Privacy & Cybersecurity Law Blog

This post has been updated. 

On July 14, 2016, the U.S. Court of Appeals for the Second Circuit held that Microsoft Corporation (“Microsoft”) cannot be compelled to turn over customer emails stored abroad to U.S. law enforcement authorities.

As we previously reported, in April 2014 a judge in the U.S. District Court for the Southern District of New York ruled that Microsoft must release user data to U.S. law enforcement when issued a search warrant under the Stored Communications Act (“SCA”), even if the data is stored outside of the U.S. The case stems from a search warrant seeking the contents of all emails, records and other information regarding one of Microsoft’s email users. Microsoft complied with the warrant by producing “non-content” information related to the account (which is stored on U.S. servers), but refused to turn over the contents of the emails that are stored on a server in Ireland. The company argued that U.S. courts are not authorized to issue warrants for extraterritorial search and seizure of emails. The district court judge found that a search warrant for online data is unlike a conventional warrant, stating that if it were treated like a conventional warrant, the burden on the government would be substantial and law enforcement efforts would be impeded.

In reaching its decision to overturn the lower court’s ruling, the Second Circuit held that “Congress did not intend the [SCA’s] warrant provisions to apply extraterritorially...[and] the SCA does not authorize a U.S. court to issue and enforce an SCA warrant against a United States‐based service provider for the contents of a customer’s electronic communications stored on servers located outside the United States.”

UPDATE: On January 25, 2017, the U.S. Court of Appeals for the Second Circuit denied the U.S. Department of Justice’s (“DOJ's”) request for a rehearing of the case. The DOJ might seek to appeal the decision to the U.S. Supreme Court.