An appeals court just sent the American Justice Department a clear message about its ability to reach beyond US borders to collect data with a search warrant: Keep your hands to yourself.
In Thursday’s landmark ruling, a panel of Second Circuit judges decided that Microsoft can’t be forced to turn over the email communications of a criminal suspect in a drug investigation whose emails were stored at Microsoft’s data center in Dublin, Ireland. The judge’s decision states that under the Stored Communications Act, a search warrant sent to Microsoft can’t be applied internationally. That decision overturns a New York court’s ruling and sets a new precedent that limits American prosecutors’ ability to pull foreign communications data out of data centers beyond US borders—even when the company itself is headquartered in the US.
“We conclude that Congress did not intend the [Stored Communications Act’s] warrant provisions to apply extraterritorially,” the judges wrote in their decision. “The SCA warrant in this case may not lawfully be used to compel Microsoft to produce to the government the contents of a customer’s e‐mail account stored exclusively in Ireland.”
This is a big win for privacy. It circumscribes the US government’s power abroad. EFF attorney Nate Cardozo
This settles a long-running ambiguity in how US law should handle search warrants when data is increasingly scattered in storage centers around the world. And it could represent a new privacy assurance for foreigners under investigation by American authorities and even for Americans whose data ends up in foreign data centers. “This is a big win for privacy,” says Nate Cardozo, an attorney with the Electronic Frontier Foundation. “It circumscribes the US government’s power abroad. It reiterates the rule that US law doesn’t apply outside the US …[And] it keeps foreigners’ data secure from the …