Of all the organisations to lay down a marker for privacy in the USA, who would have thought that Microsoft would be the next to step up to the plate?
But that’s what has happened this week as on Thursday they won an appeals court case against the US Government meaning they will not have to hand over emails stored in Ireland.
Microsoft had originally lost the case back in 2014 but went to appeal arguing that if the ruling stood it would create a global “free-for-all” with governments around the world demanding access to data stored in the USA and elsewhere.
In the ruling of the appeals court, US Circuit Judge Susan Carney stated that US law does not “authorise courts to issue and enforce against US-based service providers warrants for the seizure of customer e-mail content that is stored exclusively on foreign servers.”
Microsoft was understandably elated at the decision and called it a victory for individual privacy. “We’ve long recognised that if people around the world are to trust the technology they use, they need to have confidence that their personal information will be protected by the laws of their own country,” they said in a statement.
This statement may have caused a few raised eyebrows amongst privacy campaigners as Microsoft does not exactly have a totally clean slate when it comes to defending user privacy. But nevertheless, it is a ruling that has been welcomed by both privacy organisations and other tech companies.
In court, Microsoft had the support of organisations such as Apple, Amazon, and Cisco, with the later commenting that the ruling “reinforces appropriate safeguards on the U.S. government, and focuses law enforcement on the appropriate use of accepted international agreements.”
The judgement piles yet more pressure on US Congress to pass new legislation to replace the outdated Electronic Communications Privacy Act. This act was passed back in 1986 before even email was in common use never mind the instant messaging programmes most of us use today.
In its ruling, the US Appeals Court said that the Electronic Communications Privacy Act did not anticipate the application of warrant provisions overseas, and it certainly couldn’t have foreseen a world of cloud computing and storage of so much data on massive servers all around the world.
As things stand, the only way the US Government can access data held on overseas servers is to request access via the Government of that country. This is a slow and bureaucratic process and as the Department of Justice said in court, not conducive to the fast-paced nature of modern criminal or national security incidents.
The Government is considering its response to the ruling, but their best option remains to encourage Congress to pass a bill which replaces the chronically outdated Electronic Communications Privacy Act. As Microsoft said after this case, “Our view is we should focus on the future rather than argue about the past.”
They support a Bill which is currently in Congress called the International Communications Privacy Bill. This proposed law would make people subject to the data protection laws of the country where they reside, regardless of where their data is held.
It has some support in Congress but it remains to be seen whether it can muster enough backing to be passed into law, and finally bring the US’s electronic privacy laws kicking and screaming into the 21st Century.