The U.S. Court of Appeals has ruled not to revisit their decision stating that data stored in overseas data centers cannot be accessed by a local U.S. warrant.
The initial decision, made in July, said that the Department of Justice (DOJ) could not force Microsoft to turn over user emails related to a drug trafficking investigation, as the emails were stored in a data center located in Ireland.
The DOJ argued in their appeal that the fact that the data was stored in Ireland was irrelevant, as the required data could be accessed on U.S. soil. Therefore, the U.S. warrant should apply, and the court should reconsider the initial decision.
Today, the Court of Appeals voted not to revisit this decision in a narrow, 4-4 victory for Microsoft.
The relevant legislation, the U.S. Stored Communications Act (SCA), was enacted in 1986 as part of the Electronics Communication Privacy Act.
Judge Susan Carney wrote in the decision that the SCA was outdated, and due for a revision by U.S. lawmakers that would effectively “balance concerns of international comity with law enforcement needs and service provider obligations.”
Unless the Supreme Court agrees to hear this case, or until congressional revision of the legislation, data stored in overseas data centers is safe from local warrants. The overall finding under the SCA is that a local warrant cannot compel a company to turn over data stored internationally.
When the initial case went to court last summer, Ireland backed Microsoft in not turning over the customer’s emails to the Department of Justice. In a brief of amicus curae filed with the court, representatives for Ireland that the rather than fighting over the relevance of the warrant, U.S. government could work with the Irish government to get the information under the Mutual Legal Assistance Treaty between the two countries.
Microsoft is currently embroiled in another battle with the Department of Justice over user rights. The communications giant is fighting for the right to notify customers when the government has requested access to private or personal information for a particular user. Microsoft says that the gag orders issued with requests for information pose a violation of the company’s rights under the First and Fourth Amendments.