Privacy International warns of global risk to citizens if Microsoft loses US data access appeal

Privacy International warns of widespread privacy violations if Microsoft loses US data access appeal

The privacy rights of every person in the world are at risk of violation if the US government’s legal bid to seize data stored on Microsoft servers located in Ireland succeeds, Privacy International has warned.

The privacy campaigners made the claim in an amicus brief, filed before the US Supreme Court, where an appeal against a previous ruling, preventing US law enforcers from accessing emails stored in Microsoft datacentres in Ireland, is being heard.

Scarlet Kim, legal officer at Privacy International, said if the appeal succeeded it would give law makers an unprecedented amount of power and control.

“There is no indication that Congress has ever considered giving the Executive this type of sweeping authority,” said Kim. “If the US government prevails, it would set the stage for repeated violations of the privacy rights of people all over the world.”

In light of these concerns, Privacy International has joined forces with 25 human rights and digital rights advocates to create this amicus brief for the Supreme Court to mull over.

Separate amicus briefs are also known to have been submitted in recent days, in support of Microsoft, from other privacy groups, as well as software industry trade associations and related special interest groups. 

“[It seeks to] inform the Supreme Court of how the US government’s position undermines foreign data protection laws – including those of Ireland and the European Union – which operate to protect the fundamental right to privacy,” Kim added.

The long-running case dates back to December 2013, when the US government obtained a warrant, under the terms of the Stored Communications Act, to force Microsoft to hand over emails and other personal information belonging to one of its users.

The information in question is thought to be linked to an investigation into narcotics trafficking in the US, and much of it is known to be stored on Microsoft servers in Dublin.

While the software giant partially complied with the warrant, by disclosing information stored on servers in the US, it has refused – so far – to hand over any of the user data located in its Irish datacentres.

This is on the basis that the Stored Communications Act does not authorise the US government to seize data stored in overseas territories.

In July 2014, the US Federal Court ruled Microsoft had to comply with the data access request, prompting an appeal by the software giant on the basis that the information being sought belonged to its customers and not the company itself.

Two years later, this decision was overturned by the Court of Appeal, but – in October 2016 – the US Department of Justice appealed against that ruling too, paving the way for the Supreme Court hearing now taking place.

Read more about the Microsoft data protection case

  • The US Department of Justice is considering going to the Supreme Court after an appeals court refused to revisit its July 2016 landmark ruling blocking government access to Microsoft servers in Ireland.
  • Tech firms, civil liberties groups and trade bodies welcome what could be a landmark ruling by a US court in protecting the privacy of cloud services.

As all this legal wrangling has taken place, Microsoft’s position on this matter has won the support of various privacy campaigners, as well as competing technology firms, who fear customer trust in their platforms could be eroded if the US government gets its way.

Furthermore, there are also concerns that being made to hand over data stored in other countries could result in tech firms falling foul of local data protection laws.

“The US government’s demand that Microsoft hand over data stored in Ireland also creates an untenable situation for many other companies,” the Privacy International statement reads.

“Companies would increasingly be in the position of having to potentially violate the laws of the countries in which they operate in order to comply with warrants issued in the US.” 

Read more on Infrastructure-as-a-Service (IaaS)