Microsoft Says US Can’t Take Data Stored in Ireland

(The Seattle Times/TNS) -

If U.S. prosecutors can reach into a Microsoft server in Ireland and retrieve emails stored there, what’s to stop a German court from ordering a German bank to open a safe-deposit box in the bank’s New York City branch?

That premise introduces Microsoft’s latest argument in its legal fight against U.S. prosecutors’ effort to access customer data held abroad.

The case is among a series of clashes between U.S. technology companies and government after the disclosures last year by Edward Snowden that government surveillance of the internet goes deeper than many had thought.

A judge last December ordered Microsoft to turn over a customer’s emails and other data as part of a narcotics investigation. The company provided portions of the address book and other data related to the account that were stored in the U.S., but refused to send the contents of the emails themselves, which it said were stored in Microsoft’s Dublin data center.

Microsoft argued that the warrant’s impact was limited to U.S. territory, and its use in this case amounted to an illegal search and seizure. A federal judge in July rejected the argument, saying the case hinged on Microsoft’s control of its customer’s data rather than where the data was stored.

Microsoft appealed the case to the 2nd U.S. Circuit Court of Appeals in New York, and on Monday filed its updated argument. The government’s response is due in March.

In its filing, Microsoft’s lawyers reiterated their view that the seizure of data at issue would occur abroad and beyond the reach Congress intended for this type of warrant. U.S. prosecutors should work with their Irish counterparts to access data stored in Ireland under the terms of existing treaties and rely on the same principles as searches of physical possessions, Microsoft said.

“It is a law enforcement search and seizure whether the agent descends on Citibank to seize letters a customer locked away in a safe-deposit box or descends on Microsoft to seize letters the customer locked in the digital lockbox of an email account,” Microsoft said in its filing. “The nature of the activity does not change depending on whether the letter is written on ink or on magnetic disks.”

The U.S. Attorney’s office for the Southern District of New York, which is arguing the case against Microsoft, had no comment on the company’s filing. In previous court documents, government lawyers said existing legislation empowered prosecutors to seek data held by U.S. companies abroad.

Warrants ordering service providers to turn over digital content, they wrote, “are fundamentally different from search warrants authorizing law enforcement to enter physical premises and seize evidence.”

Microsoft has spent much of the past year touting its success in getting business customers and individuals to store their data in the company’s servers, rather than on their own hard drives.

If customers and businesses believe their use of Microsoft’s data centers puts them at risk of having their data inspected by a U.S. government they don’t trust, analysts say, it could dampen Microsoft’s fast-expanding cloud-computing business internationally.

“The magistrate’s ruling, if left standing, could cost U.S. businesses billions of dollars in lost revenue, undermine international agreements and understandings, and prompt foreign governments to retaliate,” lawyers for Verizon said in a filing supporting Microsoft’s position in June.

“If the Government prevails, how can it complain if foreign agents require tech companies to download emails stored in the U.S.?” Microsoft general counsel Brad Smith wrote in a blog post Monday. “The government puts at risk the fundamental privacy rights Americans have valued since the founding of the postal service.”