Cloud Security, Compliance Management, Network Security

SCOTUS dropped Microsoft case citing passage of CLOUD Act, but questions remain


Citing legislation signed into law by President Trump last month, the Supreme Court dismissed Microsoft's privacy case regarding customer data stored on a server in Ireland.

“No live dispute remains between the parties over the issue,” the court said Tuesday, noting that the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) Trump signed as part of the March omnibus spending bill would allow law enforcement to access data stored abroad under a warrant from a judge in the U.S.

The federal government and Microsoft have clashed for years after the U.S. asked for access to the emails of one individual linked to a narcotics investigation back in December 2013. Those emails were held on a server in Ireland, not the U.S., raising the question of jurisdictions.

Microsoft refused to hand over the emails, saying the U.S. had no power to ask for the data and the case wended its way through the court system until the Supreme Court decided last year to hear it. But between the initial hearings in February and the opinion handed down Tuesday, the CLOUD Act was passed into law.

Microsoft President Brad Smith said the company welcomed the court's “ruling ending our case in light of the Cloud Act being signed into to law.” He contended that Microsoft's “goal has always been a new law and international agreements with strong privacy protections that govern how law enforcement gathers digital evidence across borders.”

Rights groups in March sounded the alarm over the act, ostensibly meant to streamline the process through which law enforcement accesses data across borders, saying that it instead would circumvent Fourth Amendment protections and put human rights activists at risk.

The act will essentially provide a “backdoor” for law enforcement at home and abroad to access emails, chat logs, videos and photos, “without following the privacy rules where the data is stored,” according to an Electronic Frontier Foundation (EFF) blog post at the time.

The court's decision to punt likely doesn't put the overall question of jurisdiction and conflicts with other countries' privacy laws.

Noting that “what to do when U.S. litigations demand the production of documents that cannot be produced without violating foreign laws” is an “extremely important and pressing issue,” Geoffrey Sant, partner at the international law firm Dorsey & Whitney LLP, said “it seems certain that the Supreme Court will eventually need to return to this issue and decide it once and for all,” especially since there is “a ‘circuit split' – that is, disagreement between a number of appellate federal courts – on how to handle” the issue.

Unfortunately, though, “for now there is still no clear guidance on how courts should handle the growing problem of attorneys demanding documents in litigation that cannot be produced without violating the laws of other nations," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.