Internet service providers must turn over customer emails and other digital content sought by U.S. government search warrants even when the information is stored overseas, a federal judge ruled on Friday.
In what appears to be the first court decision addressing the issue, U.S. Magistrate Judge James Francis in New York said Internet service providers such as Microsoft Corp. or Google Inc. cannot refuse to turn over customer information and emails stored in other countries when issued a valid search warrant from U.S. law enforcement agencies.
If U.S. agencies were required to coordinate efforts with foreign governments to secure such information, Francis said, “the burden on the government would be substantial, and law enforcement efforts would be seriously impeded.”
The ruling underscores the debate over privacy and technology that has intensified since the disclosures by former National Security Agency contractor Edward Snowden about secret U.S. government efforts to collect huge amounts of consumer data around the world.
“It showcases an increasing trend that data can be anywhere,” said Orin Kerr, a law professor at George Washington University who studies computer crime law.
The decision addressed a search warrant served on Microsoft for one of its customers whose emails are stored on a server in Dublin, Ireland.
In a statement, Microsoft said it challenged the warrant because the U.S. government should not be able to search the content of email held overseas.
“A U.S. prosecutor cannot obtain a U.S. warrant to search someone’s home located in another country, just as another country’s prosecutor cannot obtain a court order in her home country to conduct a search in the United States,” the company said. “We think the same rules should apply in the online world, but the government disagrees.”
The company plans to seek review of Francis’ decision from a federal district judge.
Microsoft has recently emphasized to its customers abroad that their data should not be searchable by U.S. authorities and said it would fight such requests.
In a company blog post in December, Microsoft’s general counsel, Brad Smith, said it would “assert available jurisdictional objections to legal demands when governments seek this type of customer content that is stored in another country.”
The search warrant in question was approved by Francis in December and sought information associated with an email account for a Microsoft customer, including the customer’s name, contents of all emails received and sent by the account, online session times and durations and any credit card number or bank account used for payment.
It is unclear which agency issued the warrant, and it and all related documents remain under seal.
Microsoft determined that the target account is hosted on a server in Dublin and asked Francis to throw out the request, citing U.S. law that search warrants do not extend overseas.
Francis agreed that this is true for “traditional” search warrants but not warrants seeking digital content, which are governed by a federal law called the Stored Communications Act.
A search warrant for email information, he said, is a “hybrid” order: obtained like a search warrant but executed like a subpoena for documents. Longstanding U.S. law holds that the recipient of a subpoena must provide the information sought, no matter where it is held, he said.
(Reporting by Joseph Ax; Editing by Noeleen Walder and Dan Grebler)