US supreme court to hear appeal in Microsoft warrant case

Long-running case involving emails on server in Dublin has worldwide privacy implications

The Supreme Court of the United States is to hear an appeal by the US government in a case involving efforts to get Microsoft to hand over emails held on its servers in Dublin, which are of interest in a drugs case.

The court confirmed in its order list on Monday that it will hear the case, which has been dragging through the courts there for four years and has major implications for cloud computing and for privacy rights worldwide.

In June, the US department of justice asked the supreme court to reconsider a decision in a lower court, in a challenge brought by Microsoft, which found that US warrants cannot be unilaterally applied to email in other countries.

Microsoft had been challenging a warrant issued under a 30-year-old law, which sought emails belonging to an EU citizen and stored on the server in Ireland. The nationality of the person concerned has not been disclosed.


In January this year, a US federal appeals court refused to reconsider its July 2016 landmark decision forbidding the US government from forcing Microsoft and other firms to turn over customer emails stored on servers outside the US.

Microsoft had successfully argued that data held in another international jurisdiction – in this case, Ireland – was a matter for the Irish government and the Garda.

If a US court wanted data held in Ireland, it should be obtained using the existing, albeit slow and clumsy, route of mutual legal assistance treaties (MLATs) by which countries already co-operate on investigations.

The vote by the Second Circuit Court of Appeals in New York in January was seen as a victory for privacy advocates and for technology companies offering cloud computing and other services worldwide.

1980s law

That court had agreed with Microsoft’s argument that a 1980s law on telecommunications did not imply the US government could demand emails held outside the US, without a warrant and using the existing international mutual assistance treaty process. But the dissenting judges at the time said that a unanimous decision by the initial three-judge panel could hamstring law enforcement, and called on the US supreme court or Congress to reverse it.

Notably, former Irish minister for justice Michael McDowell wrote a brief for the Irish government in support of Microsoft in the original case. In that amicus (“friend of the court”) brief, the Irish government noted it had never refused a request made by the US via MLAT process.

Microsoft's position was supported by dozens of technology and media companies including Amazon, Apple, Mozilla, CNN, Fox News Network and Verizon Communications, as well as the American Civil Liberties Union and US Chamber of Commerce.

The Supreme Court only takes about 3 per cent of cases referred to it, but is more likely to take cases when the request comes from the government.

As with the ECJ, a Supreme Court ruling is final, and the current court has generally been protective of privacy and mindful of business practicalities.

It is expected that Microsoft will again seek the support of the Irish Government and of other tech giants through briefings for the US supreme court when the case comes to be heard.

In a blog post on Monday, Microsoft president and chief legal officer Brad Smith said: "This is an important case that people around the world will watch."

“We will continue to press our case in court that the Electronic Communications Privacy Act (ECPA) – a law enacted decades before there was such a thing as cloud computing – was never intended to reach within other countries’ borders,” he wrote.

Mr Smith said the continued reliance on a law passed in 1986 would neither keep people safe nor protect people’s rights.

“If US law enforcement can obtain the emails of foreigners stored outside the United States, what’s to stop the government of another country from getting your emails even though they are located in the United States?

“We believe that people’s privacy rights should be protected by the laws of their own countries and we believe that information stored in the cloud should have the same protections as paper stored in your desk. Therefore, Congress needs to modernise the law and address these fundamental issues.”