by Cameron F. Kerry. Kerry is the Sara R. & Andrew H. Tisch Distinguished Visiting Fellow at the Brookings Institution and a Visiting Scholar at the MIT Media Lab. He is the former General Counsel and Acting Secretary of the U.S. Department of Commerce.
Yesterday, I moderated a panel on Microsoft’s federal court challenge to a warrant seeking email records that Microsoft stores at a data center in Ireland. Microsoft is contending that the governing statute, the stored communications provisions of the Electronic Communications Privacy Act (ECPA), does not apply outside the territory of the United States.
My take-away from the panel is that discussion of reforms to bring ECPA up-to-date with the way we use devices and cloud services in the 21st Century needs to take up the difficult questions presented by services and networks that flow freely across national borders. As I put it during the discussion, “what does extraterritoriality mean in a virtual world?”
The panel featured James Garland of Covington & Burling, who is arguing the case on behalf of Microsoft in the Federal District Court for the Southern District of New York this Thursday, along with other lawyers involved in the case. The case has been the deserving subject of wide attention, including a stern letter from the European Commission’s Justice Commissioner and a July 27 New York Times editorial. It involves a warrant issued last December for email records “owned, maintained, controlled or operated by Microsoft” for a particular email address. Microsoft produced records located in the United States that did not involve the content of the emails, but objected to producing the emails themselves because they are stored in a data center in Dublin, Ireland. They are there because the Dublin servers are closest to the country that the email customer identified in establishing the account, reducing latency in email transmission. Microsoft only recently established overseas data centers and, so far as anyone knows, this is the first time any Internet service provider has challenged the extraterritorial application of authorities for law enforcement access to Internet communications.
The issues center on the interpretation of Section 2703 (c)(A) of the Stored Communications Act in the decision by a federal magistrate in New York issued April 25. In some respects, the issues are narrow: for example, does the SCA contain language that overcomes the Supreme Court’s “presumption against extraterritorial application” of U.S. statutes; does the “warrant” required by the SCA to obtain most content of electronic communications incorporate requirements for a warrant under the Fourth Amendment?