During oral argument at the Supreme Court today in a case involving law enforcement use of warrants to obtain e-mails stored overseas, justices repeatedly referred to pending legislation to resolve the issue by updating the Stored Communications Act, asking why the court shouldn’t just “leave things the way they are” until Congress acts.
The justices also focused repeatedly on whether Microsoft Corp. could retrieve the requested data through an action performed in the U.S., and what the consequent action in Ireland would be.
The case, “U.S. v. Microsoft Corp.” (case 17-2) stems from Microsoft’s refusal to comply with a 2013 search warrant obtained by federal law enforcement agents as part of drug investigation, under which they sought the e-mails of a Microsoft customer that Microsoft had stored on a server in Ireland. The warrant was obtained under section 2703(a) of the 1986 Stored Communications Act (SCA), which is part of the Electronic Communications Privacy Act.
Microsoft is arguing, among things, that the presumption against extraterritoriality applies to SCA warrants, that is, that the warrants can’t be used to seize e-mails in another country. It said that in this case, producing the e-mails would violate Irish privacy laws. The magistrate who issued the warrant and the federal district court that reviewed the magistrate’s ruling took the view that although the SCA uses the term warrant, it actually functions in part like a subpoena, since it is the service provider, not law enforcement agents, who are expected to carry out the required actions. Subpoenas can be used to compel a company to turn over its business records no matter where they are stored.
A unanimous three-judge panel of the U.S. Court of Appeals for the Second Circuit (New York) reversed the district court and directed it to quash the warrant (TR Daily, July 14, 2016). The Justice Department sought review by the Supreme Court.
Meanwhile, bipartisan legislation was introduced in the House and Senate earlier this month aimed at settling the issue of law enforcement access to data held in overseas servers (TR Daily, Feb. 6). The proposed Clarifying Lawful Overseas Use of Data (CLOUD) Act would amend the SCA to clarify that a warrant served on a U.S. provider could be used to obtain data stored overseas, while giving providers the ability to challenge the warrants if compliance would violate foreign laws. It would also give providers the right to disclose the existence of the warrant to the foreign government in whose jurisdiction the data is stored, if that country has a bilateral data-sharing agreement with the U.S. under the terms of the statute.
During today’s oral argument, Justice Ruth Bader Ginsburg was the first of the jurists to broach the issue of whether the court should simply leave the issue to Congress at this point.
“In 1986, no one had heard of clouds,” she said, meaning that Congress couldn’t have had any intention as to how the SCA should affect data stored overseas. “If Congress takes a look at this, … it can write a statute to take account of [changes since 1986]. … Wouldn’t it be wiser [for the court] to leave things as they are?”
Deputy Solicitor General Michael Dreeben argued that “leaving things as they are” would mean allowing law enforcement officials to use the statute as Congress wrote it to obtain information “regardless of whether it’s stored overseas.” He added that the information is located overseas because Microsoft “made a unilateral decision to move [it] overseas,” not because the law required it to be moved.
Justice Sonia Sotomayor later suggested that Mr. Dreeben had not “fairly answered” Justice Ginsburg’s question. “It’s fair to say” that in 1986 Congress assumed the data would be stored domestically, she said. “You’re asking us to imagine what Congress would have done in a totally different situation.”
Justice Sotomayor noted that pending bipartisan legislation — the CLOUD Act — “would give you most of what you want but with great protections against foreign conflicts. … Why shouldn’t we leave the status quo as it is and let Congress pass a bill in the new age?”
Mr. Dreeben objected that there are no foreign problems, and that Microsoft’s suggestion that there are foreign problems is simply “a mirage.”
Justice Sotomayor noted there have been many amici curiae briefs arguing that the federal government’s position would force service providers to choose between obeying the warrants or obeying foreign laws.
“No foreign government has come to this Court saying that the order that we seek would conflict with its law,” Mr. Dreeben said, adding that the State Department has not received any complaints about the use of SCA warrants either. He said that complaints “have run the other way,” with foreign governments seeking U.S. assistance through exercise of SCA authority to obtain evidence stored in the U.S. that the foreign governments have been unable to obtain directly.
He said that Microsoft’s interpretation of the SCA interferes with U.S. obligations to assist foreign law enforcement officials under the Budapest Cybercrime Treaty.
Judge Sotomayor said that she disagreed, and that “there’s an open question on the Budapest treaty.”
Noting that the Justice Department supports the CLOUD Act, Justice Sotomayor asked where the bill is in the legislative process and why the court shouldn’t “wait for the bill.”
Mr. Dreeben said the court’s job is to interpret the existing statute, and that the CLOUD Act has not even been marked up by a committee, much less passed by either chamber. He added that as written, the bill would endorse government authority to obtain data stored overseas.
Later, during Microsoft’s presentation of its position, Justice Samuel Alito, however, said that although “it would be good” if Congress addressed the issue, “but in the interim, something has to be done.”
Another recurring issue during the oral argument was the exact actions that would need to be performed under the warrant, whether it was properly seen as a search or a disclosure, and whether those actions should be viewed as occurring in the U.S. or overseas.
