The U.S. Supreme Court has agreed to hear the Department of Justice (DOJ)’s challenge in an ongoing legal battle over whether data stored by American companies overseas is covered by a U.S. warrant.
The Supreme Court disclosed in its order list released on Monday that it will take up the case, U.S. v. Microsoft, in which federal investigators sought data from Microsoft that was stored on servers in Ireland.
The case hinges on whether a U.S. warrant can compel American companies to turn over data stored on servers outside the United States. A lower court ruled last year that it does not, meaning that the DOJ needs to follow the same procedures used to obtain physical evidence stored outside the United States.
{mosads}
In December 2013, the U.S. government issued a warrant in connection with an ongoing criminal narcotics investigation to seize data contained in an email account of a Microsoft customer. Microsoft refused to turn over the emails associated with the account, which were stored on servers in Ireland, spurring a legal battle that has dragged on for four years.
The DOJ filed a motion to take the case to the Supreme Court in June.
“The panel reached that unprecedented holding by reasoning that such a disclosure would be an extraterritorial application of the Act — even though the warrant requires disclosure in the United States of information that the provider can access domestically with the click of a computer mouse,” the department wrote in its filing over the summer.
The landmark case has spurred debate among lawmakers in Washington about how to update current laws governing data privacy and law enforcement access to data across national borders.
Microsoft responded to the development on Monday, arguing that the ongoing case points to the broader issue of the need for Congress to overhaul the Electronic Communications Privacy Act, which was passed in 1986 to establish privacy protections for stored electronic communications.
“We will continue to press our case in court that the Electronic Communications Privacy Act (ECPA) — a law enacted decades before there was such a thing as cloud computing — was never intended to reach within other countries’ borders,” Brad Smith, Microsoft’s president and chief legal officer, wrote in a blog post.
“If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what’s to stop the government of another country from getting your emails even though they are located in the United States?” Smith wrote. “We believe that people’s privacy rights should be protected by the laws of their own countries and we believe that information stored in the cloud should have the same protections as paper stored in your desk.”