The Council of Bars and Law Societies of Europe (CCBE) submitted an Amicus Brief in support of Microsoft in United States v Microsoft. Amicus briefs are the only form of intervention before the courts by a third party which is interested in a given case. They are especially helpful when they expose arguments which may be beyond the knowledge or experience of the court.
Other prominent organisations which submitted their Amicus Briefs include Electronic Privacy Information Center (EPIC), Privacy International, Special UN Rapporteur on the Right to Privacy Joe Cannataci, MEPs Jan Albrecht, Sophie in’t Veld, Viviane Reding, Axel Voss and Birgit Sippel, The New Zealand Privacy Commissioner, European Commission, UK Government, Irish Government and more than 28 technology and media companies, including Apple and Amazon (the full list is available here).
United States v Microsoft started in 2013 when federal agents in the US investigating drug traffickers sought access to emails held in Microsoft’s computer servers in Ireland. They obtained a warrant from the federal court under the Stored Communications Act (SCA) which is a U.S statute governing the privacy of information stored with technology providers. Microsoft provided the U.S government with the customers content information which was an address book stored in the U.S. However, to be fully compliant with the warrant, Microsoft would have also had to provide content it stores and maintains in Ireland. Microsoft refused on the basis that the warrant under the SCA was not intended to apply extraterritorially. It made an initial appeal against the warrant but the court sided with the U.S government, holding Microsoft in civil contempt for failing to comply with the warrant.
Three years later, on a further appeal to the U.S Court of Appeals for the Second Circuit, a three-judge panel unanimously sided with Microsoft and said the legislation was not intended to be extraterritorial. In January 2017 the U.S Government sought a rehearing and review before the Second Circuit Court which was denied ‘en banc’ (by a 4-4 split). What split the panel is the issue of where the access to data in question would take place: in Dublin where the content is physically stored or in the U.S where the access is a click of a button away. Following the U.S Government’s request to review the case the U.S Supreme Court agreed to do so in October 2017.
Over the coming months the U.S Supreme Court will consider whether the U.S Government has statutory authority to use a U.S warrant to access private communications and electronic information stored abroad.
The case raises significant concerns for lawyers and privacy professionals across Europe. If the U.S Supreme Court rules in favour of the U.S Government, the federal agencies will be able to access data stored abroad, thus significantly expanding the extra-territorial application of the U.S laws. This would have far reaching implications for the individual rights and liberties of EU citizens (and beyond) and would likely carry consequences for such core professional values as the protection of confidentiality of lawyer-client communications. Moreover, it would put many businesses in a situation when compliance with all applicable laws may prove impossible due to the conflict of these laws.
We will be watching closely to see how the case progresses this year. The latest date for the decision to be given is 30 June 2018. This is not a judgment that anyone is able to predict especially given the available judgments in similar cases. It was only a week or so after the Second Circuit’s decision that a federal judge in Pennsylvania took a polar opposite view and compelled Google to comply with search warrants seeking electronic data. Whatever the outcome will be, it will not be the last we will hear on the topic given the controversy the case sparked and the increasing reliance on electronic data and communications around the world.