The Microsoft warrant case in the Supreme Court – be prepared for disappointments

Global Network (World map texture credits to NASA)

Dan J.B. Svantesson discusses The Microsoft Warrant case and the potential ramifications on data privacy.

The Microsoft Warrant case is widely familiar by now. In December 2013, the U.S. Government served a search warrant on Microsoft under the Electronic Communications Privacy Act of 1986 (“ECPA”). The warrant authorises the search and seizure of information associated with a specified web-based e-mail account that is stored at premises owned, maintained, controlled, or operated by Microsoft. Microsoft has opposed the warrant since the relevant emails are located exclusively on servers in Dublin, Ireland. After a journey through the legal system, the matter is now to be decided by the Supreme Court of the United States.

I first commented on this matter in a couple of posts on LinkedIn, published almost exactly three years ago. In one of those posts I concluded that while “The U.S. Government may, of course, continue pushing its argument that there is no extraterritoriality in the case. […] [that is] an outdated and overly simplistic claim about extraterritoriality.” This remains my view today. However, the problem is that no matter which of the parties is successful, the judgment is likely to be damaging.

No real winners possible

Given how the matter has been framed, a win for the US government would be bad for data privacy. It would be bad for international relations, and it would be a serious blow to a significant sector of the US tech industry. At the same time, a win for Microsoft seriously risks cementing a dated territoriality thinking that is incompatible with the needs of modern society. Thus, the Court faces a herculean task of being creative so as to avoid bad outcome. The goal must be to find a balanced solution, no single factor test works for determining jurisdiction in matters such as this. If this cannot be achieved, we must hope for the judgment to be catalyst for change. That means that where the Court fails to find a creative solution, a Microsoft win seems preferable.

In the end, the reality is that the Microsoft Warrant case is a matter about how to apply a broken system. As such, it is not capable of producing any good outcome, and the bigger question is of course how we can fix the broken system.

International attention

Already in the lower courts, the case attracted an impressive degree of attention both within the US and abroad and it is telling that no less than 12 amicus briefs were filed in support of Microsoft in the Court of Appeals for the Second Circuit. Now in the Supreme Court, we will again see a large number of amicus applications, and this time from all around the world. Once such application comes from John Edwards, New Zealand’s Privacy Commissioner, who recently discussed the matter in an interview with Radio New Zealand.

While he made several important points, there is one aspect that is of serious concern and that clearly illustrates the dilemma before the Court.

Mr. Edwards made the point that, due to cloud services, we may not even know where our data flows, which is of course correct. Yet he also claimed that we “should be entitled to expect that the law that applies to the host country should apply to that data”. This line of reasoning is quite frankly too simplistic. First of all, the fact that we may not even know where our data flows speaks against us having any expectations as to the applicable law being grounded in the location of the data.

More importantly, what if our data ends up in countries with laws that allow that data to be misused? Do we then still want the perhaps random location of the data to decide our level of legal protection? And what about the risk of criminals abusing the system by ensuring that data is placed on servers in countries from which the data will not be handed over?

Imagine for example that Mr. Edwards is tasked with investigating severe violations of the privacy of New Zealand citizens, carried out by a person in New Zealand, but finds that the evidence necessary to put an end to the violations happen to sit on a server in a country that does not hand over such data. In such a case the only connection to another country is the location of the data; everything else is a purely New Zealand matter. The suggested focus on the location of the data then has a devastating effect on our chance to properly protect privacy.

A step towards a solution

So how can we move forward on this issue? Well, one thing is clear, the answer does not lie in unilateral actions by one single country. “America First” has its limits also in this context and will not solve things here. Any solution must be reached through international (but not necessarily global) cooperation, and there are several groups working on these problems.

For example, the Council of Europe is working on providing further guidance on how its Cybercrime Convention can address these concerns. And the Internet and Jurisdiction Policy Network – a Paris-based global multi-stakeholder policy network addressing the tension between the cross-border internet and national jurisdictions – has brought together a Contact Group consisting of experts from academia, industry, government, policy groups and law enforcement. That Group – of which I had the privilege of being a member – has recently produced a Report canvassing a range of policy options.

We simply must succeed

The reality is that this is an issue that is so important, we simply must find an appropriately balanced solution. Because unfortunately, the current state of play only benefits the criminals. It both hinders the legitimate work of law enforcement, and it fails to provide appropriate protection for our ever more important privacy rights. Let us all hope that the forthcoming decision by the Supreme Court of the United States in the Microsoft Warrant case brings us closer to, rather than further from, such a balanced solution.


Radim Polcak, Institute of Law and Technology, Faculty of Law, Masaryk University, Czech Republic and Dan Jerker B. Svantesson, Centre for Commercial Law, Faculty of Law, Bond University, Australia


Polcak InformationInformation Sovereignty: Data Privacy, Sovereign Powers and the Rule of Law is available now. 

Read Chapter 1 free on Elgaronline.

, ,

Subscribe

Subscribe to our RSS feed and social profiles to receive updates.

2 Comments on “The Microsoft warrant case in the Supreme Court – be prepared for disappointments”

Trackbacks/Pingbacks

  1. In 2018, the CJEU will determine the future of the Internet | OUPblog - March 5, 2018

    […] its amicus brief submitted in relation to the US Microsoft Warrant case, the European Commission emphasised […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: