Microsoft is returning to court to continue its fight against the US government’s demand that it hand over emails stored at an Irish data centre.
The messages involved are alleged to contain details of narcotics sales.
In 2014, a court ruled in favour of the government’s claim that because it had jurisdiction over the US-based company, it could force it to hand over data it controlled, even if stored abroad.
But Microsoft suggests that would put it in breach of privacy laws.
Instead, the company argues that the US “must respect the sovereignty of other countries” and has indicated that Washington should use legal assistance treaties if it wants access to information held in Ireland and other data centres outside the United States.
Ireland has already said that it would consider such a request “expeditiously”.
So, the stand-off is being viewed as a test case that will determine the extent of the US government’s powers over tech companies that offer cloud-based services.
Apple, Amazon, HP, eBay, AT&T, Verizon and Salesforce are among US companies that have voiced support for Microsoft’s appeal.
“They think they have already lost quite a lot of business in Europe over monitoring and surveillance concerns, and they are afraid it will get worse if there is a perceived carte blanche for the US authorities to access emails stored abroad,” said Carsten Caspar, from tech consultancy Gartner.
“The EU has stronger privacy requirements, at least on paper, compared with other parts of the world, so tensions between the US and Europe are highest. But other countries are also concerned by US access to foreign records.”
Microsoft says that it wants to ensure people can “trust the technology on their desks and in their pockets”.
“If the US government is permitted to serve warrants on tech companies in the United States and obtain people’s emails in any country, it will open the floodgate for other countries to serve warrants on tech companies for the private communications of American citizens that are stored in the United States in a data centre owned by a foreign company,” the company’s lawyer Brad Smith recently told the Council on Foreign Relations think tank.
“Imagine the immediate implications for journalists, advocacy organisations, or government officials here.”
However, federal prosecutors involved in the case note that it “typically takes months” to obtain information via treaty requests, while warrants issued directly to US companies can be handled much more quickly.
They add that Microsoft’s system of storing data where customers say they are based is open to abuse.
“A criminal user can easily manipulate such a policy to evade the reach of US law enforcement by the simple expedient of giving false residence,” they state in court papers.
And they add that, anyway, US-based bodies have a legal obligation to comply with warrants issued under the Stored Communications Act, regardless of where the related electronic records are kept.
“With the benefits of corporate citizenship in the United States come corresponding responsibilities, including the responsibility to comply with a disclosure order issued by a US court,” they wrote.
“Microsoft should not be heard to complain that doing so might harm its bottom line.”
Microsoft’s lawyer has said that if it loses the appeal, he will try to take the matter “all the way to the Supreme Court”.