Supreme Court Agrees To Hear Case Involving US Demands For Emails Stored Overseas

from the spending-locally,-thinking-globally dept

The Supreme Court has granted the government's request for review of Second Circuit Appeals Court's decision finding Microsoft did not have to turn over communications stored overseas in response to US-issued warrants.

This is a pretty quick turnaround as far as tech issues go. The Supreme Court is finally willing to take a look at the privacy expectation of third party phone records (specifically: historical cell site location info), following years of courtroom discussion... which follow years of Third Party Doctrine expansion.

That being said, a resolving of sorts is needed to clarify the reach of US law enforcement going forward. The Second Circuit twice shut down the DOJ's requests to extend its reach to offshore servers. Even as the Microsoft case was still being litigated, other courts were coming to contrary decisions about data stored overseas.

The target in these cases was Google. Google's data-handling processes contributed to the adverse rulings. Unlike Microsoft -- which clearly delineated foreign data storage -- data and communications handled by Google flow through its servers constantly. Nothing truly resides anywhere, a fact the DOJ pressed in its arguments and the one two judges seized on while denying Google's warrant challenges.

The Supreme Court's ruling will be needed to tie these disparate decisions up into a cohesive whole.

Or not. Rule 41 changes that went into effect at the beginning of this year remove a lot of jurisdictional limitations on search warrants. On top of that, the DOJ has been angling for expanded overseas powers, pushing Congress towards amending the Stored Communications Act.

This, of course, is what the Second Circuit Appeals Court told the government to do: take it up with legislators. But if litigation is a slow process, legislation can be just as time-consuming. The DOJ wants permission now and the Supreme Court gives it the best chance of being allowed to grab communications stored outside of the United States using a warrant signed by a magistrate judge anywhere in the US.

In the meantime, the DOJ will continue to pursue amendments to the Stored Communications Act -- a law it's already taken advantage of, thanks to it being outdated almost as soon as it was implemented. Further rewriting of the law in the DOJ's favor would allow US law enforcement to become the world's police, serving warrants in the US to gather documents stored around the globe.

While this may seem like a boon to law enforcement, it should be approached with extreme caution. If this becomes law (rather than just a precedential court decision) the US government should expect plenty of reciprocal demands from other countries. This would include countries with far worse human rights records and long lists of criminal acts not recognized in the US (insulting the king, anyone?). The US won't be able to take a moral or statutory stand against demands for US-stored communications that may be wielded as weapons of censorship or persecution against citizens in foreign countries. Whoever ends up handing down the final answer -- the Supreme Court or Congress -- should keep these implications in mind.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 18 Oct 2017 @ 3:40pm

    The situation will become very interesting if the US says Yes and the EU says no.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Oct 2017 @ 4:05pm

    They Work for the U. S. Government

    It's easy to predict the verdict.

    reply to this | link to this | view in chronology ]

  • identicon
    SirWired, 18 Oct 2017 @ 4:09pm

    Should probably depend on the nationality and residence of the target

    There's a happy medium between "If a US company has access to the data, they must cough it up, no exceptions" and "If I select a foreign server, the Feds are powerless to execute a US warrant on my data."

    Guidelines that would make sense would take into account the residency and nationality of the target. It doesn't make much sense that I can help to insulate my affairs from law enforcement investigation by telling Amazon, or whomever, to store my data in another country, even though both Amazon and myself are US entities.

    Now, if if the target is foreign, and the data is stored local to the target, even if the company holding the data is local, certainly the privacy laws of the target's country should be taken into account.

    reply to this | link to this | view in chronology ]

    • icon
      orbitalinsertion (profile), 18 Oct 2017 @ 5:36pm

      Re: Should probably depend on the nationality and residence of the target

      It doesn't make much sense that I can help to insulate my affairs from law enforcement investigation by telling Amazon, or whomever, to store my data in another country, even though both Amazon and myself are US entities.

      You can do it with your money, so why not?

