Across the country, in Mountain View, Calif., a member of Microsoft’s Global Criminal Compliance team — which handles thousands of law enforcement data requests each year — discovered that the emails prosecutors sought weren’t located in the U.S.
Microsoft sued to block the warrant, arguing that transferring the emails, stored on servers in a Dublin, Ireland, data center, would amount to an international seizure beyond the powers of U.S. law enforcement.
That set in motion a year of legal wrangling that has made the Redmond company and its general counsel, Brad Smith, unlikely standard-bearers for industry allies and rivals alike in a pushback against what the company says are actions by the U.S. government that could endanger customer privacy.
Facing skeptical customers at home and abroad in the wake of Edward Snowden’s disclosures about the extent of the government’s reach into the Internet, Microsoft, and peers such as Google and Facebook, have taken the opportunity to speak up.
Microsoft last week filed its latest legal arguments in the Ireland warrant case, which is awaiting a hearing before the U.S. Court of Appeals for the Second Circuit in New York after two lower courts rejected Microsoft’s case.
The government, which has until March to file its argument in the appeal, has said a victory for Microsoft could empower criminals to avoid scrutiny simply by locating data abroad.
Lawyers familiar with the case say they expect large technology companies and business groups to support Microsoft’s position on Monday’s deadline for outside parties to weigh in.
Microsoft plans to make a show of that support: Smith on Monday is set to host a panel at Microsoft’s Times Square offices in New York City featuring leaders from trade and advocacy groups representing the tech industry, civil liberties and press freedoms.
Monday, Smith said in an interview last month, is Microsoft’s opportunity “to really show the breadth of support of our point of view.”
Microsoft’s cast of supporters in the case earlier this year included fierce competitor Apple, as well as telecommunications giants Verizon and AT&T. The Electronic Frontier Foundation, an Internet civil liberties group that in the past has criticized Microsoft’s data security policies, also supported Microsoft.
The level of support is a “reflection of how complicated these issues are,” said Hanni Fakhoury, a staff attorney with EFF. “These companies who hate each other also have a joint business interest. And it happens to be a benefit to the consumer.”
A mixed reputation
Like many technology companies caught between government pressure for increased access to data and their own business interests, Microsoft has earned a mixed reputation among privacy advocates.Microsoft in the past drew criticism for disabling automatic user-privacy features on the Internet Explorer Web browser and reading a Hotmail customer’s email. The company was also the first Internet giant to participate in a National Security Agency program that allegedly allowed the spy agency more direct access to company data, according to documents leaked to the Guardian newspaper by Snowden.
Smith and other Microsoft officials have said they comply only with proper legal requests for specific customers’ data. They’ve also highlighted leaked documents showing the company has previously resisted government requests for bulk customer data.
But amid growing concern about its perceived complicity in government snooping, the company has pivoted to a more public defense of its users.
“All of this has put to the whole industry the question of how do we take steps to rebuild trust,” Smith said. “The U.S. won’t be able to sustain its tech leadership role if people around the world conclude they cannot trust American technology.”
Rebuilding trust
The threat of broken trust is critical for Microsoft, which has staked much of its future on the collection and storage of data at the heart of cloud computing. The company has spent billions in the past few years building server farms it hopes people and businesses around the world will turn to to run everything from their email and photo albums to software and business functions.In a blog post a year ago, Smith outlined a commitment to keeping Microsoft customers informed about government data requests. Smith also said the company would take governments to court when, in his view, investigators went too far.
That same day, Microsoft received the warrant seeking the emails stored in its Irish data center.
In their objection to the order, Microsoft’s lawyers argued that the statutes governing government searches of electronic data didn’t give the authorities the mandate to reach overseas.
The court disagreed, ruling against Microsoft in April. The law allowed for a kind of hybrid between a warrant and a subpoena that compelled Microsoft to retrieve the data itself, federal magistrate judge James Francis wrote. The case hinged not on where the data was stored, he said, but whether Microsoft as a U.S. company had access to it.
Business at risk
The ruling sparked immediate ripples abroad, particularly among Europeans acutely sensitive to issues of Internet privacy. The importance of the case to Microsoft's business prospects was driven home to Smith during a trip to Europe in May.The chief information officer of a German state told Smith that his state wouldn’t use Microsoft’s data centers unless they won the Ireland case, Smith said.
Separately, an executive with German media conglomerate Axel Springer told Smith his journalists were wary of storing their documents on Microsoft’s servers out of concern their sources might be compromised by unwarranted government intrusion.
Smith last month said he expects a number of newspapers to announce their support for Microsoft in the case.
“As this has gone along, I think [Microsoft has] gotten more invested in this cause,” said an attorney who has closely followed the case, but requested anonymity because the person’s law firm may support Microsoft’s appeal. “They see the industry is invested. People are invested internationally. Microsoft has decided, ‘This is an important issue; we need to get this right.’?”
To argue its appeal, the company brought in E. Joshua Rosenkranz, an attorney who has led cases before the Supreme Court, and who American Lawyer magazine once dubbed “the defibrillator” for his track record in resurrecting seemingly doomed cases.
In July, Microsoft’s legal affairs office registered the Internet domain DigitalConstitution.com, which it has since used as a home page of sorts to share its views on the case.
“It’s good that they’re doing it, and it’s good that other companies are sticking up for them,” the EFF’s Fakhoury said of Microsoft’s lawsuit. “They get credit for litigating it. But let’s not give them the Nobel Peace Prize.”
Laws need upgrade
Legal experts are mixed on the likely path of the case, which Smith acknowledges may be the Supreme Court. Legislation introduced in the Senate would clarify that the government’s warrant power stopped at U.S. shores unless the data at issue belonged to a U.S. citizen. Smith said last month that the White House could effectively end the case by stepping in to clarify its policy.Many say the laws governing privacy and computing are due for an upgrade in any case.
“Part of the problem is that technology is moving so fast,” said Cameron Kerry, a former general counsel with the Commerce Department who is now a scholar with the Brookings Institution. “There’s so much data that moves around without respecting borders.”
The U.S. Attorney’s Office for the Southern District of New York, which is prosecuting the case against Microsoft, declined to comment beyond its court filings. The original warrant, targeting an msn.com email address whose owner’s identity is redacted in court documents, sought all emails about the import of narcotics into the U.S., money laundering and details such as where the account owner lived and worked.
In the past government lawyers have said warrants for digital material are fundamentally different from orders authorizing physical search and seizure.
Microsoft and its supporters counter that law-enforcement officials should work through existing legal-assistance arrangements — such as the treaty between the U.S. and Ireland — to get data.
©2014 The Seattle Times
