If U.S. prosecutors can reach into a Microsoft server in Ireland and retrieve emails stored there, what’s to stop a German court from ordering a German bank to open a safe deposit box in its New York City branch?
Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany. They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter’s box with a master key, rummage through it, and fax the private letters to the Stadtpolizei.
Federal authorities ordered Microsoft in December 2013 to turn over a customer’s emails and other data prosecutors were seeking as part of a narcotics investigation.
The company provided portions of address book and other metadata related to the account that were stored in the U.S., but refused to send over the contents of the emails themselves.
Microsoft argued that the warrant’s impact was limited to U.S. shores, and its use in this case amounted to an extraterritorial search and seizure that Congress and U.S. courts had not authorized. A federal judge didn’t buy that logic, and Microsoft has appealed the case to the Court of Appeals for the Second Circuit in Manhattan.
The case is part of a series of clashes between U.S. technology companies and government following the disclosures last year by Edward Snowden that government surveillance of the Internet goes deeper than many may have thought.
In appealing the Ireland case, Microsoft, with the support of companies including Apple, Verizon, AT&T and Cisco, is taking a stand on user privacy. It’s also a very pragmatic approach from a business perspective.
Smith’s use of Germany in the hypothetical scenario is no accident. Germans are among the most privacy conscious of Internet consumers. And Smith has frequently related an anecdote that, when in Germany earlier this year, a German official bearing a copy of a lower court’s ruling in the Ireland email case said he couldn’t give Microsoft any business unless the company won this case.
If customers and businesses feel that their use of Microsoft’s data centers puts them at risk of having their data inspected by a U.S. government they don’t trust, that could put a damper on Microsoft’s fast-expanding cloud-computing business internationally.
“If the Government prevails, how can it complain if foreign agents require tech companies to download emails stored in the U.S.?” Smith said in a blog post accompanying Monday’s court filing. “This is a question the Department of Justice hasn’t yet addressed, much less answered. Yet the Golden Rule applies to international relations as well as to other human interaction.”
Read Microsoft’s complete court filing here.