chevron-down Created with Sketch Beta.
June 29, 2015 Articles

Searches and Seizures of Foreign Email Servers: Microsoft v. United States

Does the Stored Communications Act apply beyond the borders of the United States?

By Theodore G. Fletcher

Does Title 18, section 2701, of the United States Code, the Stored Communications Act (SCA), apply beyond the borders of the United States? To answer this question, the litigation bar should pay attention to Microsoft’s challenge of the subpoena and warrant of an email account on an Irish email server by the Department of Justice (DOJ). The case is styled Microsoft v. United States, No. 14-cv-2985 (2d Cir.).

Microsoft’s opposition to the DOJ subpoena raises significant concerns about the extraterritorial reach of criminal and civil investigations by the government. This issue affects attorneys in a broad range of practice areas. Thus, counsel must be aware of the implications of electronic documents’ storage location, the circumstances that could subject those documents to judicial process, and the differing laws governing access to those documents.

The U.S. Attorney for the Southern District of New York seeks the email of a target in a narcotics distribution investigation that is hosted on a Microsoft email server in Ireland. Microsoft challenges the warrant on the grounds that the email is located on a foreign server, beyond the reach of the SCA. Magistrate Judge Francis in the Southern District of New York denied Microsoft’s challenge. Chief Judge Preska upheld the magistrate judge’s order and opinion, and issued a contempt order against Microsoft. Microsoft appeals and is joined by numerous amici from the telecommunications and computer industries, civil liberties organizations, and the Republic of Ireland.

The question before the Court of Appeals for the Second Circuit is whether the presumption against extraterritorial application of federal statues, as articulated in Morrison v. Australia National Bank, 561 U.S. 247 (2010), applies to the SCA. Moreover, the government has available an alternative judicial process in the Mutual Legal Assistance Treaty (MLAT), although it may be more cumbersome for the government.

Consistent with Morrison, Microsoft argues that the burden rests on the United States to show that the SCA expressly applies beyond the shores of the United States and to email housed in foreign countries. It notes that email files have a physical location and explains the technical reasons for where those files would be located. Microsoft also argues that the MLAT is an adequate process for determining whether the warrant should issue and, conversely, whether the privacy interest of the email account holder is violated under the laws of the host country. Microsoft explains that email files in fact reside on a server in a specific location that is determined by where the closest server to the account holder is. Microsoft further argues that the United States is not necessarily prohibited access to the email files, only that the laws of Ireland and the European Union apply and that there is a perfectly adequate process in the MLAT for determining whether those files should be released to the U.S. Attorney.

The government insists that Microsoft controls all of its foreign servers from within the United States and has any access it needs to email files from within the United States. On page 9 of its brief, the government argues that the location of the records is immaterial if there is personal jurisdiction over the service provider: “Under long settled precedent, the power of compelled disclosure reaches records stored abroad so long as there is personal jurisdiction over the custodian and the custodian has control over the records.” Thus, according to the government, compelling Microsoft’s disclosure is not an extraterritorial application of the SCA. It also asserts that for Fourth Amendment privacy purposes, a seizure occurs when the government examines the email files, not when it gains possession of those files. The government further addresses the application of Morrison, suggesting that Morrison is limited to substantive federal laws rather than procedural provisions: “But Microsoft’s challenge to the Warrant has nothing to do with the substantive provisions of any U.S. law.” Brief for the U.S. at 31 & n.11, Microsoft v. United States, No. 14-cv-2985 (2d Cir.).

 Ireland has filed an amicus brief, one of over 15. Ireland insists that the warrant conflicts with its sovereignty. The email files are in Ireland and thus subject to Irish and European Union laws. Ireland further contends that the government has an adequate process in the MLAT between the two countries, which allows for the following areas of cooperation:

1) relating to the sharing of information and monitoring of financial transactions for criminal investigation purposes; 2) enabling the enforcement in Ireland of orders for the freezing and confiscation of property that could be evidence or the proceeds of crime; 3) permitting the Minister to request an Irish court to take evidence for use in criminal proceedings or a criminal investigation in another country.

Brief of Ireland, Microsoft v. United States, No. 14-cv-2985 (2d Cir.).

Clearly, the United States seeks to avoid resorting to MLAT’s procedures, which involve relying on the cooperation of Ireland to effect its warrant. But the government has not shown why Morrison’s presumption against the extraterritorial application of statutes does not apply in this case. The government, no doubt, is concerned that resorting to the MLAT will not only delay the search and seizure process but will also place restrictions on what it can search and seize. However, these concerns do not overcome the fears of other countries that their citizens will be subject to the judicial overreach of the Department of Justice and that their sovereignty will be trampled. Also, there is a concern that other countries may use the same arguments against the privacy interests of U.S. citizens.

The case raises practical issues not just in civil and criminal litigation but also for the telecommunications and computer industries. Oral argument in the case should be set for later in the spring.

Keywords: criminal litigation, email, Stored Communications Act, search and seizure

Theodore G. Fletcher is an attorney in the Bangor, Maine, area.

Copyright © 2015, American Bar Association. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association, the Section of Litigation, this committee, or the employer(s) of the author(s).