January 19, 2018

Something Extraordinary Happened in Washington, D.C., Yesterday

Brad Smith President and Chief Legal Officer, Microsoft


microsoft_supreme_court_image.jpg

*This piece was originally posted on Microsoft On the Issues

Something extraordinary happened in Washington, D.C., yesterday.

Members of Congress took the same position as members of the European Parliament. The U.S. Chamber of Commerce approvingly quoted a statement by the European Commission. Business groups and big companies agreed with consumer and privacy advocates. Faculty from Harvard joined with professors from Princeton. Professors from Duke joined rivals from the University of North Carolina, while those at Berkeley sided with Stanford. And Fox News agreed with the American Civil Liberties Union.

What’s the occasion for such agreement between so many people with different points of view? It was the filing of amicus briefs with the U.S. Supreme Court in the landmark Microsoft case that will decide whether the U.S. government can use a search warrant to force a company to seize a customer’s private emails stored in Ireland and import them to the United States. On Thursday, 289 different groups and individuals from 37 countries signed 23 different legal briefs supporting Microsoft’s position that Congress never gave law enforcement the power to ignore treaties and breach Ireland’s sovereignty in this way. How could it? The government relies on a law that was enacted in 1986, before anyone conceived of cloud computing.

This is not to say that law enforcement never needs to access emails in other countries. Since we filed this lawsuit in 2013, we’ve said repeatedly that there are times when this is necessary to protect public safety.

But as 51 prominent computer scientists explained in their legal brief yesterday, emails are stored in known physical locations, on hard drives, in datacenter facilities. When the U.S. government requires a tech company to execute a warrant for emails stored overseas, the provider must search a foreign datacenter and make a copy abroad, and then import that copy to the United States. This creates a complex issue with huge international consequences. It shouldn’t be resolved by taking the law to a place it was never intended to go.

If anyone had doubts that this case has international ramifications, they were laid to rest by the list of governments that last month or this week either joined amicus briefs or made public statements supporting key parts of Microsoft’s position. The list includes Ireland, France, the European Commission, European privacy regulators and members of the European Parliament, to name just some of those involved. Supreme Court cases almost never garner this level of engagement from foreign governments and officials.

As these officials have explained, the U.S. Department of Justice’s attempt to seize foreign customers’ emails from other countries ignores borders, treaties and international law, as well as the laws those countries have in place to protect the privacy of their own citizens. As the French government stated on Monday, it’s a path that creates “a significant risk of conflict of laws.” And as the tech sector appreciates all too well, that’s a conflict that will leave tech companies and consumers caught in the middle.

It’s also a path that will lead to the doorsteps of American homes by putting the privacy of U.S. citizens’ emails at risk. If the U.S. government obtains the power to search and seize foreign citizens’ private communications physically stored in other countries, it will invite other governments to do the same thing. If we ignore other countries’ laws, how can we demand that they respect our laws? That’s part of why public interest groups, such as the Brennan Center for Justice and the Reporters Committee for Freedom of the Press, are watching this case so closely.

The DOJ’s position also bodes ill for the U.S. economy and American jobs. Right now, U.S. companies are world leaders in providing cloud services. That leadership position is based on trust. But if the U.S. government can assert this type of unilateral power to reach into datacenters that are operated by U.S. companies in other countries, foreign countries and foreign customers will question their ability to trust American companies.

Ultimately the courts – including the Supreme Court – can decide only whether the DOJ’s approach passes muster under current law. That’s a blunt instrument. The courts are not able to write a new law. Under our Constitution, only Congress can do that, using its tools to craft a nuanced solution that balances all the competing concerns by enacting a statute for the 21st century.

Everyone on both sides of this case agrees that these are real problems that need real solutions. But they need to be crafted with a scalpel, not a meat cleaver.

And as so many groups across the political spectrum and countries now agree, let’s hope the Supreme Court leaves it to Congress to do just that.

Find all 23 amicus briefs here.

Find the full list of signatories here.

Microsoft’s brief can be viewed here.

Electronic Privacy, Technology Law and Intellectual Property