This week, the US Federal Appeals Court refused to reconsider its landmark court decision, forbidding US Government from forcing Microsoft Corporation to hand over customers emails stored on servers located outside the United States borders.
The outcome means that the US authorities have no right to seize data stored overseas and Microsoft - and by extension any other company- doesn´t need to meet such US government requests.
The “Microsoft Ireland case” began in December 2013, when Microsoft challenged a search and seizure warrant issue for email content stored in Dublin. The request was grounded under the Stored Communications Act passed in 1986 (SCA).
The doubt was if territoriality principles that applies in the physical world, US laws are presumed to apply only within US territory, are subject for items located overseas.
The arguments of this debate are:
- Microsoft argued that digital content should be consider out of the (SCA) application framework and should be obtained through other means, such as the Mutual Legal Assistance Treaty (MLAT) between United States and Ireland.
- US Department of Justice pointed out that although the email content requested was physically located overseas, Microsoft had the ability to obtain it from its premises located in the United States; thus concluding the seize and seizure would occur domestically.
On July 2016, the Court sided then with Microsoft on statutory grounds, concluding that the SCA warrant does not apply for digital content and also that SCA doesn´t have extraterritorial reach.
Not satisfied with the conclusion, the Department of Justice appealed arguing that Court decision would give the possibility to criminals to place digital content out of reach of domestic warrants by storing the data offshore.
Last Tuesday, US Appeals Court declined to reconsider the decision adopted on the past because if domestic laws cannot reach physical evidence stored abroad, they should neither be able to reach digital evidence.
That basically means privacy rights enjoyed in physical world should also apply to the digital world. This issue could still reach US Supreme Court for a final statement. The complexity of the debate lies on an equally divided Federal Court with dissenting opinions in favor of a rehearing written by disagreed judges.
The court pointed in the direction of policies that need to catch up with technology, that the SCA is also in dire need of Congress revision “that would continue to protect privacy but with more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose”.
What rests under this Federal Court decision has been, since the beginning of the trial, an attempt to clarify the jurisdictional scope of the US legal system on this issue.
Unfortunately, the future of cross-border law enforcement data requests is still convoluted and uncertain.
Currently, the only tools available are outdated MLATs that need to be more agile and flexible to give suitable answers in a highly dynamic digital ecosystem. A modernized system of international judicial cooperation is urgently needed to deal with digital reality.
Once again, cooperation between stakeholders is the path to cope with problems caused by the cross-border nature of the Internet that are constantly increasing and could cause international tensions.
Enabling transnational cooperation and operational solutions that will establish mechanisms across borders, is an urgency that has to be addressed by all stakeholders in order to prevent data location requirements that could hinder the borderless nature of the Internet leading to a fragmented cyberspace.
All the unilateral and uncoordinated short-term actions taken by governments and private sector will seriously hamper the appropriate cooperation needed to guarantee the future development of global services.
One example of coordination between governments could be the future e-Evidence Directive where the European Council could play a leading role in solving the jurisdictional conundrum in a global Internet by addressing these topics in the Progress report on improving criminal justice.
Let´s see if European Institutions, State Members and Legal Enforcement Agencies refine the policy options for enforcing jurisdiction in cyberspace, improving the exchange between competent authorities and the cooperation with services providers as expected because the need of harmonized rules will be one of the key discussions of this normative.