OTI and Coalition Urge Supreme Court to Limit Government Access to Data Stored Outside U.S., Citing Privacy and Security Concerns
“Friend of Court Brief” in United States v. Microsoft Argues that Law Does Not Allow U.S. Law Enforcement to Use U.S. Warrants to Obtain Data Held in Ireland
Jan. 18, 2018
Today, New America’s Open Technology Institute, as part of a broad coalition of rights organizations and trade associations, filed an amicus or “friend of the court” brief in the U.S. Supreme Court in the case of United States v. Microsoft. The case, commonly referred to as “Microsoft Ireland,” involves Microsoft’s challenge to a U.S. government warrant seeking production of the content of a customer’s emails that are held on a server in Ireland. The U.S. government obtained the warrant under Section 2703(a) of the Stored Communications Act (SCA), and it argues that the warrant should apply regardless of where the data is held. The coalition brief supports Microsoft’s argument that the SCA does not apply outside the United States, and that the U.S. government must comply with local Ireland law in order to seek this data. The U.S. government is appealing a July 2016 decision by the U.S. Court of Appeals for the Second Circuit that found in Microsoft’s favor.
OTI has long advocated that cross-border requests for electronic data must be subject to rigorous safeguards to protect privacy and individual rights. If the Supreme Court were to adopt the government’s argument that it should be entitled to unilaterally demand a customer’s emails even when they are stored outside the United States, that would not only violate the privacy expectations of non-Americans who store their data in their own country, but would also threaten the privacy of communications stored inside the United States, as other countries would follow our government’s lead and make similar demands for data stored here. As stated in the brief filed by OTI and the coalition: “There are no limits to the kinds of U.S.-stored data that foreign nations could seek to compel cloud providers to disclose if the principle advocated by the government here—that bare jurisdiction over a cloud computing provider is enough to compel disclosure over information stored abroad—were accepted.”
The coalition brief argues that the U.S. government’s position violates fundamental principles on how to interpret statutes. It also urges the Court to decide the case narrowly and leave the resulting policy questions to Congress, rather than take it upon itself to effectively rewrite the SCA statute. The brief further highlights how a decision in favor of the government would undermine the economic security and cybersecurity of the United States and its tech industry, a warning that OTI has also raised in the context of other overreaching government surveillance efforts and the ongoing debate over encryption technology.
The following quote can be attributed to Sharon Bradford Franklin, Senior Fellow at the Open Technology Institute:
“OTI urges the Supreme Court to deny the U.S. government the broad authority it seeks to obtain private communications. U.S. law does not and should not permit the government to unilaterally reach across international boundaries and demand communications data. To find otherwise would be an invitation to foreign countries to sweep up data held inside the United States without complying with the safeguards provided by U.S. law. The broader questions regarding when law enforcement should be able to access electronic data across borders should be addressed to Congress, and OTI would welcome the opportunity to engage on these critical and complex issues.”