Federal Warrant Power Does Not Reach Data Stored Abroad
Tech giants such as Microsoft, Google, and Apple continue to grow and expand, both domestically and internationally. These companies have offices, stores, and data centers outside of the U.S., with information regarding tens of millions of people. What happens when the U.S. government seeks those overseas records, or user data, through court-issued search warrants? When a New York district court issued a warrant for emails and other data about Microsoft’s customers, questions arose as to the reach and validity of federal search warrants that garnered international attention.    That search warrant, issued in December 2013, sought access to data stored in Dublin, Ireland, where Microsoft maintains its data center. Microsoft opposed the warrant, arguing that actual emails stored in Ireland were not subject to the warrant, and as such, the government cannot force American tech companies to turn over customer data stored exclusively in overseas company data centers.  The government, on the other hand, argued that the emails a person stored in a cloud ceases to belong exclusively to that person.
During the appeal, Microsoft’s position generated widespread support from the “industry, European government, civil liberties organizations, and even media[.] Amazon and Apple, the Electronic Frontier Foundation and the American Civil Liberties Union, and CNN and the Washington Post all signed on to amicus briefs in the case.”  In its brief, Ireland asserted that “Foreign courts are obliged to respect Irish sovereignty.”
Ultimately, on July 14th, the U.S. Court of Appeals for the 2nd Circuit ruled that Microsoft is not required to comply with a warrant for its users’ emails if the data is not stored within the U.S. In a statement by its president and chief legal officer, Microsoft wrote: “It makes clear that the U.S. Congress did not give the U.S. Government the authority to use search warrants unilaterally to reach beyond U.S. borders. As a global company we’ve long recognized that if people around the world are to trust the technology they use, they need to have confidence that their personal information will be protected by the laws of their own country.” 
This recent ruling is cause for celebration for American tech companies like Microsoft and other companies that rely on overseas data centers (i.e., Google & Facebook). Whether one believes this was a correct outcome or not, the ruling presents a challenge to the federal government in their investigation of crimes and also likely creates an apparent shelter for American companies with global footprints who may prefer—especially after this ruling— storing their data abroad.
— By Keobopha Keopong, Esq., Barnes Law
Keo Keopong is an associate attorney with Barnes Law, licensed to practice law in California.
The opinions expressed are those of the author and do not necessarily reflect the views of the firm, its clients, or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
 Search warrants are tools to protect Americans’ Fourth Amendment right against unreasonable searches and seizures by the government. In addition to the Fourth Amendment restriction, many state constitutions as well as state and federal statutes regulate searches and seizures. Federal laws on searches and seizures are found in Title 18, Part II, Chapter 205. Federal warrants are also governed by Rule 41 of the Federal Rules of Criminal Procedure, which govern the issuance and execution of search warrants. (https://techcrunch.com/2016/07/14/microsoft-wins-second-circuit-warrant/; https://www.law.cornell.edu/uscode/text/18/part-II/chapter-205; https://www.law.cornell.edu/rules/frcrmp/rule_41)
 In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation, Microsoft Corporation v. United States of America, Docket No. 14‐2985, Decided: July 15, 2016 <http://pdfserver.amlaw.com/nlj/microsoft_ca2_20160714.pdf>.
 The U.S. Court of Appeals of the 2nd Circuit looked at, among other things, whether the Stored Communications Act (SCA) applies to data stored overseas. (http://pdfserver.amlaw.com/nlj/microsoft_ca2_20160714.pdf)
 Supra n.2.
 Microsoft did partially comply “by providing some metadata and ‘non-content information’ about the customer”, but argued against turning over actual emails stored in Ireland. (https://techcrunch.com/2016/07/14/microsoft-wins-second-circuit-warrant/)
 Supra n.2.
 Supra n.2.
 In its statement, Microsoft first and foremost frames the victory as one of Americans’ privacy rights: “First, this decision provides a major victory for the protection of people’s privacy rights under their own laws rather than the reach of foreign governments. It makes clear that the U.S. Congress did not give the U.S. government the authority to use search warrants unilaterally to reach beyond U.S. borders. As a global company we’ve long recognized that if people around the world are to trust the technology they use, they need to have confidence that their personal information will be protected by the laws of their own country.” (http://blogs.microsoft.com/on-the-issues/2016/07/14/search-warrant-case-important-decision-people-everywhere/#sm.0001kmv44115w0e9tx7rc7guryt44)