In July, the Second Circuit Court of Appeals in New York overturned a ruling in Microsoft v. United States that forced Microsoft to hand over private email correspondence and other data to US law enforcement from servers based in Dublin, Ireland. It was a victory for privacy because the Department of Justice (DOJ) was unable to force compliance of the Stored Communications Act.
But last week, the DOJ expressed interest in re-hearing Microsoft v. United States, once again jeopardizing domestic and international privacy rights. If the decision is overturned, not only will Microsoft’s security be threatened, but so too will all foreign nations that house data owned by any US-based company.
If the July ruling is indeed overturned, the Fourth Amendment will be seriously weakened and taxpayers will have no assurance that continued overreach by the DOJ will be stopped. Not only will future domestic investigations not need a warrant, but neither will those of an international scope. The utter lack of safeguards in place would point to a foreseeable overreach by U.S. investigators and the destruction of the nation’s diplomatic efforts.
The U.S. government would assuredly be mad if a foreign country took private data and intelligence from our soil without a warrant. After all, the U.S. has started wars over more trivial matters. So why would any reasonable court believe that the U.S. has a special “hall-pass” to do whatever it pleases with other nations’ data?
The root of the problem is the Stored Communications Act, which is part of the outdated Electronic Communications Privacy Act (ECPA). Under ECPA, any data held by U.S. companies fewer than 180 days old can be “legally” confiscated by the government.
Of course, the problem with this antiquated policy becomes quite apparent when applied to a modern world - a world where data is consumed at ridiculous rates. ECPA was signed into legislation before personal computers were around and when a gigabyte of storage cost more than $200,000. Nowadays, practically everybody uses a computer and a gigabyte of storage costs just 4 cents.
If the Microsoft case is re-opened, the DOJ would have the ability to use ECPA’s outdated loopholes to circumvent the Fourth Amendment and force data-based companies to comply, regardless of whether or not they have a warrant.
Thankfully, Senators Orrin Hatch (R-Utah), Chris Coons (D-Del.), and Dean Heller (R-Nev.) have already introduced a bipartisan bill that will rectify the problem. Their bill, the International Consumers Protection Act (ICPA), will repeal and replace the antiquated wording of ECPA. The legislation will distinguish between search warrants that seek data held abroad for U.S. persons as opposed to foreign citizens, with the objective of upholding the Fourth Amendment to preserve the privacy rights of Americans.
In a letter to U.S. Attorney General Loretta Lynch, the ICPA co-sponsors explained that, “when technology companies receive demands from U.S. law enforcement to turn over data on behalf of foreign customers, they are forced to make a difficult decision: either comply with the demand and satisfy U.S. law and risk violating the privacy laws of the host country, or challenge U.S. law enforcement’s request in order to comply with the laws of the host jurisdiction.” No legislation should force companies to be placed in such a difficult position, especially given the fact that the legislation threatens the very rights that provided the foundation for the success of firms like Microsoft.
ICPA has the potential to quell the DOJ’s temper tantrum while paving the way for future policy that will protect our data from the “oversight” of policy makers. This will foster the preservation and growth of law enforcement and consumer privacy while respecting the Bill of Rights.
Congress can and will fix the problems with current law. Officials in the DOJ don’t need to mess it up any further by re-opening Microsoft v. United States. Instead, they should open their pocket Constitutions and take another look at the Fourth Amendment.