Microsoft scored another win yesterday in its battle to protect data stored abroad from search warrants issued in the US.
The US had demanded Microsoft hand over data stored in its Ireland data centre, but after a series of rulings and appeals stretching back to 2013, the US Court of Appeals for the Second Circuit yesterday denied a US Justice Department request for a hearing before the full circuit of eight judges, meaning a 2016 ruling in favour of Microsoft stands.
The decision effectively means the US cannot rely on ther Stored Communications Act (SCA) to access data held abroad.
Brad Smith, Microsoft's chief legal officer, commented: "This decision puts the focus where it belongs, on Congress passing a law for the future rather than litigation about an outdated statute from the past."
The lawsuit dates back to 2013, when a New York court issued a search warrant on behalf of a US law enforcement agency, demanding Microsoft hand over data related to a drug-trafficking investigation that was stored in an Ireland data centre.
Microsoft argued that the warrant was a significant jurisdictional overreach and refused to hand over the data, saying as it was stored in Ireland it was a matter for the Irish authorities. The US's counterclaim, however, was that the warrant applied to Microsoft itself and, because Microsoft is an American company, all its data is subject to US law.
The company lost the first two court hearings, both of which were held in New York, where the warrant was issued, with the judge finding in favour of the agency's argument. However, in 2016 judges considering the case at a third hearing at the 2nd Circuit Court of Appeals found in favour of Microsoft.
The US Justice Department then appealed for a hearing before the full circuit - consisting of all eight judges, rather than a three judge panel - but this resulted in a 4-4 deadlock. Consequently, the previous ruling in favour of Microsoft still stands.
Circuit Judge Susan Carney, who concurred in the denial of the appeal, said in the court judgement: "It is common ground that Congress did not intend for the SCA's warrant procedures to apply extraterritorially. Because the electronic communications to be accessed and disclosed pursuant to the Microsoft warrant are stored in a Dublin datacenter, we reasoned, the execution of the warrant would have its effect when the service provider accessed the data in Ireland, an extraterritorial application of the SCA."
In a statement to the Seattle Times, Justice Department spokesman Peter Carr said: "We are reviewing the decision and its multiple dissenting opinions and considering our options."
-
Biden appoints new federal CIONews Her challenge is to modernize government IT systems and improve accessibility
-
Department of Defense appoints John Sherman as acting CIONews Cloud modernization and SolarWinds fallout likely to top his to-do list
-
What is identity management and what role does it play in a security strategy?In-depth Make sure only the right people have access to your infrastructure
-
Homeland Security warns businesses of Oracle and SAP ERP vulnerabilitiesNews Oracle and SAP urge customers to apply patches to secure systems against hackers
-
SAP User Group to focus on GDPR and collaboration at Connect 2017News Chief exec hopes to help SAP customers share their knowledge and experience
-
Intel security flaws put laptops, servers and storage at risk of hackingNews Bugs in Intel's firmware allow remote code execution, data exfiltration and more
-
UK universities deny research data was compromised in hacksNews Hackers hit universities with hundreds of attacks each year - report
-
UK draws up fresh data protection measures for BrexitNews A new Data Protection Bill will enshrine GDPR principles into UK law
