Microsoft has compared the warrant it’s challenging for email stored in its Irish data centre to the German state police demanding papers of a journalist stored in a Deutsche Bank branch in Manhattan.
The company's "shoe on the other foot" portrayal is the lead of its legal brief filed on Monday in New York with the US Second Circuit Court of Appeals.
“Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany. They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter’s box with a master key, rummage through it, and fax the private letters to the Stadtpolizei,” Microsoft opens.
The appeal is the latest turn in Microsoft’s fight against a warrant authorised under the US Electronic Communications Privacy Act (ECPA). In 2013, federal agents investigating a drug-related crime served Microsoft a warrant to turn over the contents of emails hosted exclusively in its Irish data centre.
The act authorises federal and local police to demand email providers hand over users' email and Microsoft has complied with the order for the person's contacts list, which was hosted in the US. But it hasn't handed over the contents of the web-mail account, which are located exclusively in Ireland, where they are protected by Irish and European data privacy laws.
Microsoft insists that US law enforcement should follow procedures under mutual legal assistance treaties the US has with Ireland and other nations.
The case has also caused some angst across the Atlantic. The Irish government last month asked the European Commission for help in dealing with the case, however EU vice president Viviene Reding said in June that Europe had raised the issue with the US on numerous occasions over concerns that Microsoft was dealing with an "extraterritorial application of foreign laws" that may violate international law.
With roles switched in Microsoft’s tale, Germany’s Foreign Minister responded to American concerns over the warrant that German police didn’t search anything because no German officer set foot in the US.
“The Stadtpolizei merely ordered a German company to produce its own business records, which were in its own possession, custody, and control. The American reporter’s privacy interests were fully protected, because the Stadtpolizei secured a warrant from a neutral magistrate,” Microsoft’s lawyers argue.
Microsoft’s chief legal counsel, Brad Smith, drew attention to the legal implications of online communications replacing paper letters sent in the mail.
“According to the Government, your emails become the business records of a cloud provider. Because business records have a lower level of legal protection, the Government claims it can use a different and broader legal authority to reach emails stored anywhere in the world,” wrote Smith today on Microsoft’s On the Issues blog.
Microsoft contends in its brief that “the ECPA’s text and history show Congress believed the law would only apply domestically” and that the government should appeal to Congress if it wants the act extended abroad.
If Microsoft loses the appeal, it says the US won’t be in a position to complain if foreign law enforcement order them to turn over emails hosted in the US. Apple, Verizon and the Electronic Frontiers Foundation have filed friend of the court briefs in support of Microsoft.
Federal agents served Microsoft the warrant in December 2013, requesting it turn over stored emails, emails sent, address books, contact lists, pictures and all files hosted in the account since it was established.
While the residence of the person under investigation hasn’t been made public, Microsoft outlines in its brief that to reduce latency it locates data closer to users.
This article is brought to you by Enex TestLab, content directors for CSO Australia.