The European Commission will file an amicus brief to the US Supreme Court in Microsoft’s case against the US Department of Justice over access to emails stored in the tech giant's Irish data centre.
Microsoft’s long-running battle with the US government concerns the interpretation of the US Electronic Communications Privacy Act (ECPA), which was passed before cloud computing arrived, but has been a key tool for US law enforcement to compel US tech firms to provide access to stored data in the US and abroad. The act has been a source of concern for US privacy advocates due to law enforcement increasingly using it as a shortcut to historically judge-approved physical warrants.
Microsoft in July 2016 convinced the Court of Appeals for the Second Circuit that US law enforcement can’t use an ECPA search warrant to ‘seize’ email of non-US citizens that are stored outside the US. However, in October the Supreme Court agreed to the Justice Department’s request for a review of that decision.
Microsoft has been publicizing its fight with the Justice Department and petitioning for congress to reform the ECPA and its companion Stored Communications Act (SCA), both of which updated the 1968 Wiretap Act, but, as Microsoft gas argued, came well before cloud became the norm.
The case dates back to 2013 when Microsoft challenged an SCA warrant for access to email in its Irish data centre involving a drugs-related investigation.
The European Commission (EC) said Thursday that it would file a ‘friend of the court’ or amicus brief to the US Supreme Court on behalf the European Union regarding the case.
The EC said the brief “will not be in support of either one of the parties” but was intended to ensure the US Supreme Court understood and took into account EU data protection rules
“This case raises the question whether, under the US Stored Communications Act, US courts can require a US-based service provider to produce the contents of a customer's email account stored on a server located outside the United States, in this case Ireland.
“Given that the transfer of personal data by Microsoft from the EU to the US would fall under the EU data protection rules, the Commission considered it to be in the interest of the EU to make sure that EU data protection rules on international transfers are correctly understood and taken into account by the US Supreme Court.”
Microsoft has argued for the US government should use Mutual Legal Assistance Treaty (MLAT) processes to handle cross-border requests for data. The US doesn’t have MLAT agreements with every country but it does with all EU member state, including Ireland.
Apple, Amazon and Cisco have backed Microsoft's legal efforts. Microsoft has also been lobbying for reform to the ECPA and SCA. Google has in the past supported ECPA reform but more recently the search giant has been pushing for reform to MLAT processes, which are notoriously slow.
- How one healthcare data provider boosted its security health
- Why Android explosion is attracting cyber criminals on the dark web
- Centrify predicts how to turn the cybersecurity tide in 2018
- Microsoft fixes 33 bugs in December patch, mostly for IE and Edge
- Google-hatched Security Planner matches expert advice with your worst security fears