Could SCOTUS break the cloud?

In oral arguments on a critical data access case, the Supreme Court justices examined whether a 1986 communications privacy statute can be adapted to cloud computing.

Shutterstock ID ID: 222190471 By wk1003mike
 

Oral arguments in U.S. vs. Microsoft Corp., a case examining the reach of law enforcement power on communications stored abroad by American firms, focused more on statutory interpretations than it did on the nature of computing.

The case hinges on a reading of the Stored Communications Act, a section of the 1986 Electronic Communications Privacy Act, which allows law enforcement to access remotely stored communications through legal instruments. Microsoft, faced with a demand from the Drug Enforcement Administration, in 2013 declined to produce emails about a customer because the data was stored in Ireland.

Microsoft's position, which has been upheld by a ruling in the Second Circuit Court of Appeals, is that U.S. laws don't reach into its Irish servers, and that the DEA would have to seek production via an existing mutual legal assistance treaty with Ireland before Microsoft would have to comply. To do otherwise, Microsoft argues, risks violating both customer agreements and Irish and European Union privacy law.

The cloud industry, largely led by U.S. providers, is concerned that an adverse decision will chill business opportunities in global markets.

The government's position, argued by Michael R. Dreeben, deputy solicitor general, is that the production of information by a U.S. company in a U.S. court is "domestic conduct," whether or not the production involves the company's overseas facilities.

A few justices at times seemed a bit daunted by the technological aspects of the case in their Feb. 27 questioning, particularly when it came to understanding what actually occurs when a U.S. law enforcement agency requires production of data stored abroad.

"A human being doesn't have to do it. It is a robot," explained Microsoft attorney E. Joshua Rosenkranz. "And if you -- if you sent a robot into a foreign land to seize evidence, it would certainly implicate foreign interests."

Rosenkranz also said that individual emails aren't broken up and stored in multiple sites across multiple countries. "No one actually breaks up the e-mail into shards, certainly not in this case. That's not what Microsoft does. And that is not, it turns out, what Google does either -- excuse me, that is not what the other service provider does either in the context of these other cases that are being heard here," he said.

Justice Samuel Alito wondered if the ephemeral nature of digital content should come into play. "The whole idea of territoriality is strained," he said during questioning. An email "physically exists on one or more computers somewhere, but it doesn't have a presence anyplace in the sense that a physical object has a presence someplace," he said.

Chief Justice John Roberts wanted to know if Microsoft could market services that guarantee users freedom from the reach of U.S. law enforcement as a feature.

Rosencranz rejected that suggestion, saying that, according to publicly disclosed information, just 54 emails out of 60,000 sought by government are shielded under the terms of the Second Circuit ruling. Rosenkranz said users seeking to do business outside the reach of law enforcement have other options.

"They use services that are sold specifically with the -- with the promise that we have no U.S. presence, and, therefore, you can trust us to keep it under lock and key from the U.S. government," Rosenkranz said.

Justice Ruth Bader Ginsberg raised the issue of impending legislation, and wondered if it didn't make sense to wait for the law to be updated.

"If Congress takes a look at this, realizing that much time… and innovation has occurred since 1986, it can write a statute that takes account of various interests," Ginsberg said. "And it isn't just all or nothing. So wouldn't it be wiser just to say let's leave things as they are… if Congress wants to regulate in this brave new world, it should do it?"

Dreeben appeared disinclined to let the wheels of Congress turn on the Clarifying Overseas Use of Data Act, sponsored by Sens. Orrin Hatch (R-Utah) and Chris Coons (D-Del.)

"It's not been marked up by any committee. It has not been voted on by any committee. And it certainly has not yet been enacted into law," Dreeben said. "And I think this Court's normal practice is to decide cases before it based on the law as it exists, rather than waiting for an uncertain legislative process."

Rosenkranz said Microsoft doesn't want to see the Supreme Court innovate on the 1986 law just for the sake of deciding this case and establishing a legal framework for overseas data access.

"If you try to tinker with this, without the tools that -- that only Congress has, you are as likely to break the cloud as you are to fix it," he said.