Microsoft's overseas privacy battle may be far from over

Thursday's ruling says the U.S. can't force Microsoft to give up emails stored on a server in Ireland

Privacy advocates, especially those outside the U.S., can rest a little easier now.  A federal court has rebuked the U.S. government’s attempt to access emails stored on a Microsoft server in Ireland.

But the legal battle may be far from over. Thursday’s ruling could affect how the U.S. conducts surveillance over suspected criminals and terrorists overseas, so expect the government to appeal, said Roy Hadley, a lawyer at Thompson Hine who studies cybersecurity issues.

“There’s a fine line between privacy and national security,” he said. “And it’s a difficult line to walk.”

So far, the U.S. Department of Justice is remaining mum on what it might do. “We are disappointed with the court’s decision and are considering our options,” the department said on Thursday, without elaborating.

Hadley thinks the government will probably appeal the decision to another circuit court or the Supreme Court. It might also explore other legal means to force Microsoft to quickly hand over the emails.

“The U.S. government will always try to be in a position to gain access to that data,” he said.

Thursday’s ruling deals with a case that goes back to December 2013, when the U.S. government obtained a search warrant for emails belonging to Microsoft user who was under investigation. The subject’s identity hasn’t been revealed, but some news reports have said it was not a U.S. citizen.

The emails reside on a Microsoft server in Ireland. Microsoft objected to the search warrant and argued that the U.S. had no authority to conduct email searches in other countries.

On Thursday, Microsoft hailed the ruling as a win for privacy rights and said dozens of other tech and media companies have supported its legal battle.

The court’s decision “ensures that people’s privacy rights are protected by the laws of their own countries,” Microsoft said in a statement.

Craig Newman, a privacy attorney at Patterson Belknap Webb & Tyler, said the tech industry is no doubt breathing a sigh of relief. Many U.S. companies, including Microsoft, have data centers around the world and serve millions of foreign customers.

Handing over any of their data to U.S. authorities could violate the privacy laws of those countries and hurt business for the companies that store it, he said.  

“The tech companies have really been put in an uncomfortable position,” he said.

Part of the problem is that some U.S. privacy laws may be outdated. At the center of Microsoft’s legal battle has been the Stored Communications Act, which the U.S. government argued gave it the authority to use a warrant to collect the emails.

The judges who ruled Thursday didn’t agree. The law was enacted in 1986, long before the mainstream Internet or any remote computing, wrote judge Gerard Lynch.

To avoid these legal disputes with the tech industry, Congress should modernize laws on data privacy and clearly define them, Newman said.

“You’re dealing with analog rules in a world that has totally changed,” he said. “Congress needs to roll up their sleeves and figure out the right balance.”

Join the CSO newsletter!

Error: Please check your email address.

More about Department of JusticeMicrosoftNewman

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place