Lexplug logoLexplug

Microsoft Corp. v. United States

Court of Appeals for the Second Circuit
829 F.3d 197, 2016 WL 3770056 (2016)
ELI5:

Rule of Law:

The Stored Communications Act (SCA) does not authorize a U.S. court to issue and enforce a warrant compelling a U.S.-based service provider to produce the content of a customer's electronic communications when that content is stored on servers located outside the United States.


Facts:

  • Microsoft Corporation (Microsoft), a U.S. business headquartered in Washington State, operates a free web-based email service called Outlook.com.
  • Microsoft stores user email content and related non-content information across a global network of servers housed in various datacenters.
  • To improve service speed (reduce 'network latency'), Microsoft generally stores a customer’s email data at datacenters located near the physical location identified by the user when subscribing.
  • Microsoft maintains a datacenter in Dublin, Ireland, which is operated by a wholly-owned Microsoft subsidiary.
  • Microsoft’s system automatically transfers user account data to the Dublin datacenter if the user's country code indicates a location for which that datacenter is utilized.
  • Once data is migrated to Dublin, Microsoft deletes most of that account's content and non-content information from its U.S.-based servers, retaining only limited basic account data in the U.S.
  • From some of its offices in the United States, Microsoft can remotely access and collect data stored on any of its global servers, including the Dublin datacenter, using a database management program.

Procedural Posture:

  • A United States magistrate judge (Francis, M.J.) in the Southern District of New York issued a 'Search and Seizure Warrant' under the Stored Communications Act (SCA) to Microsoft, based on probable cause for narcotics trafficking, directing the company to seize and produce email account contents.
  • Microsoft produced the customer's non-content information stored in the United States but moved the magistrate judge to quash the warrant with respect to customer content stored in its Dublin, Ireland datacenter.
  • The magistrate judge denied Microsoft’s motion to quash, concluding that the SCA authorized a warrant for 'information that is stored on servers abroad,' treating the warrant as similar to a subpoena.
  • Microsoft appealed the magistrate judge’s decision to the District Court (Chief Judge Loretta A. Preska), which, on de novo review, adopted the magistrate judge’s reasoning and affirmed his ruling from the bench.
  • Microsoft timely noticed its appeal of the District Court’s decision denying the motion to quash to the United States Court of Appeals for the Second Circuit.
  • Subsequently, the District Court, acting on a stipulation submitted jointly by the parties, held Microsoft in civil contempt for refusing to comply fully with the warrant, to ensure appellate jurisdiction.
  • Microsoft timely amended its notice of appeal to the Second Circuit to reflect its additional challenge to the District Court’s contempt ruling.

Locked

Premium Content

Subscribe to Lexplug to view the complete brief

You're viewing a preview with Rule of Law, Facts, and Procedural Posture

Issue:

Does the Stored Communications Act (SCA) authorize a U.S. court to issue and enforce a warrant compelling a U.S.-based service provider to produce the contents of a customer's electronic communications stored on servers located outside the United States?


Opinions:

Majority - Susan L. Carney

No, the Stored Communications Act (SCA) does not authorize a U.S. court to issue and enforce a warrant compelling a U.S.-based service provider to produce the contents of a customer's electronic communications stored on servers located outside the United States. The court relies on the presumption against extraterritoriality, which dictates that U.S. statutes apply only within U.S. territory unless Congress clearly states otherwise. The SCA’s warrant provisions, when enacted in 1986, did not explicitly or implicitly envision extraterritorial application. The term “warrant” is a legal term of art traditionally associated with Fourth Amendment protections, which are territorially limited and pertain to discrete objects and places within the United States. The court rejects the government’s argument that an SCA warrant is akin to a subpoena (which can compel overseas production of a company's own records), emphasizing that warrants and subpoenas are distinct legal instruments with different levels of privacy protection. The SCA’s primary focus is on protecting the privacy of user communications, and the 'invasion of the customer’s privacy' in this context occurs where the protected content is accessed and seized by Microsoft, acting as a government agent, which in this case would be in Dublin, Ireland. Therefore, enforcing the warrant for data stored in Ireland would be an unlawful extraterritorial application of the Act, and practical concerns about law enforcement challenges cannot override this statutory interpretation or the principles of international comity.


Concurring - Gerard E. Lynch

I concur in the judgment that the Stored Communications Act (SCA) should not be interpreted to require Microsoft to turn over email content stored on servers in Ireland, given the presumption against extraterritorial application. While agreeing with the outcome, I believe the government’s arguments are stronger than the majority acknowledges. The 'warrant' under the SCA is not a traditional search warrant that authorizes government agents to enter premises; instead, it is a mechanism to 'require a service provider to disclose' communications, suggesting its focus could be on the place of disclosure (U.S.) rather than the virtual storage location (Ireland). The highly mobile nature of electronic data also challenges the notion of a fixed 'location.' Furthermore, the customer's nationality (unknown in this record) should ideally factor into the extraterritoriality analysis, as the diplomatic implications differ significantly between a U.S. citizen's data and a foreign national's data stored in their home country. This decision is ultimately an application of a default statutory interpretation rule to an outdated statute that Congress drafted without foreseeing modern 'cloud' storage. Congress should act to revise the SCA to clarify its international reach, balancing law enforcement needs with international relations and privacy concerns, potentially creating more nuanced rules than courts can impose.



Analysis:

This landmark decision significantly impacts the U.S. government's ability to access electronic data stored globally by U.S.-based service providers. It reinforces the presumption against extraterritoriality for federal statutes and solidifies the distinction between traditional warrants (territorially limited) and subpoenas (potentially broader reach for a company's own records). The ruling creates a legal shield for data stored outside the U.S., potentially leading technology companies to strategically place servers abroad to protect customer data from U.S. warrants. This highlights the urgent need for Congress to modernize the Stored Communications Act to address the complexities of global data storage and cross-border criminal investigations in the digital age, which could involve new international agreements or legislative frameworks.

🤖 Gunnerbot:
Query Microsoft Corp. v. United States (2016) directly. You can ask questions about any aspect of the case. If it's in the case, Gunnerbot will know.
Locked
Subscribe to Lexplug to chat with the Gunnerbot about this case.