Ireland risks shooting itself in the foot in crucial Microsoft email case
Analysis: Government wavering in case that threatens structure of global businesses
Mircosoft’s offices in Sandyford, Dublin.
In what could be a very misguided move, the Government signalled on Sunday that it may undermine its former position on an enormously important technology case involving Microsoft Ireland that is before the United States supreme court.
In doing so it risks irreparably damaging Ireland’s attractiveness as a business location for a broad and nuanced sector that has largely driven the State’s international business profile and had a significant impact on the economy, sustaining it even through the recent crash.
The case involves emails held at Microsoft’s Dublin data centre. A federal judge in a drug case in New York state demanded that Microsoft’s US office produce the emails. Microsoft refused, saying that the appropriate approach was to use the well-established route of mutual legal assistance treaties, by which countries authorise the gathering and exchanging of information for such cases.
Microsoft rightly argued that to allow courts or law enforcement in one country to have direct access to data held in another violates fundamental privacy guarantees that make modern business possible.
International data exchange and storage are the basis for the multibillion-euro cloud-computing model, which brings efficiency and scale to businesses large and small. Instead of every company having to invest in costly hardware and software, they instead can use applications and storage made available online – “in the cloud” – from companies such as Microsoft and Oracle, which are among the dozens that now have enormous data centres in Ireland for this purpose.
Crucially, the only reason a US judge can even try to directly demand access to electronic data is because a vague US communications law from the 1980s fails to indicate whether electronic data has the same protection as information on a piece of paper.
If the supreme court sides with the US government in this case, the basis for cloud computing, online transactions and the structure of many global businesses comes under immediate threat. That’s why nearly two dozen leading technology companies sided with Microsoft in the earlier case, before its referral to the supreme court.
In that case the Irish government also filed an amicus, or friend-of-the-court, brief in support of Microsoft. But on Sunday a Government spokesman waffled, indicating the case was complex despite insisting Ireland was “acutely sensitive to the concerns of the industry sector concerned”. He said that “the data which is the subject of this case was sought from Microsoft by the US law-enforcement authorities in relation to a criminal investigation in a narcotics case. Access to such data is increasingly becoming an indispensable part of the criminal investigation process, particularly in light of the increasingly transnational nature of organised criminal gangs. Indeed it has played a crucial part in the solving of a number of cases in this jurisdiction, including murder.”
This is diversionary nonsense.
Yes, internationally held data is often of value in criminal cases. But it has always been obtained (including for cases here) by using mutual legal assistance treaties. In the original case, the supporting brief for Microsoft filed by Michael McDowell, the former minister for justice, called the treaties the appropriate route for requesting electronic data, adding that Ireland had never failed to honour a treaty request from the US.
Out of step with EU
In wavering on this critical point the Government is out of step with the European Union’s legislative trend to acknowledge fundamental privacy rights, such as in the incoming general data-protection regulation, and numerous privacy-protective positions taken in recent cases by the European Court of Justice.
Just last week, in a statement on the gathering of electronic evidence, Europe’s data-protection commissioners said the US position in the Microsoft case would likely be in direct conflict with EU data-protection laws. And the European Commission said it would be a neutral amicus in the Microsoft supreme-court case, pointedly noting it wished to “make sure that EU data-protection rules on international transfers are correctly understood”.
If Ireland marches off in its own direction now, equivocating on the fundamental, lawful protections for electronic data essential for commerce – and failing to back Microsoft in this closely watched case – have no doubt that global business will remember.