Justice Sotomayor opened that line of questioning only moments after Mr. Dreeben began speaking, asking him why he was describing the requested action “as if it’s only a disclosure,” when it’s “really a substitute for the government searching?”
Mr. Dreeben said that the SCA doesn’t authorize the government “to go in and sit down at a Microsoft keyboard” to conduct a search itself.
“Actually it does,” Justice Sotomayor interjected, saying that the SCA treats the action of the service provider as a substitute for a government search.
Mr. Dreeben argued that the warrant in the SCA combines both the functions of a subpoena and a warrant, comparing the opening and inspection of the account contents after it is turned over to the searching of the contents of a laptop, for which a warrant is required, although the laptop can be obtained with a subpoena prior to the search of its contents.
Justice Anthony M. Kennedy asked whether both parties agree that the statute does not authorize extraterritorial action. Mr. Dreeben said that the Justice Department is not arguing that the SCA warrant provision should be applied extraterritorially, but rather that “when a party is before a U.S. court and a court issues an order to that party that says produce information, that's domestic conduct.”
Justice Ginsburg objected, “But something has to happen …. [to the] computers in Ireland … in order to get these e-mails back to the United States.”
Justice Neil M. Gorsuch asked why the court should “divorce” the collection of the information abroad from the disclosure of the information in the U.S.
Mr. Dreeben compared the situation to an individual who said he couldn’t pay a court-imposed fine because all of his assets are overseas. The court wouldn’t dismiss the fine, but would take the view that “how you raise the money is your concern. It’s not an extraterritorial application of the statute to say bring the money home and pay the fine.”
Justice Gorsuch later noted that Mr. Dreeben “kept using the word ‘subpoena’” in discussing similar situations, just as obtaining information from banks. However, the SCA uses the term “warrant” in section 2703, although it uses “subpoena” elsewhere, “so we know it knew the difference.”
Mr. Dreeben said that the use of the term should be understood in the overall context of the statute, which provides for different instruments for obtaining information, but all using the same procedure.
Justice Gorsuch asked whether the government could obtain the information using a conventional warrant or a grand jury subpoena. Mr. Dreeben said a conventional warrant would not have given Microsoft the opportunity to object, and that there is “a more difficult question” with respect to a grand jury subpoena as to whether Congress intended for the section 2703 warrant to “occupy the field” and preclude other mechanisms.
Justice Alito asked whether the government has continued to use the section 2703 warrants outside the Second Circuit. Mr. Dreeben said that district courts outside the Second Circuit have rejected the Second Circuit’s approach.
Justice Stephen G. Breyer brought up the fact that the Federal Rules of Criminal Procedure only authorize a magistrate to issue a warrant to seize persons or property located within the district in which the magistrate has authority. Mr. Dreeben noted that the SCA specifically allows for a court to issue a nationwide warrant.
Justice Breyer asked what happens when compliance with the warrant would violate foreign laws.
Mr. Dreeben said that Microsoft’s position would never allow a court to address that issue and balance the concerns.
Justice Elena Kagan followed up by asking whether the government was agreeing that a court should conduct a comity analysis in those circumstances. Mr. Dreeben said yes, after the service provider has refused to comply with the warrant and been found in contempt.
Justice Ginsburg asked Microsoft’s attorney, E. Joshua Rosenkranz, whether Microsoft had complied with SCA warrants before the one seeking the information stored in Ireland. He said that it had, but that it had only been using overseas storage since 2010. “The fact that we were sober-minded” in analyzing the legal situation “should not be held against us,” he said.
Chief Justice John G. Roberts suggested that foreign governments were free to object to the transfer of data located in their jurisdictions, “but I gather that’s not the situation here.”
Justice Alito asked whether service providers could create even more hurdles for law enforcement by breaking e-mails up into pieces that they stored separate in different countries.
Mr. Rosenkranz said that is “not what Microsoft does” or “what Google does either,” then corrected himself to say that is not what “the other service provider” does. He later said that any customer who wants to be sure the government cannot access their e-mail does not use Microsoft’s services but instead finds a provider that has no U.S. presence.
Justice Kennedy asked whether Microsoft could voluntarily disclose the information requested. Mr. Rosenkranz said that doing so would violate Microsoft’s obligations to its customers. Justice Kennedy said that it seemed to him that if Microsoft could voluntarily disclose, the information could be obtained by subpoena. Mr. Rosenkranz pointed out that ECPA does not allow a subpoena to be used to obtain e-mail that has not been stored with a third-party for at least 180 days.
Justice Ginsburg asked for an explanation of the actions that would occur in Ireland if Microsoft complied. Mr. Rosenkranz said “a remote control” would trigger a piece of hardware read the data off of the drive where it is stored.
Justice Sotomayor also asked for an explanation of the process that would be involved and whether it would involve human intervention. Mr. Rosenkranz said no, adding later, “It is a robot” that “spins a disc” to locate the information and retrieve it. —Lynn Stanton, [email protected]
Interested in submitting an article?
Submit your information to us today!Learn More