Federal ruling is a potential landmark on privacy and government surveillance
Microsoft must now comply with a search warrant demanding emails stored in Ireland
The tech giant challenged the warrant, saying it violated privacy protections. It will appeal
The case grew out of issues from NSA surveillance secrets disclosed by Edward Snowden
Your email is subject to U.S. government snooping even if it is stored in computer servers outside the United States, a federal judge ruled Thursday in a potentially landmark case governing privacy and the limits of government surveillance powers.
Ruling from the bench in New York, U.S. District Judge Loretta Preska ruled that Microsoft Corp. has to comply with a U.S. law enforcement search warrant demanding a customer’s emails stored on computer servers in Ireland.
Microsoft, in an unusual move, had challenged the government’s search warrant, saying it violated constitutional privacy protections and that U.S. warrants only were valid in the United States.
The company immediately said it would appeal the ruling.
The dispute is part of a larger debate over government surveillance spurred on by the disclosures of former National Security Agency contractor Edward Snowden, who leaked classified documents detailing the NSA’s programs with broad reach into the private information and communications of people around the world, including those of Americans.
Tech firms complain
U.S. technology companies long have quietly complied with government surveillance requests, in part because the U.S. law largely prohibits companies from revealing surveillance orders.
But following the Snowden disclosures, tech giants including Yahoo, Microsoft and Google have sought to distance themselves from the government’s surveillance apparatus.
The issue has implications for the U.S. economy and the tech business.
Companies have said that they could face the loss of business from customers around the world because of the fear that they can’t protect customer privacy as well as non-U.S. competitors.
Earlier this year, Brazilian legislators sought to require all telecom and email providers store Brazilian customer data in Brazil, in a bid to protect consumer privacy.
The provision didn’t make into the Brazilian on-line privacy bill signed into law.
Brad Smith, Microsoft’s general counsel, argued in a Wall Street Journal opinion article this week, “In our view, that the U.S. government can obtain emails only subject to the full legal protections of the Constitution’s Fourth Amendment. It means, in this case, that the U.S. government must have a warrant. But under well-established case law, a search warrant cannot reach beyond U.S. shores.”
Test case on privacy
The government sought the emails in a narcotics investigation, Microsoft said. Under U.S. law, the emails stored in a so-called cloud server are business records subject to federal law enforcement warrants no matter where they are stored.
Microsoft, with the backing of Internet consumer privacy groups and other tech companies, including Apple, sought to use the case as a warning to U.S. consumers that their emails could become the subject of snooping by foreign governments.
“It’s hard to believe that the American people will blithely accept that foreign governments can obtain their emails stored in U.S. data centers without letting them know or notifying the U.S. government,” Smith said in his opinion article. “Yet the U.S. government is taking precisely this position toward emails stored in Microsoft’s data center in Ireland.”
In court on Thursday, a Microsoft attorney noted that just this week Chinese authorities raided a Microsoft office and sought access to company data stored outside China, including in the United States. Government lawyers said the issue was a diplomatic one, and wasn’t relevant to the case at hand.