Especially after the Snowden revelations of global mass surveillance by US intelligence agencies at home and abroad, various countries demanded tech companies including Google, Apple, and Microsoft to set-up and maintain their servers in respective countries in order to keep their citizen data within boundaries.
The US government has powers to comply US-based tech companies with the court orders to hand over their customers’ data stored on servers, even if the data centers are beyond US borders.
Now, the recent court decision has proven that the data centers and servers located outside the US boundaries are safe haven.
The Second Circuit Court of Appeals in New York ruled Thursday that the United States government cannot force tech companies to give the FBI or other federal authorities access to their non-US customers’ data stored on servers located in other countries.
US Government Can’t go Beyond its Boundaries to Collect Data
Yes, the Stored Communications Act’s warrant, which allows domestically held data to be handed over to the government, issued by the United States authorities does not apply to electronic data, like emails, held on servers located overseas.
Also Read: I’m Warning You, Don’t Read this Article. It’s a Federal Crime!
The decision [PDF] was Microsoft’s appeal of an SCA warrant originally issued by the US Justice Department in 2014. The search warrant demanded the emails of a Microsoft customer suspected in an international drug trafficking case.
Microsoft provided all the data belong to the suspect that was stored inside the US borders, but the Redmond-based company refused to comply with the warrant when the DoJ asked it to hand over the data the company maintained on servers located in Ireland.
However, the government prosecutors argued that Microsoft must comply to "deliver records, physical objects, and other materials" as long as the data was hosted by a US-based company, according to court documents.
Foreign Land: A Safe Haven
All the Circuit Judges sided with Microsoft, ruling that Congress didn’t intend the warrant provisions of the law in the case — the Stored Communications Act — to apply outside the United States.
"We conclude that Congress didn’t intend the SCA’s warrant provisions to apply extraterritorially," the 43-page decision reads. "The SCA warrant in this case may not lawfully be used to compel Microsoft to produce to the government the contents of a customer’s email account stored exclusively in Ireland."
The decision limits the American Justice Department’s ability to collect foreign communications data from the data centers beyond US borders with a search warrant — even if the company itself is headquartered in the US.
Microsoft general counsel Brad Smith applauded the ruling, saying:
"As a global company we have long recognized that if people around the world are to trust the technology they use, they need to have confidence that their personal information will be protected by the laws of their own country. Today’s decision means it is even more important for Congress and the executive branch to come together to modernize the law."
The Justice Department have not revealed whether the email account owner involved in drug trafficking case is a US citizen and if the suspect has been charged with a federal crime. It is also not clear whether the DoJ will accept the ruling or file an appeal.