Senate hearing is huge for media and its use of confidential sources

A Senate subcommittee hearing entitled “Law Enforcement Access to Data Stored Across Borders: Facilitating Cooperation and Protecting Rights,” scheduled for last Wednesday, was postponed by the fight over President Trump’s firing of FBI Director James Comey.

The hearing will be rescheduled for sometime in the near future. Although this issue is less headline grabbing than the Comey firing, rest assured media companies from coast to coast will be paying close attention.

{mosads}The hearing will provide a forum to discuss legislation that has been proposed to deal with problems neither the Founders – or even Congress in the mid-1980s – could have fathomed: What happens when law enforcement seeks to look at electronic communications stored on servers outside the U.S.?

Do the same rules apply as if the email had been written on paper, which the Founders could have imagined? Also, who owns the emails – the person who wrote them or the company on whose servers they exist?  

The Department of Justice tried to get Microsoft to turn over emails related to a drug investigation that are stored on a server in Dublin, Ireland. But under current law, emails on servers located outside the United States cannot be subject to warrants issued in the U.S.

That’s because warrants are not extraterritorial – meaning they can’t be applied outside the U.S. But the Justice Department tried to convince the court that Section 2703(a) of the Stored Communications Act allowed for this because the warrant actually functioned more like a subpoena, which can be served in other countries.

A lower court accepted that view, but the Second Circuit Court of Appeals ruled last July the government cannot compel Microsoft or other companies to turn over customer emails stored on servers outside the United States.

Now, the Department of Justice has asked Congress to change the law to assert that data is owned by the company whose servers it is on, and if those companies are based in the U.S., data on their servers is subject to the warrant process in the Stored Communications Act.

This is why the media will be so interested in this hearing. Edward Snowden’s revelations about U.S. government spying on citizens already have caused some foreigners to lose confidence the content of their email on U.S. servers will be safe from government inspection.

Companies in the cloud computing industry, which already are looking at spending billions of dollars to address that crisis, are looking at this as well. That’s why 28 media and technology companies, 23 trade associations and advocacy groups, 35 of the nation’s leading computer scientists and even the government of Ireland filed amicus briefs on Microsoft’s behalf in its court case. 

But for media companies – most of whom are under extremely tight budgets – now can purchase a package of cloud-based services, such as word processing, photo processing, publishing and storage, rather than maintain their own servers, software and IT departments.

In many cases, cloud computing is enabling them to survive.

News organizations routinely handle sensitive information and rely on trust between reporters and confidential sources to keep us apprised of what is being done with our money and in our names. Make that information available to investigators as a matter of routine, and sources, secrets and stories we all need to know dry up.

And if cloud technology is not safe from government snooping, an entire industry – one that has provided the U.S. with a variety of competitive advantages – dries up as well.

The hearing also will explore a possible legislative solution. The LEADS Act, short for “Law Enforcement Access to Data Stored Abroad,” attempts to balance the needs of law enforcement to catch international criminals with the needs of individuals and companies to protect their information from government fishing expeditions.

The legislation, introduced by Sen. Orrin Hatch (R-Utah) and supported by members of both parties, clarifies U.S. law enforcement cannot use warrants to compel disclosure of customer content stored outside the U.S. unless the account holder is a U.S. person. It also strengthens the process, known as MLATs (mutual legal assistance treaties), through which governments of one country allow another country to obtain evidence in criminal proceedings.

Hatch’s legislation streamlines the process through which government can obtain data, but it respects the longstanding legal theory that U.S. warrants apply only in the U.S. and that attempts to access computing clouds cannot take place without requisite probable cause. And that’s the key. 

“We hear from customers around the world that they want the traditional privacy protections they’ve enjoyed for information stored on paper to remain in place as data moves to the cloud,” wrote Brad Smith, president and chief legal officer of Microsoft, wrote after the Second Circuit decision. “Technology needs to advance, but timeless values need to endure.”       

Brian McNicoll, former senior writer for The Heritage Foundation and director of communications for the House Committee on Oversight and Government Reform, is a conservative columnist based in Reston, Va.