This week, Microsoft won a landmark case against the federal government after the US Court of Appeals for the 2nd Circuit ruled that the company did not have to comply with a request by prosecutors to turn over email stored in a data center in Ireland.
The government's warrant, issued under the Stored Communications Act, required Microsoft to produce the contents of a customer's email account stored on a server located outside the US. The US Justice Department had sued the company for civil contempt of court for its failure to comply with the warrant.
Judge Susan Carney wrote in the court's decision that the Stored Communications Act does not authorize courts to issue and enforce against US-based service providers warrants for the seizure of customer email content that is stored exclusively on foreign servers.
Carney noted warrants traditionally carry territorial limitations. US law enforcement officers have the authority by means of a court-issued warrant to seize items at locations in the US and in U.S.-controlled areas, but their authority generally does not extend further.
Microsoft had ascertained that, in order to comply fully with the warrant, it would need to access customer content that it stores and maintains in Ireland, and to import that data into the US for delivery to federal authorities.
The company declined to do so, instead moving to quash the warrant.
The case dates to December 2013, when the federal prosecutors applied for a search warrant to obtain the contents of email and other details from a user account hosted by Microsoft.
Although Microsoft maintained that the only way to access user data stored in Dublin and associated with one of its customer's web-based email accounts is from the Dublin data center, the company admitted that by using a database management program that can be accessed at some of its offices in the US, it can collect account data that is stored on any of its servers globally and bring that data into the US.
During the court battle, Ireland's Minister for Foreign Affairs and Data Protection asked the European Commission to formally support Microsoft.
"We obviously welcome today's decision by the Second Circuit Court of Appeals," Brad Smith, Microsoft's chief legal officer, wrote in a July 14 statement posted to the company's website.
"The decision is important for three reasons: it ensures that people's privacy rights are protected by the laws of their own countries; it helps ensure that the legal protections of the physical world apply in the digital domain; and it paves the way for better solutions to address both privacy and law enforcement needs."
Smith noted the decision means it is even more important for Congress and the executive branch to come together to modernize the law, arguing the process requires both new domestic legislation and new international treaties.
"We should not continue to wait. We're confident that the technology sector will continue to roll up its sleeves to work with people in government in a constructive way," he continued. "We hope that today's decision will bring an impetus for faster government action so that both privacy and law enforcement needs can advance in a manner that respects people's rights and laws around the world."
A spokesman for the Justice Department told Reuters that its lawyers were reviewing the decision and weighing other legal options.