Skip the navigation

Microsoft vows to appeal federal email privacy ruling

Microsoft said it will continue to fight the ruling as part of its data privacy commitments to its customers

By Loek Essers
April 28, 2014 08:04 AM ET

IDG News Service - Email providers have to turn over a user's emails and other data to U.S. law enforcement when issued a search warrant, even if the data is stored overseas, a U.S. judge ruled Friday.

Microsoft must hand over a user's emails stored on a server in Dublin, Ireland, ruled magistrate judge James Francis of the U.S. District Court of the Southern District of New York.

In December, Francis authorized the search and seizure of the contents of all emails, records and other information regarding the identification of one of Microsoft's webmail users.

While Microsoft's Global Criminal Compliance (GCC) team turned over so-called non-content information stored on U.S. servers, such as the user's name and country as well as address book information, it refused to hand over the contents of the emails because they were stored on a server in another country. For this reason the company sought to quash the search warrant, arguing that U.S. courts are not authorized to issue warrants for extraterritorial search and seizure of emails.

Judge Francis, however, disagreed and denied Microsoft's motion to quash the verdict.

"Microsoft's argument is simple, perhaps deceptively so," Francis said in his ruling.

If the warrant had been a conventional search warrant Microsoft could have been right since there are territorial restrictions on those warrants, Francis said.

However, a search warrant on electronic communications is not conventional but rather a hybrid: part search warrant and part subpoena, he said.

"It is executed like a subpoena in that it is served on the ISP in possession of the information and does not involve government agents entering the premises of the ISP to search its servers and seize the email account in question," he said.

If the territorial restrictions applied it would be very easy for criminals to evade such search warrants, Francis said.

Service providers are not obliged to verify information provided by a new user when an account is created, he said. Since Microsoft assigns each newly registered account to the closest datacenter based on the country code that the user enters at registration, warrants could be evaded by simply giving false residence information causing the ISP to assign an account to a server outside the U.S., he said.

Moreover, if treated like a conventional warrant, "the burden on the government would be substantial, and law enforcement efforts would be seriously impeded," Francis said. To obtain the contents of emails stored abroad, U.S. law enforcement would have to comply with treaties that require the cooperation of two governments. Such requests could be time consuming or even denied, Francis said, adding that the U.S. does not have such treaties with all countries.

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!