US government appeals to Supreme Court for right to take any data from anywhere

Tech companies are between a rock and a hard place

The US Justice Department has petitioned the Supreme Court to become involved in its long-running case against Microsoft, which deals with the privacy of data held outside the USA.

The case began when the Justice Department sought to view the contents of a Microsoft customer's emails, which were held on a server physically located in Ireland. Microsoft stated that US courts could not issue a search warrant for extraterritorial search and seizure, although the judge later stated that the warrant covered ‘the search and seizure of information associated with a specified web-based email account that is "stored at premises owned, maintained, controlled, or operated by Microsoft."'

A year later, Microsoft was back, arguing in favour of data sovereignty - with support from other tech giants. The company also contested that the government's actions could have an impact on the Safe Harbour negotiations ongoing at the time.

Since then, Safe Harbour has been supplanted by Privacy Shield: an agreement providing companies with a way to transfer personal data from the EU to the US, while also complying with European personal data protection laws such as the GDPR. The US is not counted among those countries with adequate data protection laws, meaning that European data cannot be sent there without Privacy Shield (which deems participating companies as possessing adequate protection).

US government appeals to Supreme Court for right to take any data from anywhere

Tech companies are between a rock and a hard place

So, where are we at now? On the 23^rd June. The US government told the justices that the law entitles it to retrieve overseas data - and that national security is at risk if it cannot do so. It said, "This Court should grant review to restore the government's ability to require providers to disclose electronic communications - which are, in this day and age, often the only or the most critical evidence of terrorism and crime."

This leaves technology providers in a real quandary: they are being asked to comply with court orders that may conflict with the laws of the countries where the data is stored. Utah Senator Orrin Hatch (R), said, "What are providers supposed to do? Whose law do they violate?" Microsoft president Brad Smith added that complying with the US warrants "undermines foreign confidence in American technology companies."

Congress is in the process of trying to design legislation that would support reciprocity agreements with other countries, so that they can take data from the USA in the same manner. However, that presents a separate problem when it comes to countries with very different search-and-seizure laws, like China.

Smith wrote, "It seems backward to keep arguing in court when there is positive momentum in Congress toward better law for everyone. The DoJ's position would put businesses in impossible conflict-of-law situations and hurt the security, jobs, and personal rights of Americans."

If the Court grants the appeal, a hearing is not expected until the autumn.