It looks as though the Supreme Court of the United States (SCOTUS) is between a rock and a hard place in the U.S.v Microsoft case. And it doesn’t seem to like it, nor want to be there. As such, it appears - at least from recent oral arguments - that they’d just as soon kick this can down the road and put the ball in Congress’ court - where, by the way, it probably ought to be in the first place, given the knotty circumstances.
I opined a week ago in this space about the prickly position the case has put the justices in. The law upon which the government’s case is built rests on the arcane language of a doughty 1986 communications law. Since the heart of the case is about information residing in the cloud, you can see how untenable it all is for SCOTUS to rule intelligently. I mean, not only was the cloud unheard of three decades ago, it also didn’t have the weight of a $250 billion business (cloud storage today) hanging in the balance.
The parameters have changed drastically in the decades since the 1986 law legislated mainly about paper trails - not data stored in a nebulous cloud - and in a foreign country at that. So just how is a judicial body to rule on unauthorized search and seizure (Fourth Amendment provision) when it is difficult to grasp that which is to be seized? After all, it’s not like searching a desk drawer for a paper document. Microsoft’s chief legal officer, Brad Smith argues exactly this.
Smith, pointing out that this case has many digital privacy ramifications, maintained that “information stored in the cloud should have the same protections as paper stored in your desk,” and that the government’s case rests on a misguided interpretation of a 1986 law that was enacted long before the advent of cloud computing:
“We don’t believe there is any indication that Congress intended such a result.”
And then, there is the issue of territorial integrity and sovereignty, as the information at issue is stored in the cloud in Ireland.
This matter was adjudicated by the Second Circuit Court of Appeals, a federal appellate court located in New York. It decided that a warrant obtained under the 1986 statute does not allow the government to demand emails stored by Microsoft overseas - as mentioned, on a server in Ireland - because the statute does not apply “extraterritorially”, i.e., extending to foreign-stored data. It's ruling certainly holds more sway with the commonplace storage protocols which exist today - more so than a law passed before the cloud was born and before technology reached the global pre-eminence of today.
During the Supreme Court oral arguments, which don’t always foretell how the justices will rule, several justices leaned toward new legislation, i.e., Congressional action, as probably warranted. Both Justices Ginsburg and Sotomayor leaned toward legislation as a way to keep the Supreme Court from boxing itself into a corner. If the Supreme Court is to be the final arbiters, its decision wouldn’t allow for any wiggle-room or interpretation. The liberal-leaning jurists were joined by more conservative ones led by Justice Alito.
Justice Ginsburg specifically expressed concern that if the Court has to rely on the old statute to make a decision in the present environment, it would face an all-or-nothing choice—either the law could apply to data stored abroad in the cloud, or it can’t. On the other hand, …“if Congress takes a look at this, realizing that much time and… innovation has occurred since 1986, it can write a statute that takes account of various interests. And it isn't just all or nothing.”
But, in the meantime, the Supreme Court has a hot-potato and a conundrum. To rule in favor of Microsoft jeopardizes the government’s ability to access the information it needs to thwart the bad guys. Ruling in favor of the government risks impeding US technology companies’ ability to compete globally. Then there’s the foreign equation to consider.
On one hand, the ruling runs the risk of ratcheting-up tensions among the US and foreign governments. On the other, the door could be opened to allowing foreign governments to expect similar access on US soil. Confounding, to be sure. A third option may be in the offing, which if it comes to fruition might make the case before the Supreme Court moot, and obviate the need for a ruling. Codify the whole thing into law.
There is a piece of legislation that I mentioned in my article a week ago. Dubbed, the Cloud Act and introduced by soon-to-retire Utah Sen. Orin Hatch, it appears to have bi-partisan support in Congress. It is already endorsed by tech companies including tech-titans such as Microsoft, Apple, Facebook, and Google.
Some industry observers argue that it is flawed, and may create an opening that law enforcement could widen and exploit. That may be true, but it is better than the all-or-nothing dilemma that a Supreme Court decision would create. It would also have the added benefit of updating an outdated relic of a law. On the face of it, it would seem to me that if a law (albeit an old one) is creating the turmoil, then what would make more sense than to address it with up-to-date legislation? Or, is that too common-sensical for Congress?
Editors note: Stan's views are his own. ProPrivacy.com officially takes the view that the Cloud act is a very dangerous piece of legislation and that the best solution to this issue would be for the Supreme court to rule in Microsoft's favor.
Image credit: By Alex Staroseltsev.