      What I actually find problematic is multiple sets of rules, period. Why should foreign anything be an easier target? Why should the general human rights enshrined in the Constitution not apply to any human being? (We keep losing them in the States, too, so eventually we may all be equal if not free.)

      If you have a valid (truly valid, not gaming, not enhanced by ridiculous new laws or "interpretations", not because you can find the right judge to sign anything) warrant for a particular thing, then sure why not make someone subject to US law (i.e., legal punishment) cough it up?

      The real problem is the expansive power to subpoena large swathes of whatever pretty much on a whim, keep it forever, and not discard irrelevant information regarding unrelated parties or things unrelated to any supposed investigation.

      reply to this | link to this | view in chronology ]

      • identicon
        SirWired, 19 Oct 2017 @ 3:47am

        You got things exactly backwards

        "Why should foreign anything be an easier target?"

        I didn't say that. Not one bit.

        In fact, I said the exact opposite. "if the target is foreign, and the data is stored local to the target, even if the company holding the data is local, certainly the privacy laws of the target's country should be taken into account." So it the target of the investigation is European, and the data is on a European server, the EU privacy laws should be part of the calculus for granting the warrant.

        reply to this | link to this | view in chronology ]

      • icon
        Richard (profile), 19 Oct 2017 @ 4:49am

        Re: Re: Should probably depend on the nationality and residence of the target

        Why should the general human rights enshrined in the Constitution not apply to any human being? (We keep losing them in the States, too,

        The reason you are losing them in the US is precisely BECAUSE the constitution is not applied to every human being everywhere.

        The non-applicability of the constitution to non-US nationals together with its non-applicabilty outside the US provides the thin end of a very convenient wedge that is steadily being used to destroy most of the rights granted by the constitution.

        Already being "near the (physical) border" is sufficent to remove constitutional protections. The next step (if not already taken) will be "near the (cyberspace) border", which in practice == everywhere.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Oct 2017 @ 6:24pm

      Re: Should probably depend on the nationality and residence of the target

      It doesn't make much sense that I can help to insulate my affairs from law enforcement investigation by telling Amazon, or whomever, to store my data in another country,

      So why should foreigners be able to "insulate their affairs from law enforcement" by storing their data in foreign countries? Why should foreigners have more rights than US citizens? You do realize that the US government doesn't "own" it's citizens, don't you? The US once fought a civil war partly over the idea of owning people.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Oct 2017 @ 6:43pm

        Re: Re: Should probably depend on the nationality and residence of the target

        Local law enforcement.

        reply to this | link to this | view in chronology ]

      • identicon
        ryuugami, 18 Oct 2017 @ 11:55pm

        Re: Re: Should probably depend on the nationality and residence of the target

        So why should foreigners be able to "insulate their affairs from law enforcement" by storing their data in foreign countries?

        Because people not in the US are NOT SUBJECT TO US LAW. It's the same reason why you are free to insult the king of Thailand or why your mother is free to leave the house without a male guardian accompanying her, or show her ankles in public.

        The US should keep it's grubby hands off of my data, fuck you very much.

        If US law enforcement has a legitimate grievance against a citizen of a different country, they can work together with that countries' law enforcement.

        Why should foreigners have more rights than US citizens?

        You are a fucking moron.

        reply to this | link to this | view in chronology ]

      • identicon
        SirWired, 19 Oct 2017 @ 3:44am

        Wait? What?

        "Owning people"? What on earth are you talking about?

        All I'm saying is that the US government's jurisdiction should be limited when it's regarding data whose only connection to the US is that it happens to reside on a server owned by a company that has business in the US.

        reply to this | link to this | view in chronology ]

  • identicon
    Christenson, 18 Oct 2017 @ 4:45pm

    Care, custody, and control...

    The internet is, frankly, almost borderless, great firewall of China excepted.

    Where are Techdirt's records physically? I don't know that even Techdirt knows the zip code, and there's any number of rentable server racks it could migrate to pretty much imperceptibly.

