The Electronic Frontier Foundation (EFF) recently released a statement urging the U.S. Supreme Court to prioritize cross-border privacy rights in a lawsuit popularly referred to as the Microsoft Ireland case. The organization asked the Supreme Court to rule in favor of Microsoft against the U.S. government, which is demanding that the software maker release user email data stored on company servers in Dublin.
The case first made headlines over five years ago and highlighted the importance of cross-border privacy protection. The contentious legal battle began over a warrant issued by the Justice Department to obtain certain emails located in an email client Microsoft owns. Though Microsoft is an American company, the emails were stored on company property located in Ireland. The U.S. sued, claiming jurisdiction over the emails in a case that has intrigued and worried privacy advocates around the world.
If Microsoft loses the case, it could create "a very dangerous precedent," Monique Mann, a research fellow in the Australian Privacy Foundation (APF) recently told media. The world's most prominent tech companies are headquartered in the U.S., but these companies maintain infrastructure, namely data storage facilities, around the world. Users of these technologies are often unaware of this fact and do not know whether their privacy rights have been violated, noted the prominent litigation firm Canterbury Law Group.
If the SCOTUS rules in Justice Department's favor, it could give the U.S. government unprecedented access to private data over international borders, privacy advocates warn. Concerns have been raised as to whether other governments could also follow the U.S.'s lead and use local laws to gather data internationally.
The Second Circuit appellate court previously ruled against the U.S., maintaining that law enforcement could not use national warrants to compel American companies to disclose user data or digital content located in other countries. The court's decision states that exercising U.S. warrants extraterritorially would be overreaching the Electronic Communications Privacy Act (ECPA), the law passed by Congress that balances privacy rights against law enforcement requirements to get access to emails.
The U.S. government has signed mutual legal assistance treaties, or MLATs, with 65 other countries. The MLATS allow the U.S. to access criminal evidence located in these countries. The signee countries can similarly request the U.S. for assistance in gathering evidence for criminal cases. The MLATs maintain that privacy laws applicable to evidence would be local. If a foreign country requests crime scene evidence from the U.S., then U.S. privacy laws would apply to the request, including the Fourth Amendment. In the Microsoft case, Ireland has stated the MLAT process is the best for obtaining the required evidence.
EFF says the U.S. government is using the Ireland case to evade the MLAT requirements that would protect user privacy. The Foundation also slammed a Justice Department statement ignoring the possibility of expansive government authority over the emails in question.
The case is also posing serious questions about cloud technology companies, like Amazon and Google, which are American companies with overseas data storage, where the said data could be accessed from anywhere in the world.