FBI: Safety or Privacy. Dealing with the legality of privacy breach.

Safety or Privacy: Dealing with the Legality of Privacy Breach
Student’s Name:
Course Title: Strategic Intelligence
Task: Case Study – Continued
Institutional Affiliation:
Case Study: Microsoft Company and the US Government
In 2013, the US Supreme Court issued a submission warrant that demanded Microsoft to release the email details and personal information of individuals involved in drug trafficking. The warrant compelled the Microsoft technology company to release personal information and private emails stored in a consumer’s email account. The private emails were stored by Microsoft in a server located in Dublin, Ireland. Although the tech giant complied with the request and warrant to release email details and personal information stored in servers located in the U.S, it refused to release data held in servers located abroad; particularly Ireland. The refusal was backed by claims of intra-territoriality which mean Microsoft is not allowed to release foreign data – unless under the mutual legal assistance treaties [MLAT]. The treaty stipulates that foreign data particularly that stored in Ireland can only be released with mutual collaboration with the Ireland government. Microsoft argued the U.S government and the US Supreme Court should pursue more diplomatic channels and traditional bilateral laws to access such ‘prohibited’ information and data. This move included collaborating with the EU and Ireland authorities to obtain the information of ‘suspects’ whose information was stored on private servers abroad.

The above decision by Microsoft was challenged and later battered away by a Magistrate judge. According to the judge, the US Supreme Court had legal grounds to obtain extra-territorially stored data with the determination and consequence application of the Stored Communications Act. The above SCA regulation was implemented in conformity to the Electronic Communication Privacy Act ECPA enacted in 1986. However, Microsoft attempted to repeal the above court order but failed after a District Court ruled in favor of the previous judgment. Microsoft would later file another appeal in the 2nd Circuit Court in December 2014. The second circuit unanimously overturned the District Court’s decision. The justification of the 2nd Circuit was that ‘The primary goal of such provisions is the protection of a user’s private information. Accordingly, the Stored Communications Act does not warrant or authorize the US government to enforce a ‘stored communication’ warrant against a US-based service provider for consumer details and information stored on servers abroad.’. The primary argument by the 2nd Circuit Court was that the US Supreme Court and Government did not have the jurisdiction to enforce the SCA warrant against a service provider based in the United States. This was especially in cases where the service provider has stored information, data and similar contents in servers outside the US boundaries.
The above decision was unanimously embraced and applauded by leading tech giants such as AT&T, Verizon, Cisco, and Apple who are prone to release consumer private data at the slightest request by the US government. Other parties that equally applauded the decision by the 2nd Circuit Court were the Ireland government and leading computer scientists. Indeed, Microsoft CEO Brad Smith welcomed the judgment stating the US Congress did not warrant the Government unilateral powers and warrants beyond the US boundaries. The CEO further reiterated that as a global service provider, it was the belief of Microsoft that if people are to trust and adhere to the technology they use, they have to be assured and have confidence their private information will not be released or shared by third parties. Consumers also require an assurance that their data and information is well protected by the State. This means allowing the U.S government to access the personal data or email accounts stored on foreign servers will grant the State unilateral access and powers.
The US district judge, on the contrary, argued in defense of national interests. The argument given was that the SCA monitors and legally coordinate providers located within the United States. Hence, it is the location and the relationship between the data and the corporate that can influence the consideration of the SCA in obtaining extra-territorial private data and information. The government further reiterated that if extra-territorial restrictions and limitations applied towards SCA warrants, it was possible for criminals to escape due investigations. Hence, the U.S government viewed the application of the SCA as pertinent to the realization of global security needs and interests. Another argument by the State was that if the global and international treaties applied towards the enforcement of domestically recognized laws like the SCA, it would dramatically drag down or even undercut thorough criminal investigations. Additionally, a nation can readily deny another nation the permission to obtain data with which it had signed previous treaties as a result of political and security issues and reasons.
Judge Carney of the 2nd Circuit Court rejected the above allegations. He stated that in 1986 when the US Congress enacted the SCA, its central goal was to safeguard users with regards to a technology that required and demanded regular associations and interactions between consumers and service providers. This means that explicitly or implicitly, the above provision [the SCA law] does not envision or intend to obtain data from overseas sources. This ruling indeed confirmed that the data location, as opposed to the location and the position of the company, should direct or guide the execution of the SCA. While addressing issues related to privacy and confidentiality, Microsoft attorneys urged the 2nd Circuit Court to consider the international and global policy issues at hand. The lawyers believed that ruling in favor of the US would lead to a firestorm that would compel other nations to design statues and laws that would demand US-based entities to release consumer data. Microsoft went ahead to use the EU: US Data Privacy Protection Act due to be effected in July 2018. According to the new data protection regulation, the US should use intergovernmental techniques and diplomatic channels to access information stored outside its geographic boundaries. This is as opposed to a single body, the US government, to use domestically developed regulations to warrant or legally force a technology provider to disclose consumer privacy information for investigation purposes.
It is important to note that the Microsoft claim of a possible international firestorm cannot go unwarranted. This is because governments across the world have consistently stepped up their legislation to boost the ability to access data for criminal investigations and national security concerns. Indeed, a day after Microsoft filed the possibility of an international firestorm, the US submitted a draft legislation that sought to remove any possible legal barriers for the cross-border and inter-territorial requests. The draft bill sought to remove barriers to accessing the consumer information and data of US technology firms as a consequence of the bilateral agreements between US and UK. Indeed, the US reiterated its position stating it has already entered into an agreement with the United Kingdom UK. The agreement affords each party equal rights to access and obtains data from either nation for purposes of national security and criminal investigations. More clearly, the US government stated its first specific implementation of such a law was a bilateral agreement with the UK. The agreement requires or legally oblige US companies to provide data and information in response to a request(s) by UK authorities. However, these orders will target non-US citizens located in the nation. Similarly, the regulation and the law affords the US government reciprocal rights with regards to e-data and private information stored within and outside the United States.
The final verdict in the case between the U.S Government and Microsoft was ruled in favor of the technology company; Microsoft. This was because the SCA regulations did not transcend the provisions outlined by the EU and the extra-territorial regulations which require a bilateral collaboration for the release of such confidential data. The 2nd Circuit Court further identified that permitting the United States SCA warrant to traverse inter-territorial laws in obtaining private data would create a backlash which would force foreign nations to update their legislation to broaden access to foreign data. Indeed, after the ruling in favor of Microsoft, critics argued the move would possibly force the government and the state to consider localization rules that oblige companies in the US to store data within the nation. Russia, for example, has considered a data localization rule and France and Brazil are considering similar legislation. This case study identifies the prolonged court battle between Microsoft and the US government is perhaps one of the most key legal issues surrounding data and privacy protection. Other than traversing international boundaries, it provides a fair ground between locally developed regulations [SCA] and international agreements with regards to access to externally located private data.
Bibliography
Fisher, F. Victory for Digital Privacy in Microsoft Warrant Case: US Court Confirms that US Data Warrants Do Not Apply Overseas. The Field Fisher Law Official. 2016.
Lillington, K. Microsoft Ireland faces a Data Privacy Battle in a US Supreme Court. The Irish Times Official. 2017.