Skip to Content

Government Surveillance

Federal District Court Rules that U.S. Warrants Cover Email Content Stored Abroad

/ Eleni Kyriakides

In the high-stakes Microsoft-Ireland search warrant case, Federal District Court Judge Loretta A. Preska ruled from the bench yesterday against Microsoft, affirming a magistrate’s order requiring Microsoft to comply with a warrant that compelled production of email contents stored in its Ireland datacenter.  The judge stayed the order pending appeal.  CDT is disappointed in the ruling.  Our analysis is that a seizure of content occurred in Ireland when email content was copied, and that a warrant for that content cannot compel such seizure abroad of a user’s information.

This was a dramatic hearing.  Interested parties poured in to fill the courtroom aisles and there was a lot of press. The judge peppered the Microsoft attorney with questions and frequently interrupted their answers.  Ultimately, the judge concluded that Congress intended the Stored Communications Act for communications service providers to produce information based on whether the information is under the provider’s control, not based on where the information is located.  Production of that information, the judge said, is not an intrusion on foreign sovereignty, and is not an extraterritorial application of the SCA.

Courtroom Clashes Over Privacy, Congressional Intent, and Practical Considerations

Judge Preska repeatedly emphasized that congressional intent was key to understanding the legitimacy of the use of SCA warrants to access information stored abroad. She indicated that the evidence shows that Congress intended and understood the SCA warrants to be different from typical warrants for physical searches and seizures in important respects, including that law enforcement need not be present when the warrant is executed. Also, Congress could be presumed to have been aware of the BNS (Bank of Nova Scotia) doctrine when crafting the statute.  Under that doctrine, the U.S. has enforced subpoenas for information stored abroad. And, she stressed, the BNS line of cases establishes control as the test for production, not location of the thing to be produced. In fact, Congress couched the statute in the “disclosure” language, found in this line of cases, the judge said.

Moreover, the fact that Microsoft could remotely access the data it stored abroad effectively rebutted Microsoft’s allegations that to comply with the warrant would intrude on foreign sovereignty, Judge Preska intimated.  Additionally, while Microsoft referenced privacy interests at stake in handing over this data, the judge brought home multiple times, and Microsoft agreed, that the Fourth Amendment has been satisfied by the issuance of a warrant requiring a showing of probable cause.

Microsoft said that its sovereignty concerns about the implications of the government’s position  are not speculative. In a dramatic moment, Microsoft stated that Chinese authorities had appeared in Microsoft’s offices in China and demanded disclosure of a password required to access certain email information stored in the U.S.  Microsoft said that if the government won the case and a reciprocal rule was applied world wide, then a foreign government could try to compel the production of the email content of U.S. citizens stored in the U.S. whenever the provider could access the data remotely from the provider’s foreign office. While the Judge stated that this was “pretty scary,” the government responded that this is ultimately a diplomatic issue to be left to the other branches of government. The judge agreed that the response of foreign nations does not address the core question in the case:  what was Congress’s intent when it passed this statute when it was weighing policies?

Amici Voiced Their Arguments, but Congressional Intent Carries the Day as the Central Issue

Representatives of companies that filed amicus briefs in support of Microsoft  — Apple and Cisco, AT&T, and Verizon — provided statements in support of Microsoft’s position. AT&T proposed that the ability to technically access this data from the U.S. is an in sufficient connection to the U.S. for the court to issue a warrant compelling the information: a substantial nexus with the U.S. should be required. Attorney Mark Zwillinger, appearing on behalf of Apple and Cisco, urged Congress to clarify the SCA, a campaign designed to do just that is well underway.

Judge Preska ruled from the bench, affirming the decision at the Magistrate level but staying the order pending appeal. Preska concluded that under the SCA, Congress intended communications service providers to produce information based on whether it is under its control, regardless of storage location.

Next Steps

This is not the last we will hear of this issue.  As more and more data is stored in one country and sought by law enforcement officers in another, the issue of transborder law enforcement access to communications content will only grow bigger.  Microsoft has vowed to appeal the judge’s decision to the Second Circuit Court of Appeals.

Related Reading

The CDT logo. A dark grey "cdt" alongside "Center for Democracy & Technology" on a white background.

CDT Europe’s AI Bulletin: April 2024
SAFE Act Q&A. White document on black background.

CDT Joins Others in Publishing Q&A about the Security and Freedom Enhancing (SAFE) Act of 2024
Coalition letter. White document on black background.

CDT Joins Brennan Center & Others in Letter Urging Congress to Protect Protesters by Supporting Critical Reforms to Section 702 of FISA