New York Times

Justices Puzzle Over Data and an Outdated Law

February 28, 2018

by Adam Liptak

WASHINGTON — The Supreme Court struggled on Tuesday to decide whether federal prosecutors can force American companies to turn over digital data stored outside the United States, in a clash between the demands of law enforcement and technology firms’ desire to shield the information they collect to protect their customers’ privacy.

The case turned on the meaning of a 1986 law, enacted before the dawn of the big-data era, and several justices said it provided them with very limited guidance.

In 1986, Justice Ruth Bader Ginsburg said, no one had ever heard of cloud computing. “This kind of storage didn’t exist,” she said.

That suggested, she said, that Congress rather than the courts should act to define the limits of privacy in the digital era.

“If Congress takes a look at this, realizing that much time and innovation has occurred since 1986, it can write a statute that takes account of various interests,” Justice Ginsburg said. “If Congress wants to regulate in this brave new world, it should do it.”

But Justice Samuel A. Alito Jr. said the court must act. “It would be good if Congress enacted legislation that modernized this,” he said, “but in the interim, something has to be done.”

The case, United States v. Microsoft, No. 17-2, has been closely watched by the technology industry, which sometimes has a testy relationship with the Justice Department.

The dispute arose from a federal drug investigation in which prosecutors sought the emails of a suspect stored in a Microsoft data center in Dublin. They said they were entitled to the emails because Microsoft is based in the United States. The suspect’s nationality has not been made public.

A federal magistrate judge in New York granted the government’s request to issue a warrant for the data under the 1986 federal law, the Stored Communications Act. A federal district judge agreed.

Microsoft challenged the warrant, arguing that prosecutors could not force it to hand over customer emails stored abroad.

A three-judge panel of the United States Court of Appeals for the Second Circuit, in Manhattan, ruled that the warrant in the case could not be used to obtain evidence beyond the nation’s borders because the 1986 law did not apply extraterritorially. In a concurring opinion, Judge Gerard E. Lynch said the question was a close one, and he urged Congress to revise the 1986 law, which he said was badly outdated.

Michael R. Dreeben, a deputy solicitor general, told the justices that the appeals court’s decision “has caused grave and immediate harm to the government’s ability to enforce federal criminal law.”

The two sides agreed on Tuesday that the 1986 law does not apply abroad, but they differed about whether requiring Microsoft to retrieve the data from the United States violated it.

Mr. Dreeben said the focus of the statute was on a company’s ability to obtain data with the click of a mouse in the United States. E. Joshua Rosenkranz, a lawyer for Microsoft, said the law was focused on where the information is held.

“If you look at this statute, the focus is on the storage,” he said. “This is the Stored Communications Act. At the most basic level, that’s what the focus is.”

Chief Justice John G. Roberts Jr. said he did not understand why anything should turn on Microsoft’s business decision to store data abroad. “It’s not the government’s fault that it’s located overseas,” he said. “I suspect the government doesn’t care.”

The chief justice said the company could make protecting all data from the federal government a selling point. “There is nothing under your position,” he told Mr. Rosenkranz, “that prevents Microsoft from storing United States communications, every one of them, either in Canada or Mexico or anywhere else.”

Mr. Rosenkranz said that was theoretically possible, “but it would never happen.” He said Microsoft’s products work faster when data is stored near its customers.

But Chief Justice Roberts said he was troubled by the prospect that “an email from me to somebody on the other side of the building that is going to be stored somewhere else would be protected from disclosure.”

Mr. Rosenkranz said there was another reason to shield the data. International relations, he said, requires respect for local privacy laws.

“No one disputes that countries across the world believe that they have the sovereignty and the sovereign right to pass their own laws governing the access to emails stored on their soil,” he said. “And here we are reaching into their lands and imposing our U.S. position on who gets access to emails on their soil.”

Mr. Dreeben disputed that. “There is not an international problem here,” he said. “This is largely a mirage that Microsoft is seeking to create.”

He added that there is a fundamental misconception about the dispute. “It’s not a case about privacy,” he said, as the government must satisfy a high burden to obtain the data it seeks.

“The government has the gold standard of an instrument to address privacy interests here: a probable-cause-based warrant issued by a judge that describes with particularity what we want,” Mr. Dreeben said. “That is the hallmark in our domestic system of how privacy interests are addressed.”

A ruling upholding the warrant, Microsoft has warned, would embolden foreign countries to seek the emails of Americans stored in the United States. The Justice Department’s position poses a threat to technology companies, Microsoft has said, by requiring them to choose between complying with a warrant and disobeying foreign laws.