The Supreme Court heard oral arguments earlier this week in United States v. Microsoft Corporation, a case that could have wide-ranging effects on email privacy. The justices are expected to issue a June ruling on whether the Stored Communications Act (SCA) allows the U.S. government to access emails stored overseas.
U.S. v. Microsoft Corp. originates from a 2013 criminal case in Redmond, Washington pertaining to a drug-trafficking investigation. U.S. prosecutors delivered a
warrant to Microsoft at the time requesting every email associated with a suspect’s account. Microsoft turned over every email that it had stored on its servers in the U.S., but refused to turn
over any information stored on a server in Ireland. Microsoft has more than 100 data centers in 40 countries
Microsoft believes that American law enforcement should not be able to access electronic information stored outside of the U.S., arguing that U.S. search warrants have no effect beyond the country’s borders. The company also argues that this could set a dangerous precedent, potentially putting American emails at risk of seizure by foreign governments.
The Justice Department, on the other hand, says that Microsoft is impeding a criminal investigation by refusing to hand over the data. They assert that it should not matter where the data is stored as long as it is accessible domestically, arguing that a win for Microsoft could set a dangerous precedent where tech companies create data havens outside the reach of criminal investigations.
A lower court judge initially approved the government’s warrant, but the U.S. Court of Appeals for the Second Circuit sided in favor of Microsoft to set up the showdown in the Supreme Court this week. Thus, a drug-trafficking case has transformed into a digital privacy battle between email providers and the Federal government.
At its core is the law that currently legislates email, the Electronic Communications Privacy Act (ECPA). Title I of the ECPA protects electronic communication while in transit, while Title II -- the Stored Communications Act (SCA) -- protects stored electronic communication.
The problem with the ECPA is that it is severely outdated. Enacted in 1986 before the advent of cloud storage, the SCA considers any email over 180 days old to be abandoned. Emails stored after that threshold can be accessed by law enforcement with a subpoena, and do not require a judge-signed warrant based on probable cause. Legislation to revise the ECPA has been much discussed in Congress, but a final bill has never come to fruition.
Now, the Supreme Court may have the final say.