For the past three years, Microsoft has been locked in a legal battle with the New York district court over a deceptively simple question: does a US Judge have the right to issue a warrant for data stored overseas? According to a new ruling from the US Court of Appeals Second Circuit, the answer, is no.
At issue, specifically, were the contents of an email account stored at a datacenter in Dublin, Ireland. Microsoft refused to release the data because the information was stored on servers physically located outside of the country. The New York court then argued that the Stored Communications Act allowed it to issue a warrant for "information that is stored on servers abroad." The idea is that if Microsoft owns the overseas server and has the capability of accessing the data, it's a domestic request regardless of the data storage location. Today's decision from the Second Circuit shut that idea down.
"We conclude that Congress did not intend the SCA's warrant provisions to apply extraterritoriality," the 42-page decision explains. "The SCA warrant in this case may not lawfully be used to compel Microsoft to produce to the government the contents of a customer's e-mail account stored exclusively in Ireland."
Naturally, Microsoft is heralding the decision as a victory for privacy, stating that "if people around the world are to trust the technology they use, they need to have confidence that their personal information will be protected by the laws of their own country." Indeed, that's what this decision means for now, though it could still be overturned by new legislation at a later date. In fact, that could be the ultimate solution. Microsoft itself argues that the world needs "new legal solutions that reflect the world that exists today, rather than technologies that existed three decades ago." Sounds like a good idea -- so long as the folks making the law understand the technology they're trying to legislate.