Microsoft case highlights tension between privacy and security in the digital age

The facts of the case are pretty straightforward. In December 2013, federal law enforcement sought a warrant under the 1986 Electronic Communications Privacy Act seeking emails associated with an MSN account. Microsoft handed over the customers’ account information, which was stored on a server in the U.S. However, the customer’s emails were stored on a server in Ireland. Thus, the company moved to vacate the order, claiming that it was seeking a search outside of the territorial jurisdiction of the U.S.

The U.S. District Court for the Southern District of New York denied Microsoft’s motion at the time but noted the ECPA is vague in regards to jurisdiction. In July 2016, however, a panel of three judges for the U.S. 2nd Circuit Court of Appeals unanimously sided with Microsoft, ruling that the government cannot compel Microsoft to disclose email stored outside of the U.S.

The government first appealed the decision to the 2nd Circuit but was denied. Finally, the Supreme Court granted certiorari in October 2017 and will hear the case on February 27.

It’s clear that both sides have a legitimate interest in the case. On Microsoft’s side, the company does not wish to compromise the privacy of its customers in a digital age where the government consistently seeks more information. The company notes in brief for the case that a ruling in the government’s favor could have major implications on national security as well:

If this Court declares that unilaterally seizing private correspondence across borders is a purely domestic act, then the United States will have no basis to object when other countries reciprocate and unilaterally demand the emails of U.S. citizens stored in the United States from providers’ offices abroad. If we can do it to them, they can do it to us.

On the federal government’s side, law enforcement does not want criminal investigations to be hampered by technicalities like a server’s location. Without a law allowing reasonable access to warrants for information served on foreign servers, the government would have to engage in the Mutual Legal Assistance Treaty process with the other country at play, which has been known to be slow and bureaucratic.

Thus, the blame should be placed not either party to this case, but rather on the outdated ECPA in clear need of reform. Congress must act to clarify the rules of the road with regard to consumer privacy and government powers in the age of the internet. One bipartisan reform to the ECPA, the International Communications Privacy Act, would do so by creating a clear framework for future investigations.

Introduced by Sens. Orrin Hatch, R-Utah, and Chris Coons, D-Del., the ICPA would allow law enforcement to request a warrant for content on remote servers and give the foreign government at play the chance to object should the warrant violate their privacy laws. If it does, a U.S. court would undertake a committee analysis to determine if the foreign country’s privacy concerns outweigh the U.S. government’s investigative interests, taking into account factors such as the importance of the information in question and possibility of obtaining it through other means.

This ICPA strikes the balance needed between liberty and security in the digital age. It establishes clear rules for investigators, encourages cooperation with foreign governments, and most importantly protects the privacy of Americans. No matter what shakes out in the Supreme Court next month, Congress must act to make sure that future challenges like Microsoft’s are not necessary with clear legislation.

Casey Given (@CaseyJGiven) is a contributor to the Washington Examiner’s Beltway Confidential blog. He is the executive director of Young Voices.

If you would like to write an op-ed for the Washington Examiner, please read our guidelines on submissions here.