The Fight Over Overseas Data

The Fight Over Overseas Data

This past June, the U.S. Department of Justice (DOJ) petitioned the U.S. Supreme Court to review the Second Circuit’s decision invalidating a Section 2703 warrant that would have allowed the U.S. government to access Microsoft user data stored on an overseas server. ^[1] In a document recently submitted to the Supreme Court in support of its petition, the DOJ argues that the Second Circuit decision had already frustrated “dozens of investigations” into such serious federal crimes as human trafficking and child exploitation. ^[2] According to the DOJ, the Microsoft decision broke with over two decades of federal law enforcement practice in obtaining overseas data through valid search warrants “merely because the company chooses in its sole discretion to store the electronic data sought by the warrant on its own overseas servers.” ^[3]

Technology companies, on the other hand, contend that the government’s demand for data stored outside the United States is unnecessary and raises business and legal risks. They argue that, in most cases, the government can use mutual legal assistance treaties (MLATs) to obtain what it wants. ^[4] Allowing the government to force companies to turn over data stored overseas will also hurt business by making users in foreign countries wary of data security and potential abuses by the U.S. government.^[5] This is especially true in light of revelations by Edward Snowden about the U.S. government’s broad data-surveillance scheme. ^[6] Technology companies may also face mounting legal challenges in foreign countries with more stringent data privacy standards. When U.S. law enforcement uses a warrant to request that companies turn over electronic data on overseas servers, the companies are forced to choose between refusing to comply with the warrant in order to comply with privacy laws in the host countries or catering to U.S. law enforcement and risk violating the host countries’ privacy laws. ^[7]

The DOJ does not agree. It points out that the United States does not have MLATs with most countries and, even when it does, the practical difficulty of obtaining overseas data—as information service providers constantly shift data from one place to another—makes MLATs hardly a viable choice for collecting data. ^[8] It also argues that the MLAT process is too time-consuming for “time-sensitive investigations and other emergencies.” ^[9] As for the conflict-of-law issue, the DOJ states it is not aware of any situation where a technology company had to violate a local law in order to comply with the DOJ’s data request. ^[10]

Up until now, 11 magistrate and district judges in five circuits have rejected the Second Circuit’s position denying the government’s right to such data, which, according to the government, may create a potential circuit split. ^[11] Moreover, the ongoing debate between technology companies and the U.S. government demonstrates the need for striking a balance between individual privacy rights and the government’s interests in facilitating criminal investigations—ordinarily the Judiciary’s job. The question remains whether the Supreme Court should intervene in this matter, which has potential ramifications for foreign relations, i.e., allowing the U.S. government to collect data from foreign countries may raise sovereignty concerns. Maybe it is better left to the Congress to establish legal standards regarding law enforcement access to extraterritorial communications.