<b><i>Breaking News:</b></i> Microsoft Prevails on Appeal in Dodging Warrant for Foreign E-mails

Microsoft and other U.S.-based internet service providers won a major victory on July 14 at the U.S. Court of Appeals for the Second Circuit, which reversed a lower court in finding the company is not required to comply with a U.S. warrant for customer e-mails stored on a server in Dublin.

The appellate court ruled that the Stored Communications Act's (SCA) 'unmistakable' focus is to protect the privacy of users and it does not authorize U.S. courts to issue and enforce warrants for the seizure of such content stored exclusively on foreign servers.

'When the government compels a private party to assist it in conducting a search or seizure, the private party becomes an agent of the government, and the Fourth Amendment's warrant clause applies in full force to the private party's actions,' the court said in Microsoft Corp. v. United States, 14-2985.

The lower court had denied Microsoft's motion to quash a warrant for information stored on the Irish server in a narcotics investigation ' and held the company in civil contempt for failure to comply.

The ruling by Judges Gerard Lynch, Susan Carney and District of Connecticut Judge Victor Bolden came in a closely watched case that drew dozens of amici briefs and represents a victory for the industry and company lawyers who sought to limit the extraterritorial reach of the act.

Carney wrote the court's opinion rejecting the argument that Congress intended '2703 of the SCA to have extraterritorial application.

'When, in 1986, Congress passed the Stored Communications Act as part of the broader Electronic Communications Privacy Act, its aim was to protect user privacy in the context of new technology that required a user's interaction with a service provider,' Carney said. 'Neither explicitly nor implicitly does the statute envision the application of its warrant provisions overseas,' Carney said.

The Microsoft case is the latest in a series of cases limiting the reach of U.S. laws abroad, beginning with the U.S. Supreme Court's decision in Morrison v. National Bank of Australia, 561 U.S. 247 (2010).

In the recent case, Microsoft and the government had different definitions on the nature and reach of the warrant: The company argued it was akin to a traditional warrant with territorial reach; the government countered it was only about 'compelled disclosure' of materials that were within the company's control ' regardless of where they are located.

Carney said: 'We think Microsoft has the better of the argument.'

But back in April 2014, Magistrate Judge James Francis denied Microsoft's motion to quash and Judge Loretta Preska affirmed in July 2014.

The fight moved to the circuit where, in 2015, Microsoft lawyer E. Joshua Rosenkranz said enforcing the subpoena would lead to 'global chaos.'

'What this case is about is an extension of sovereignty,' said Rosenkranz, a partner at Orrick, Herrington & Sutcliffe. 'We would go crazy if China did this.'

Former assistant U.S. attorney Justin Anderson countered: 'At issue here is the court's power to order the production of records whether by subpoena or warrant. This court has always held that this is not about ownership. This is about custody and control.'

But on July 14, Carney, citing Morrison, said Microsoft carried the day on the intent of Congress: 'When Congress intends a law to apply extraterritorial, it gives an 'affirmative indication' of that intent. We see no such indication in the SCA.'

The government, she said, emphasized the act's requirement that service providers disclose customer data and there was no territorial reference limiting that obligation.

'We find this argument unpersuasive: It stands the presumption against extraterritoriality on its head,' Carney said.

Instead, she said, the legislative history of the act supports the court's conclusion that 'Congress intended to invoke the term 'warrant' with all its traditional, domestic connotations.'

Lynch penned a concurrence in which he discussed what's at stake in the case and to 'emphasize the need for congressional action to revise a badly outdated statute.'

Microsoft's president and chief legal officer, Brad Smith, said in a statement: 'The decision is important for three reasons: It ensures that people's privacy rights are protected by the laws of their own countries; it helps ensure that the legal protections of the physical world apply in the digital domain; and it paves the way for better solutions to address both privacy and law enforcement needs.'

'

Mark Hamblett writes for the New York Law Journal, an ALM sibling of Cybersecurity Law & Strategy. He can be reached at [email protected]. Twitter: @Mark_Hamblett.

'