Supreme Court Will Hear Case Pitting Microsoft Against DOJ Over Data Privacy

This site may earn affiliate commissions from the links on this page. Terms of use.

The Supreme Court has agreed to hear a case on whether data concerning foreign individuals stored on foreign servers can be accessed under the auspices of United States law. The case has been brewing between Microsoft and the DOJ for 18 months, with Microsoft arguing that data concerning non-US persons stored in non-US servers is beyond the reach of the Department of Justice, while the DOJ argues that it isn’t.

No matter which way this case is decided, it’s going to have significant ramifications. Edward Snowden’s revelations concerning how the NSA practiced bulk data collection raised concerns, particularly in Germany. The technology sector fell over itself to emphasize it wasn’t a willing partner to these activities, both in public statements and private conversations. If SCOTUS declares that the US government can reach into cloud databases located on servers in other nations and pluck out any information, on any private citizen of another country, at any time, then the trust Europeans will have in any US provider of cloud or email services will drop to zero, real quick.

And it’s hard to blame them. The United States would be effectively writing itself a blank check, cashable at will, to pluck data from any system. The idea that this requires a proper warrant isn’t going to sit well with any allied nation whose standards for warrants might differ from our own. It’s particularly not going to sit well given the wide range of lies and obfuscations we now know judges have been handed in recent years, all in the name of keeping the capabilities of stingrays secret.

chartoftheday_5309_microsoft_s_commercial_cloud_revenue_n

Microsoft writes that its own decision to protest the DOJ’s attempts to compel it to reveal private data on non-US citizens on servers not located on US soil was born of a belief that the current law–based on 1986 statute that predates the World Wide Web–is fundamentally inadequate. The company states:

The continued reliance on a law passed in 1986 will neither keep people safe nor protect people’s rights. If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what’s to stop the government of another country from getting your emails even though they are located in the United States? We believe that people’s privacy rights should be protected by the laws of their own countries and we believe that information stored in the cloud should have the same protections as paper stored in your desk. Therefore, Congress needs to modernize the law and address these fundamental issues…

The current law, ECPA, was enacted in 1986 when the World Wide Web was still a few years away from being invented and no one conceived of conducting most work and personal business online. A world connected by cloud services simply didn’t exist. The ways in which we communicate have radically changed over the past three decades — but the laws governing those communications haven’t. Current laws don’t adequately support the needs of law enforcement anywhere in the world or protect our rights.

One potential solution to this issue would be agreements with specific nations to honor warrants as valid as a matter of reciprocity. That means the US government would have the authority to retrieve a German national’s data from a German server, while the German intelligence agencies or police forces might have an analogous privilege to retrieve information about an American national stored on an American server. These types of solutions, however, have not been enacted, at least not yet. And the Supreme Court’s decision on this matter will have profound implications for the technology sector and user privacy, no matter what.

Let’s block ads! (Why?)

ExtremeTechExtremeTech