Microsoft, U.S. Set for High Court Battle on Overseas Emails


• Microsoft, U.S. at odds over law enforcement request for user data stored in Ireland
• Supreme Court oral arguments set for Feb. 27


Microsoft Corp. and the U.S. government will face off Feb. 27 in U.S. Supreme Court oral arguments over whether the tech giant must turn over to law enforcement user emails stored in Ireland.

The Supreme Court’s ruling will send reverberations through the cloud where companies store consumer data across borders. The court has a chance in the high-stakes litigation to provide clarity for online companies and law enforcement agencies on when and how data stored abroad that’s related to a criminal investigation can be accessed under the Stored Communications Act.

“It’s one of the most important privacy cases on the court’s agenda this year,” Craig A. Newman, chairman of the data security practice at Patterson Belknap Webb & Tyler LLP, told Bloomberg Law. “The appeal raises complicated questions about where digital data actually lives and what country should have control over the data.”

E. Joshua Rosenkranz, head of Orrick Herrington & Sutcliffe LLP’s Supreme Court and appellate litigation practice, and U.S. Solicitor General Noel J. Francisco and are set to square off on whether the over 3-decades-old SCA should allow law enforcement to force Microsoft to turn over emails related to a drug case.

The high court is facing the challenge of interpreting a statute enacted before the conception of massive data centers and cloud storage, Newman said.

Even as the Supreme Court ponders the question, Congress may hold the key to solving many of the underlying issues. Bills to update the SCA to allow for easier law enforcement cross-border action are supported by both sides in the litigation.

Second Circuit Ruling

The full U.S. Court of Appeals for the Second Circuit ruled that forcing Microsoft to turn over data stored in Ireland was an unacceptable extraterritorial application of the SCA. Lower federal courts have generally ruled that U.S.-based cloud providers must turn over data under a lawful court order if it can be accessed by U.S. employees located in the country.

Microsoft argued in its briefs to the Supreme Court that the data falls outside the scope of the SCA as intended by Congress when it passed the law in 1986, and points to Mutual Legal Assistance Treaties (MLATs) as a proper avenue for making such requests. The U.S. has argued that because Microsoft can activate access to the data from within the U.S., it should be required to turn over the requested data.

The Supreme Court took the case to provide clarity—for the government and tech companies that get served with SCA orders—around varying standards that federal trial courts have been applying to cross-border law enforcement requests relating to criminal allegations, David A. Newman, national security of counsel at Morrison & Foerster LLP in New York, told Bloomberg Law.

Cloud computing service providers, such as Amazon.com Inc. and Apple Inc., and tech industry groups filed friend of the court briefs in support of the Redmond, Wash.-based computer giant’s position that the SCA request was an extraterritorial application of the statute. EU lawmakers and international trade groups agreed, arguing in separate briefs that allowing the SCA to reach beyond the U.S. would create conflicts with international privacy law.

Tech interest groups and cloud computing companies would view a pro-Microsoft ruling “as providing greater protection for the industry as compared to the government’s position,” Newman, who also served as special assistant and associate counsel for former President Barack Obama and as a National Security Council staffer, said.

A ruling for the government may have serious consequences for cloud computing business interests.

A pro-government decision could chill the growth of the booming cloud computing industry—especially overseas, Tamlin Bason, a Bloomberg Intelligence technology litigation associate, told Bloomberg Law. Cloud computing users in Europe may fear their digital communications aren’t beyond the reach of U.S. law enforcement and surveillance efforts, he said.

Congressional Action

In Congress, the Clarifying Lawful Overseas Use of Data (CLOUD) Act (H.R. 4943, S. 2383) would allow the U.S. to enter bilateral law enforcement sharing pacts with other countries and clarify that U.S. warrants apply internationally. The companion measures also provide a process for challenging requests for foreign-held data.
The bills were introduced Feb. 6, and have bipartisan support. Neither bill has been acted on in committee.

President Donald Trump told U.K. Prime Minister Theresa May in a Feb. 6 phone call that passing the CLOUD Act is vital, according to a statement from a May spokesperson.

“Regardless of the court’s decision, there still needs to be a legislative fix,” Patterson Belknap’s Newman said.

To contact the reporter on this story: Daniel R. Stoller in Washington atdstoller@bloomberglaw.com

To contact the editor responsible for this story: Donald Aplin atdaplin@bloomberglaw.com