrieved October 16, 2017.
  11. Microsoft Wins Appeal on Overseas Data Searches, Nick Wingfield, Cecilia Kang, New York Times, July 14, 2016
  12. 1 2 3 "Microsoft Corp. v. United States". Harvard Law Review . December 9, 2016. Retrieved October 16, 2017.
  13. "Petition of the United States of America for Rehearing and Rehearing En Banc" (PDF). Retrieved December 8, 2016.
  14. "Court ruling stands: US has no right to seize data from world's servers". Ars Technica. Retrieved August 17, 2017.
  15. Stempel, Jonathan (January 24, 2017). "Microsoft victory in overseas email seizure case is upheld". Reuters . Retrieved October 16, 2017.
  16. Kerr, Orin (February 3, 2017). "Google must turn over foreign-stored emails pursuant to a warrant, court rules". The Washington Post . Retrieved October 17, 2017.
  17. "Does US have right to data on overseas servers? We're about to find out". Ars Technica. Retrieved July 20, 2017.
  18. 1 2 Stohr, Greg (October 16, 2017). "Microsoft Email-Access Fight With U.S. Gets Top Court Review". Bloomberg Businessweek . Retrieved October 16, 2017.
  19. "Court adds four new cases to merits docket". SCOTUSBlog. October 16, 2017. Retrieved October 16, 2017.
  20. Jeong, Sarah (February 26, 2018). "What's at stake in the Microsoft Supreme Court case". The Verge . Retrieved February 26, 2018.
  21. Breland, Ali (August 1, 2017). "Senate bill would ease law enforcement access to overseas data". The Hill . Retrieved March 23, 2018.
  22. Brandom, Russell; Lecher, Colin (March 22, 2018). "House passes controversial legislation giving the US more access to overseas data". The Verge . Retrieved March 23, 2018.
  23. Stohr, Greg (March 31, 2018). "Justice Department Asks Court to Drop Microsoft Email Case". Bloomberg Businessweek . Retrieved April 2, 2018.
  24. Nakashima, Ellen (March 31, 2018). "Justice Department asks Supreme Court to moot Microsoft email case, citing new law". The Washington Post . Retrieved April 2, 2018.
  25. Hurley, Lawrence (April 3, 2018). "Microsoft calls for dismissal of U.S. Supreme Court privacy fight". Reuters . Retrieved April 4, 2018.
  26. "Supreme Court rules that Microsoft email privacy dispute is moot". Reuters. April 17, 2018. Retrieved April 17, 2018.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.