On Thursday, a judge ruled that Microsoft is required to turn over information about its customer’s emails to United States law enforcement officials even though those emails are being stored on a server in another country.
The case has major implications for the entire U.S. cloud storage industry, which has taken to hosting data overseas as a way to placate the concerns of customers fearful of intrusion by U.S. authorities.
Following oral arguments in a New York City courtroom, District Judge Loretta A. Preska found that Microsoft’s control of the data was more legally significant than its physical storage location. Preska’s ruling agrees with a lower court’s decision on the issue.
The case stems from a narcotics investigation. Police wanted access to the metadata for emails sent through Microsoft’s Outlook.com webmail service and held on a server in Dublin, Ireland. A judge issued a warrant for the emails late last year, which Microsoft contested on the grounds the the court lacked the requisite jurisdictional authority. The company lost its initial appeal on the issue in April.
The AP reports that Preska stayed the effect of her ruling to give Microsoft the opportunity to appeal before having to turn over the emails.
“The only issue that was certain this morning was that the District Court’s decision would not represent the final step in this process,” Microsoft General Counsel Brad Smith told the Wall Street Journal. “We will appeal promptly and continue to advocate that people’s email deserves strong privacy protection in the U.S. and around the world.”
Privacy advocates argue that the law is on Microsoft’s side in this case, meaning the U.S. government has no legal right to access email data stored overseas.
“The fundamental flaw in the court’s analysis is that a customer’s stored emails are the business records of Microsoft. They’re not,” said Jim Dempsey, Senior Counsel of the Center for Democracy & Technology (CDT), an advocacy group that has been publicly critical of the government’s arguements in the Microsoft case. “They are the property of the subscriber, and the U.S. government should not be able to force Microsoft or anyone else to perfrom a search and seizure in another country.”
The case has attracted significant interest from other tech giants, including Apple and Verizon, which have vocally backed Microsoft’s position. This support is not particularly surprising. In the wake of the revelations about the U.S. government’s pervasive digital surveillance programs provided by documents leaked by former National Security Agency (NSA) contractor Edward Snowden, the American tech industry has warned that U.S. government snooping could cause long-term harm to data-storage companies.
Firms like Microsoft have taken steps to mitigate the damage by allowing non-U.S.-based cloud storage clients to select the country in which they would like their data to be held.
Preska’s decision, however, may mean there is little companies can do to quell international customers’ fears. An analysis by Forrester Research estimates that NSA surveillance programs could end up costing U.S. firms $180 billion in lost business by 2016.
In a recent survey commissioned by Microsoft, pollster Anzalone Liszt Grove found that 70 percent of respondents agreed with the statement, “The federal government should have to respect local privacy laws when trying to search through people’s personal information like their email accounts.”
Just over half of respondents in the same poll said they worried that, if the U.S government could obtain information stored on the servers of private companies overseas, the governments of those countries might reciprocate in the United States.