Case No. 17-2| 2d Cir. Decision
In the midst of an investigation into illegal drug activity, the government issued a search and seizure warrant for the data pertaining to a specific Microsoft email account. There was probable cause to believe that the account was being used to further the illegal drug trade in the United States. The warrant required disclosure of email contents, records regarding the identification of the account, and records of communications between Microsoft and other persons regarding the account itself. Microsoft moved to quash the warrant on the grounds that the data the warrant required was in a data center in Dublin, Ireland, and the Stored Communications Act (“SCA”) restricts access to foreign servers. A magistrate judge denied Microsoft’s motion, holding that the relevant place of seizure for SCA purposes is where the government would review the content rather than the location where the content was stored. Thus, because the government would be reviewing the content from the execution of the warrant in the United States, the SCA did, in fact, authorize this warrant.
The SCA governs how an electronic communications service—such as Microsoft—can lawfully access electronic communications—e.g., emails—and disclose content from those communications. While both parties fundamentally agree that there is a presumption against extraterritoriality, the parties differ on whether the disclosure of data stored in Dublin violates that presumption. That question ends up turning on the focus of the SCA and determining where the conduct relevant to the statute’s focus takes place. Microsoft, asking the Court to affirm the Second Circuit’s opinion reversing the magistrate judge, argues that the SCA’s focus is on the need to protect users’ privacy interests. It further argues that the invasion of users’ privacy takes place where the customer’s protected content is stored. In this particular case, Microsoft says, the protected content is stored in Dublin. Therefore, executing this warrant would violate the presumption against extraterritoriality.
In contrast, the Government argues that the focus of the statute is on the acts the statute seeks to regulate and the parties or interests that it seeks to protect. This does not occur where the customer’s protected content is stored. Rather, because the statute seeks to regulate the disclosure of electronic records, which occurs in the United States, the Government says, the warrant does not violate the presumption against extraterritoriality.
Thus, the question of this case will turn on where the Court believes the conduct relevant to the focus of the SCA occurs. The answer to that question will have far-reaching significance for future computer privacy issues.