FIVE YEARS AGO, US law enforcement served Microsoft a search warrant for emails as part of a US drug trafficking investigation. In response, Microsoft handed over data stored on American servers, like the person’s address book. But it didn’t give the government the actual content of the individual’s emails, because they were stored at a Microsoft data center in Dublin, Ireland, where the subject said he lived when he signed up for his Outlook account. In a case that begins Tuesday, the Supreme Court will decide whether those borders matter when it comes to data.
U.S. v. Microsoft, which hinges on a law passed decades before the modern internet came into existence, could have broad consequences for how digital communications are accessed by law enforcement, and for the nearly $250 billion cloud-computing industry.
“The case is hugely important, it has implications for the future of the internet,” says Jennifer Daskal, a former Justice Department official who now teaches at American University Washington College of Law. The case is primarily about “whether we update our laws regarding access to information for the internet age,” she says.
The Justice Department argues that the warrant issued in the US should suffice, without needing to deal with Ireland to obtain the emails. It says the warrant is valid not because it has international reach, but because the actions required for Microsoft to obtain the data could take place within the United States. In other words, the government is saying that copying or moving the subject’s emails stored in Ireland isn’t search and seizure—only directly handing the emails to the US government is.
Microsoft argues the case has to do with digital privacy. “We believe that people’s privacy rights should be protected by the laws of their own countries and we believe that information stored in the cloud should have the same protections as paper stored in your desk,” Brad Smith, Microsoft’s chief legal officer wrote.
The Trump administration, which inherited the case from Obama, contends that if Microsoft wins, US law enforcement will lose the ability to easily obtain evidence related to serious crimes, like child pornography and terrorism. They worry that companies could easily shift their data beyond the reach of US authorities by simply moving it out of the country.
Last week, Microsoft advocated a “national security agency” to avoid a “national security quagmire.” The company has compiled guidelines to follow when establishing a federal cybersecurity agency. It said it would create a “focal point” for cyber defence.
The company said a single national agency would help to “prioritize and harmonise” cybersecurity policies. For this to be effective, the agency needs to be granted appropriate statutory powers that enable it to operate without internal friction.
The recommendations come amid an uptick in demand for national security initiatives. The U.S investigation into allegations of Russian election hacking has prompted concern amongst governments, lawmakers and activists that not enough is being done to ensure cybersecurity.
The U.S currently has several distinct cybersecurity task forces at the departmental level but no overarching body. This has led to a lack of cohesion where departments overlap each other and insights don’t get shared. Microsoft said cooperation is the “underpinning” of successful cybersecurity strategies, claiming a national agency would enable the most effective long-term responses.