In the age of cloud computing, wherein we rely on service providers such as Microsoft and Google to store personal data like email and photos, our data is often stored on servers located outside the United States. Nonetheless, U.S. law enforcement agencies increasingly want to get their hands on this extraterritorial data as part of their efforts to fight crime and terrorism. Whether law enforcement officials can compel providers to turn over such data is the subject of both an important Supreme Court case — U.S. v. Microsoft — being argued Feb. 27 and critical legislation — the Clarifying Lawful Overseas Use of Data or CLOUD Act — introduced in Congress this month to modernize the antiquated law governing this question.
Much has been written about the privacy, business, and law enforcement concerns at stake in the Microsoft case and CLOUD Act. Tech companies and national security officials enthusiastically support the act. So do center-right policy organizations, who recognize that two principles shared by virtually all conservatives are also at stake: one, policy decisions should be made by the legislature, not by courts. Two, when the courts construe ambiguous legislation, they should err on the side of limited government power.
{mosads}The courts are involved because of Microsoft’s legal challenge to a federal search warrant compelling it to turn over the contents of emails stored on a server in Ireland. While the news media’s coverage of the case has focused on the important issue of email privacy, the underlying legal issue is whether the statute authorizing the warrant has extraterritorial reach.
The statute is the federal Stored Communications Act (SCA), part of the 1986 Electronic Communications Privacy Act. Because Congress did not anticipate cloud computing thirty years ago, the statute says nothing about extraterritorial reach and Congress has failed to modernize the law to reflect the rapid transformation of computing.
Despite that, the federal government contends that its warrant is valid because Microsoft, the company that controls the requested data, is located in the United States. Citing the long-standing principle that statutes do not have extraterritorial reach unless they explicitly state otherwise, the U.S. Court of Appeals for the Second Circuit rejected the government’s argument and its speculative premise about what Congress would have intended in 1986 if it had envisioned cloud computing.
The Supreme Court will have the final word. That is, unless Congress steps up and passes the CLOUD Act. Passage before the justices rule would lead the High Court to dismiss the Microsoft case or issue a decision that has little precedential significance.
If the justices decide the case, they may take the same approach as the Second Circuit. Alternatively, the nation’s highest court may feel the need to balance the presumption against extraterritoriality against the needs of law enforcement in the era of cloud computing. Either way, the court will effectively be updating the antiquated SCA, either making it clear that it has no extraterritorial reach or deciding when it should have such reach.
In other words, the justices will be doing the job Congress was meant to do. That’s called legislating from the bench even when, as in this case, the court’s hand is forced by Congress’s inaction.
Despite all that conservatives, moderate Republicans, and libertarians disagree about, they are united around the principle that judges should interpret the law — whether it be statutory or constitutional — rather than divining new law from the bench. The center-right is suspicious of the latter not only because it is undemocratic and in conflict with the separation of powers — the Constitution explicitly grants all legislative power to Congress – but also because courts lack the necessary policy expertise to competently legislate.
As Microsoft said in its brief to the Supreme Court, only Congress possesses the “tools to rewrite the statute to strike a new, 21st-century balance between law-enforcement interests, our relations with foreign nations, the privacy of our citizens, and the competitiveness of our technology industry.”
By getting behind the CLOUD Act, center-right groups are not just supporting a critical and long overdue balancing of these interests. Just as importantly, they are advancing the principle that policy making is the province of the legislature, not the courts.
Nonetheless, despite broad bipartisan support for the CLOUD Act, time is running out for Congress to do its job before the Supreme Court does it for them. Oral argument in U.S. v. Microsoft is days away and a decision in the case would come no later than June.
If Congress disappoints and the job of updating the SCA to address extraterritoriality falls to the justices, center-right principles would best be served by a ruling for Microsoft. A decision for the government, instead, would undermine the presumption against extraterritoriality, an inherently conservative canon of statutory interpretation that presumes more limited government power that does not reach beyond our borders. If Congress wants to reach further, it must say so explicitly.
Conservative principles would also be served by a narrow ruling that leaves plenty of room for Congress to modernize the SCA as it sees fit. If forced to legislate from the bench, the Supreme Court should exercise judicial restraint and do as little legislating as possible. What better way to remind our representatives that keeping American law up to date with technological progress is Congress’s job.
Curt Levey is president of the nonprofit Committee for Justice, a group that advocates for the rule of law. Before attending Harvard Law School he worked as a scientist in the field of artificial intelligence.