Federal court finds for Microsoft (and users) in email privacy case
By John Mack Freeman
A federal appeals court recently delivered a victory for Microsoft that also serves as a positive step forward for individuals who want to keep their email private.
The Second Circuit Court of Appeals in New York unanimously ruled from a three-judge panel that Microsoft could not be compelled by a search warrant to turn over email data stored in a server that was overseas.
“Warrants traditionally carry territorial limits,” the ruling said. “Law enforcement officers may be directed by a court-issued warrant to seize items at locations in the United States and in United States-controlled areas, but their authority generally does not extend further.”
In a statement, Microsoft said the ruling was important for three reasons. “It ensures that people’s privacy rights are protected by the laws of their own countries. It helps ensure that the legal protections of the physical world apply in the digital domain. And it paves the way for better solutions to address both privacy and law enforcement needs.”
The case stems from 2013 when federal agents served a warrant at Microsoft’s Washington headquarters seeking information about a person’s account whom they believed was involved in drug trafficking. While some information was turned over, Microsoft declined to provide information stored on servers located in Ireland. The government took them to court, contending that the contents should be turned over due to the Stored Communications Act. The Second Circuit Court of Appeals disagreed, with Judge Susan Carney stating that the law only applied to data physically stored in the United States.
American prosecutors still have a powerful tool to grab data abroad: Mutual Legal Assistance Treaties that allow foreign law enforcement to collect data on the US government’s behalf, or vice versa. America’s MLAT with Iceland, for example, was used to obtain the server that ran the Silk Road from a data center near Reykjavik. Today’s appellate ruling means that MLAT process remains the standard protocol for seeking criminal suspects’ data abroad, as it should be, says the EFF’s Cardozo. “This is a curb on the government’s ability to just grab whatever it wants, process be damned,” says Cardozo. “There’s a process in place to get this data, and the government has to follow it.”
Full ruling: https://www.documentcloud.org/documents/2993724-Microsoftireland.html#document/p1
So what does this have to do with libraries? First, libraries have a compelling interest in protecting patron privacy in whatever form we can find. Most libraries offer publicly accessible internet that allows for access to email. This decision provides a bit more protection for people who use email that may have international servers as it keeps requests for this information in a standard process rather than allowing law enforcement to seek users information through whatever means happens to be most convenient or available at a particular moment. While most librarians would disapprove of the alleged drug trafficking that was at issue in this case, this ruling also serves to protect library users who could be indiscriminately swept up in searches with similar parameters. In an antiquated legal system that is woefully behind in catching up with the privacy concerns of the information age, almost any ruling for users and their privacy can be construed as a good thing. At least, that is, until wholesale reform on the whole issue can be brought about.
John “Mack” Freeman is the Marketing and Programming Coordinator for the West Georgia Regional Library. He is a past recipient of the Freedom to Read Foundation’s Conable Scholarship, and a 2015 ALA Emerging Leader.