US attempt to win right to grab Irish-held emails in Microsoft case is dangerous
Why is US chasing a line of legal thought that could easily in future be turned against it?
The Microsoft case pits the company against the US government in a tussle over emails held in its Dublin data centre
US supreme court cases, by their very nature, are always significant. Each year the court agrees to hear only about 1 per cent of all the cases petitioners ask it to consider, and by the time a case is accepted by the most senior of US courts, it has already been vigorously debated in lower courts.
The court’s decision on Monday to hear Microsoft’s Irish email case is thus momentous. But the case has some unique elements that may make a referral, if not exactly pointless then, at best, diversionary.
The Microsoft case pits the company against the US government in a tussle over emails held in its Dublin data centre but requested by a judge in the investigation of a drugs case in New York state. At issue is whether a judge can demand the US-based company to directly hand over emails held in another country.
The nationality of the person whose emails are wanted has not been revealed. This is important. The US government could have specified nationality. Because it did not, a ruling in its favour would allow the US – and individual state-run courts – to demand the data of anyone, of any nationality, held abroad by a US-based company.
Microsoft, rightly, has argued that the US should follow the route it would have to if the desired documents were stored in paper form in Dublin. In that situation, law enforcement in the US would place a formal request to the Irish government using Mutual Legal Assistance Treaties, asking to seize the material.
These treaties can be slow and clumsy for trials, especially faster-moving investigations, but they do the job intended and observe international protocols that hold it is not really acceptable to send your own law enforcement agents into a foreign country to stage a raid and take items away.
Civil rights dangers
The only reason the judge in the original case could even attempt to directly demand the emails is because of the ambiguity that still surrounds mail or other documents in electronic form. The US Electronic Communications Privacy Act 1986 – passed before the worldwide web even existed, much less cloud computing – allows US courts to subpoena communications.
But Microsoft, and the many tech companies that support its stance, argue that in 1986, Congress’s intent was surely for the act to apply only to communications held on American soil.
They rightly note the economic and civil rights dangers of applying an outdated law created without any consideration for the way data is now routinely transferred and stored internationally, and in a way that implies electronic communications are more vulnerable, with fewer privacy protections than paper communications.
The US government position is that electronic communications are available through a domestic company on US soil because they can be obtained “at the click of a mouse”.
The Washington Post noted that a Justice Department solicitor told the court that “hundreds if not thousands of investigations of crimes – ranging from terrorism to child pornography to fraud – are being or will be hampered by the government’s inability to obtain electronic evidence”.
But this is a distortion. There’s no ‘inability”. The US government can obtain electronic evidence through the existing treaty system. It just takes longer. Former Irish minister for justice Michael McDowell has already noted on behalf of this particular case (in which, unusually, the Irish government acted as an amicus, or friend of the court, in the past) that Ireland has never refused such a treaty request from the US.
It’s baffling why the US government would wish to pursue a line of legal thought that, logically, would give foreign countries, even the US-state equivalent of provincial courts, the grounds to demand communications held in the US without going through US authorities.
The obvious step – one already being pursued by Congress, where two cross-party bills have been introduced – would be to create fresh legislation that clarifies the standing of electronic communications. And eventually, renegotiate the international treaty system. Win-win.
That’s the route Microsoft and other tech firms have been supporting throughout this case.
Even if the US wins the case, Congress is still likely to redo legislation. In the interim, the likely end result would not be to make evidence more easily obtainable but to force US multinationals into new structural arrangements for international data centres and corporate subsidiaries.
The current international context does not give the US much moral authority when it comes to data privacy. This case has unfolded in the same time frame as Edward Snowden’s leaked evidence about secretive, sweeping US digital surveillance.
Plus, the comparatively weak protections afforded US citizens’ data, and the question of whether the US can conceivably offer greater protections to EU data, are already a bone of contention. A US win would create a data protection chasm that would certainly violate both the the incoming General Data Protection Regulation and the Privacy Shield data transfer agreement, currently being reviewed.
Why is the US so intent on such a ridiculous pyrrhic victory?