The US government has a thing for coming back to the same debates - all for more surveillance and spying powers. Once what you might have called a win is brought back under the discussion and there go all the previous efforts and rulings. While Apple and FBI's highly publicized battle over the San Bernardino shooter's iPhone access made it into the tech's history book of how the companies should fight for the privacy and security of their users, Microsoft has been fighting a somewhat similar battle with the DOJ for nearly half a decade now.
The debate is over the agencies pushing tech companies to get the data stored on foreign soil. Microsoft - and other tech companies and different courts - have long argued that the US government cannot extraterritorially access or retrieve data in a foreign country with a local warrant. The landmark email privacy case is now going before the Supreme Court as the Justice Department is not in for taking a no.
The Redmond software giant has so far managed to receive support from nearly all corners - tech companies, foreign governments (including US allies), faculty from Harvard and Princeton, and the members of the US Congress. However, the Justice Department doesn't care as long as it can scoop up even more data with little to no oversight.
Several hundred organizations, scholars, scientists, and trade associations signed twenty-three amicus briefs supporting Microsoft’s case with the Supreme Court. The group collectively represent millions of members across 37 countries, proving that the case has far reaching repercussions. The organizations and the privacy advocates demand that the DOJ needs to seek access to these emails through a treaty process, not a warrant issued under an American law going back to the last century.
Annoyed, Brad Smith, Microsoft's President and Chief Legal Officer, wrote a scathing piece this evening saying that law enforcement cannot deal with these issues by creating solutions using a "meat cleaver" as it has international ramifications.
Congress never gave law enforcement the power to ignore treaties and breach Ireland’s sovereignty in this way. How could it? The government relies on a law that was enacted in 1986, before anyone conceived of cloud computing.
Privacy advocates and trade associations have argued that the DOJ forcing the Redmond software maker to comply with the warrant to collect data stored in Ireland would violate European privacy laws.
Everyone: use mutual treaty process not a 1986 law | DOJ: Nope
Instead of seeking this data under the Stored Communications Act (of the Electronic Communications Privacy Act of 1986), the US government could use the Mutual Legal Assistance Treaty (MLAT) process to contact Irish authorities, get a local warrant served on Microsoft's subsidiary that controls the data center, and get its hands on the data.
Tech companies have also suggested that lawmakers need to bring in a new law that is current with the existing technologies and wasn't designed before the days of the world wide web.
"Under our Constitution, only Congress can do that [write a new law], using its tools to craft a nuanced solution that balances all the competing concerns by enacting a statute for the 21st century.”
However, as impatient as the DOJ has always been, the Department doesn't believe it can miss out on all this data in the meantime. The Justice Department says that going through a treaty process or waiting for a new law would create delays in cases. However, if it had gone with the MLAT route, it would have received that data first requested in 2013 years ago. It appears the DOJ would rather deal with international issues than follow due process. The French government also said earlier this week this will create "a significant risk of conflict of laws."
The problem? Microsoft warns Americans' data would also be up for grabs by foreign nations
"It’s also a path that will lead to the doorsteps of American homes by putting the privacy of U.S. citizens’ emails at risk," Smith warned. Naturally, if the US government uses a local warrant to push a company to get data store elsewhere, it's only setting a precedent for other countries.
"If the U.S. government obtains the power to search and seize foreign citizens’ private communications physically stored in other countries, it will invite other governments to do the same thing," Smith added. "If we ignore other countries’ laws, how can we demand that they respect our laws?"
- The Supreme Court will hear arguments on 27th February.