Microsoft ordered to hand over Irish-based data to the US government

Friday 01 August 2014 07.32
Microsoft - along with many other US tech companies - has large data centre facilities in Ireland
Microsoft - along with many other US tech companies - has large data centre facilities in Ireland

Microsoft must turn over a customer's emails stored in a data centre in Ireland to the US government, a US judge has ruled in a case that has drawn concern from privacy groups and major technology companies.

Microsoft and other US companies had challenged a criminal search warrant for the emails, arguing federal prosecutors cannot seize customer information held in foreign countries.

But following a two-hour court hearing in New York, USDistrict Judge Loretta Preska said the warrant lawfully required the company to hand over any data it controlled, regardless of where it was stored.

"It is a question of control, not a question of the location of that information," Preska said.

The judge said she would temporarily suspend her order from taking effect to allow Microsoft to appeal to the 2nd US Circuit Court of Appeals.

The case appears to be the first in which a corporation has challenged a US search warrant seeking data held abroad.

It comes amid a debate over privacy and technology that erupted last year when former US National Security Agency contractor Edward Snowden revealed the US government's efforts to collect huge amounts of consumer data around the world.

Apple, Cisco Systems, AT&T and Verizon Communications all submitted court briefs in support of Microsoft, along with the privacy group Electronic Frontier Foundation.

The companies are worried they could lose billions of dollars in revenue to foreign competitors if customers fear their data is subject to seizure by US investigators anywhere in the world.

In a statement, Microsoft's general counsel, Brad Smith, said the company would appeal.

"The only issue that was certain this morning was that the district court's decision would not represent the final step in this process," he said.

Yesterday’s ruling concerned a warrant New York prosecutors served on Microsoft for an individual's emails stored in Dublin. A magistrate judge in April ruled the warrant was valid.

It is unclear what type of investigation led to the warrant, which remains under seal.

US companies say they have been hurt by fears about government intrusion: companies such as Cisco, Qualcomm, IBM, Microsoft, and HP reported declines in China sales since the Snowden leaks.

European telecom carriers such as Orange and Deutsche Telekom started pitching local data storage soon afterward, and companies from start-up Silent Circle to software giant SAP SE have also sought to capitalise.

In August last year, the Information Technology and Innovation Foundation estimated the Snowden revelations could cost the American cloud computing industry $22bn to $35bn over the next three years.

US judges are grappling with privacy concerns over personal data. 

The US Supreme Court in June ruled that police officers almost always need a warrant to search an arrested suspect's mobile, noting the enormous wealth of data on mobile devices.

Several magistrate judges across the country also have been divided on whether prosecutors can use search warrants to seize emails from providers.

Craig Newman, a lawyer who follows privacy legal issues and attended the hearing, said the issue was far from settled.

"One thing we can say is that traditional notions of search and seizure and fourth amendment law don't fit comfortably in the digital world," said Newman, who is not involved in the case.

Joshua Rosenkranz, a lawyer for Microsoft, said in court that the law does not permit warrants to be executed overseas and called the request a bid for "extraordinary power."

But Serrin Turner, a prosecutor from the office of Manhattan US Attorney Preet Bharara, said the warrant did not involve a search in Ireland but simply required Microsoft to provide documents it controls.

"It makes no sense for Congress to make the government go on a wild-goose chase ... when the provider is sitting here in this country and can access the data at the touch of a button," he said.

And Preska pointed out that US banks have long been required to provide records in response to subpoenas, even when stored overseas.

Rosenkranz raised the spectre of foreign governments turning the tables and seeking US-based data via warrants issued in their own countries, which he said would be an "astounding" violation of our sovereignty.

Preska acknowledged that such a scenario was "pretty scary" but said she could not consider the potential actions of other governments when interpreting the law.