Appeals Court Upholds Its Denial Of DOJ's Demand For Microsoft's Overseas Data
from the go-bother-some-legislators,-kid dept
After being handed a loss in its judicial quest to force Microsoft to hand over data held in Ireland, the DOJ asked the Second Circuit for a rehearing of its July decision. At the center of the case is the DOJ’s belief that it should be able to force US companies to turn over data/communications contained in overseas servers.
The government wants to have it both ways with its warrants for electronic data. On one hand, it analogizes data demands as being no different than digging through a filing cabinet found in a house it’s searching. It argues that data held in servers/devices should be treated no differently than the personal papers the founding fathers tried to protect with the Fourth Amendment.
Then it argues that even if the “filing cabinet” isn’t located on the premises it has a warrant to search, it should be able to access the contents of that cabinet. This, from Microsoft’s motion to dismiss, explains what the government is truly asking for, using the sort of physical world comparisons the DOJ understands.
The Government cannot seek and a court cannot issue a warrant allowing federal agents to break down the doors of Microsoft’s Dublin facility. Likewise, the Government cannot conscript Microsoft to do what it has no authority itself to do — i.e., execute a warranted search abroad.
In its original decision, the Appeals Court pointed out that Congress clearly didn’t intend the wording of the Stored Communications Act to cover foreign data centers, no matter what sort of twisted, hybrid paperwork the feds served Microsoft in hopes of routing around territorial limitations. The court noted, as it often does, that if the DOJ wanted its half-warrant/half-subpoena to both skirt mutual assistance treaties and the court’s interpretation of the SCA, then it needed to approach Congress directly and get the SCA updated/amended.
And, indeed, the DOJ has done exactly that. It’s seeking legislation specifically targeting the terroritorial limitations in the SCA that prevent it from doing what it wants to. But in the meantime, the DOJ thought the court should take another swing at it. The Second Circuit has decided to pass on this opportunity. But it has issued an affirmation [PDF] of its original ruling, with some additional dissenting voices appended.
An equally divided federal appeals court refused to reconsider its landmark decision forbidding the U.S. government from forcing Microsoft Corp and other companies to turn over customer emails stored on servers outside the United States.
Tuesday’s 4-4 vote by the 2nd U.S. Circuit Court of Appeals in Manhattan let stand a July 14 decision that was seen as a victory for privacy advocates, and for technology companies offering cloud computing and other services worldwide.
But the dissenting judges said that decision by a three-judge panel could hamstring law enforcement, and called on the U.S. Supreme Court or Congress to reverse it.
“The panel majority’s decision does not serve any serious, legitimate, or substantial privacy interest,” Circuit Judge Jose Cabranes wrote in dissent.
The opinion doesn’t tell the DOJ anything it didn’t tell it previously, other than that the court is evenly divided. The decision reiterates points the DOJ didn’t like the first time around. And, once again, it directs the DOJ’s efforts at legislators, while also pointing out the dissent’s similar willingness to interpret the law in ways Congress never intended.
The position of the government and the dissenters necessarily ignores situations in which the effects outside the United States are less readily dismissed, whichever label is chosen to describe the “focus” of the statute. For example, under the dissents’ reasoning (as we understand it), the SCA warrant is valid when (1) it is served in the United States on a branch office of an Irish service provider, (2) it seeks content stored in Ireland but accessible at the U.S. branch, (3) the account holding that content was opened and established in Ireland by an Irish citizen, (4) the disclosure demanded by the warrant would breach Irish law, and (5) U.S. law enforcement could request the content through the MLAT process. This hardly seems like a “domestic application” of the SCA.
Rather, we find it difficult to imagine that the Congress enacting the SCA envisioned such an application, much less that it would not constitute the type of extraterritorial application with which Morrison was concerned. Indeed, calling such an application “domestic” runs roughshod over the concerns that undergird the Supreme Court’s strong presumption against extraterritoriality, and suggests the flaw in an approach to the SCA that considers only disclosure.
The DOJ’s flawed approach is also its most common approach. It seems genuinely baffled/irritated when its requests — and its interpretation of the law — are challenged. It views laws that don’t allow it to do what it wants to do as broken. Rather than view limits in laws as guidance to help keep it aligned with Constitutional rights, it tends to do what it wants and let the courts sort it out.
Sure, the judicial process isn’t exactly speedy, but it has better odds and a faster turnaround time than guiding legislation through multiple Congressional hoops. And it will continue to play the odds because not every service provider has the resources or legal acumen to fight back against unlawful demands.