A federal judge ruled Thursday that U.S. law-enforcement authorities can force Microsoft to hand over emails that are stored on servers in Ireland.
U.S. District Judge Loretta Preska said that Microsoft must comply with search warrants even when the data in question is hosted abroad, according to reports from the Associated Press.
Preska reasoned that the location of the data is irrelevant when considering who owns that data—in this case, a U.S.-based corporation.
Loretta stayed her ruling, meaning it will not go into effect until Microsoft can appeal. The company quickly promised it would do so.
“The only issue that was certain this morning was that the District Court’s decision would not represent the final step in this process,” said Brad Smith, Microsoft general counsel and executive vice president. “We will appeal promptly and continue to advocate that people’s email deserves strong privacy protection in the U.S. and around the world.”
A bevy of technology companies, including Apple, Verizon, and AT&T, and a number of open-Internet groups joined Microsoft in arguing that private email contents should be off-limits to law enforcement if the data is stored abroad.
“The fundamental flaw in the court’s analysis is that a customer’s stored emails are the business records of Microsoft. They’re not,” said James Dempsey, senior counsel with the Center for Democracy and Transparency. “They are the property of the subscriber, and the U.S. government should not be able to force Microsoft or anyone else to perform a search and seizure in another country.”
AT&T said it was “extremely disappointed” with the court’s decision and would support Microsoft’s appeal.
The Electronic Communications Privacy Act, passed in 1986, does not explicitly address whether law enforcement can require a U.S. communications provider to hand over data stored beyond American soil. That ambiguity prompted litigation when the Southern District of New York sent a search warrant to Microsoft asking for the content of an account connected to a data center in Dublin, Ireland, where the company has kept some email data since 2010.
Microsoft argued that the government was extending its authority into other countries by allowing warrants to apply to data held overseas, and warned that such a precedent could make U.S. information more appealing and vulnerable to foreign governments, such as China.