    And Techdirt, as it were, is probably pretty thin compared to,say, equifax or microsoft or facebook on those records, too.

    I think the standard would have to be the locus of control...who has care, custody, and control over the records, just like the standards for discovery. Now, how do we apply that if the call center is in india, with americans, mexicans, and canadians all calling in?

    reply to this | link to this | view in chronology ]

  • icon
    MyNameHere (profile), 18 Oct 2017 @ 5:54pm

    It's not hard to see the verdict in this one, because there is little to really debate.

    The last thing the courts would want to do is create a situation where companies are encouraged to offshore data to avoid responsibilities for it. It would be easy to see every American company putting it's data into a "haven" countries strictly to avoid any and all government regulation. Think of it on par with tax avoidance, every big company does it.

    I think in the end the will end up having to deal with the basic concept that if the company is here in the US, and the data is accessible and used in the US, then there is no doubt that it should be accessible via warrant or court order.

    You could also consider the question from Europe of offshoring data. There is plenty of push back in making sure that the data stored in the US is respecting European privacy standards and what not. Clearly, as far as the Euro side is concerned, the data belongs to them no matter where it's been farmed out to. It's not unreasonable for SCOTUS to come to the same conclusion for data created in the US, held by companies based in the US, or for US citizens, residents, and the like.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Oct 2017 @ 6:12pm

    That's one way to stop Russian hackers.

    Make it so they don't have to. Let them just issue search warrants instead!

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 18 Oct 2017 @ 9:25pm

    what if the company is foreign?

    If US-based companies are susceptable to third party searches by the United States, doesn't that incentivize me as a business to use foreign-based cloud services? Especially since the US DoJ is known for regarding Fourth Amendment protections as inconvenient.

    By the time this era is done the US may be as isolated as North Korea.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Oct 2017 @ 3:03am

    Doing it wrong

    Lets put aside the question if there should even be reciprocal warrants in the first place. If they are actually desired there is a right way to do it and the US government isn't doing it.

    The whole issue could have been avoided if diplomats proposed and legislatures ratified reciprocity treaties for warrants with foreign countries. That would have been the proper and lawful way to deal with out of jurisdiction warrant serving.

    Doing it properly would also involve some limitations. Like obvious caveats like needing to meet an agreed upon evidentiary standard and the cause for the warrant actually violating both country's laws.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Oct 2017 @ 4:50am

      Re: Doing it wrong

      Doing it properly would also involve some limitations. Like obvious caveats like needing to meet an agreed upon evidentiary standard and the cause for the warrant actually violating both country's laws.

      You mean like with Kim Dotcom in New Zealand? Oh, wait...

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 19 Oct 2017 @ 11:04am

        Kim Dotcom

        The Kim Dotcom raid was a corporate action using ICE as mercenaries in which an alleged civil grievance was used to justify the use of ambiguous US law to attack a business and its civilian owner.

        Considering the case is still in litigation, and continues to show no wrongdoing by Kim Dotcom, I'd say it's a bad example of anything, except how US agencies can be too-easily prepurposed to function as corporate heavies.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 20 Oct 2017 @ 6:48am

          Re: Kim Dotcom

          The warrant didn't allege violation of New Zealand law but was still found found valid by New Zealand courts. Thus, not "actually violating both country's laws."

          reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 19 Oct 2017 @ 3:39pm

    "The Supreme Court is finally willing to eliminate the privacy expectation of third party phone records (specifically: historical cell site location info), following years of courtroom discussion... which follow years of Third Party Doctrine expansion."

    FTFY

    If this becomes law (rather than just a precedential court decision) the US government should expect plenty of reciprocal demands from other countries. This would include countries with far worse human rights records and long lists of criminal acts not recognized in the US (insulting the king, anyone?). The US won't be able to take a moral or statutory stand against demands for US-stored communications that may be wielded as weapons of censorship or persecution against citizens in foreign countries.

    I don't think the current administration would have any qualms about handing over such information anyway.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.