Latest

Tech Law Blog

Can US Law Enforcement Access Information on Irish Servers? – The Microsoft Saga

11 September 2014

Click here to subscribe to our weekly tech law updates

In the past few months, Ireland has found itself at the centre of an intense battle over whether US authorities can access data on Irish-based Microsoft servers. The debate has continued with a recent decision of the New York District Court to remove the suspension on the warrant ordering the handover. Following this decision, on 5 September 2014 the case shifted up a gear with Microsoft voluntarily entering contempt and proceeding to the Second Circuit Court of Appeals to continue the case. With the case soon entering Round 3, we take a look at the issues.

Background

In late 2013, a federal Magistrate in New York granted a search warrant under the US Stored Communications Act (“SCA”) against data held by Microsoft Corporation. The warrant was issued for both user and content (email) data as part of an on-going investigation into narcotics trafficking. The relevant data is stored on Microsoft’s Irish servers. Microsoft unsuccessfully challenged the warrant in front of the issuing Magistrate. Microsoft then appealed this decision to a District Court Judge, but the Magistrate’s ruling, and consequently the warrant, was confirmed.

What is disputed?

Microsoft, supported by other large internet companies such as AT&T, Apple, Cisco and Verizon, contends that the data held on Irish servers is not subject to US jurisdiction. While Microsoft produced the non-content data held on its US servers, it filed a motion to overturn the warrant upon discovery that the emails were located in its Dublin data centre. Microsoft argues that the SCA warrant cannot reach data held in Ireland and official international channels must instead be pursued. In addition, Microsoft points out that even if such access were permitted under US law, the warrant itself would be unconstitutional for failing to be sufficiently specific.

In the Magistrate’s ruling, however, the judge reasoned that although the SCA uses the term warrant, it is “a hybrid”. While it is obtained like a search warrant, it is executed like a subpoena. In essence, this means that rather than the authorities breaking down the door and taking evidence (warrant), Microsoft is served with the request and required to produce the data (subpoena). Consequently, regardless of the location of the servers and data,  Microsoft was required to produce the relevant information.

However, the case is less than clear-cut given a number of ambiguities identified in both the SCA’s interpretation and its historical drafting. Of particular note was the fact that the Magistrate examined Microsoft’s arguments in light of the “practical considerations” of overturning the warrant.  From an Irish perspective, the Magistrate made some novel points in support of the warrant. He referred to the suggestion that a search only occurs when the data is “exposed to human observation”, such as appearing on a screen. In the current situation, this would mean the search would deemed to be occurring within the US, since the servers would be accessed from there. In addition, he indicated that the Patriot Act - one of the more controversial pieces of US law - deems that the “property” (which is to be searched) is located where the ISP (and not the server) is located.