Second Circuit Sides With Microsoft; Data Exclusively Stored On Foreign Servers Not Subject to SCA Search Warrant

On July 14, 2016, the U.S. Court of Appeals for the Second Circuit issued a long-awaited decision that—to the surprise of many observers—rejected the government’s construction of the Stored Communications Act (SCA) and instead embraced a more restrictive view that Microsoft had advanced, backed by much of the tech industry and many privacy groups.  Microsoft Corp. v USA, In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation (2d Cir. July 14, 2016)( Docket No. 14‐2985).  (Sidley Austin LLP represented a number of amici in support of Microsoft before the Court of Appeals and District Court.) The decision holds that electronic communications that are stored exclusively on foreign servers cannot be reached by U.S. prosecutors under the SCA’s warrant provisions—not even where the warrant is served on a U.S. provider that can access the foreign-stored information, and deliver it to U.S. officials, by using computers and personnel based here in the United States.

The case involved a warrant requiring Microsoft to produce the communications of one of its web-based email customers.  Microsoft disclosed all relevant U.S.-stored information, but objected that all of the e-mail content information was stored on a server in Ireland.  In Microsoft’s view, that foreign storage placed the information beyond the proper reach of the U.S. warrant, and required U.S. prosecutors to work with Irish authorities to secure the information in a manner consistent with Irish laws.  This issue was central because of a U.S. legal principle called the presumption against extraterritoriality.  Reasoning that “the relevant provisions of the SCA focus on protecting the privacy of the content of a user’s stored electronic communications,” [Op. 33], the court sided with Microsoft and held the warrant could not be used to compel disclosure of information stored in Ireland.

In his concurring opinion, Judge Lynch urged Congress to adopt a “more complex balancing exercise” in place of the “all-or-nothing” approach that emerged from the court’s analysis.  [Lynch Op. 14, 18]   He may take some comfort in knowing that a bipartisan group of legislators, led by Senators Orin Hatch (R-UT), Christopher Coons (D-DE), and Dean Heller (R-NV), has already joined to sponsor a proposed law known as the LEADS Act.  That bill would make clear that U.S. prosecutors can only use U.S. law to seize data located abroad if the data belongs to a U.S. person or entity.  To obtain foreign-owned information, law enforcement will have to comply with foreign laws governing access to the data.

On July 15, 2016, Attorney General Loretta Lynch submitted a letter to Congress stating that “[i]f this [Microsoft] decision stands, or is extended to other parts of the country, the U.S. would not have … access to data necessary to advance important U.S. investigations that protect the safety of Americans and could not obtain reciprocal benefits from other countries.”  She indicated that the Administration would “promptly” submit legislation “to address the significant public safety implications of the Microsoft decision.”