Can U.S. Government Use a Warrant to Require a U.S. Company to Produce Data About a Non-U.S. Citizen?


Fresh and interesting article posted on PatentlyApple about Apple, Cisco and AT&T filling amicus curiae briefs supporting Microsoft in its appeal of a decision requiring it to hand over data about an Irish customer to U.S. law enforcement officials. 

Happy reading!

"Microsoft's case to prevent the United States government from using search warrants to demand data that is not stored in the United States has picked up a number of high-profile backers. Although Verizon, AT&T and the Electronic Frontier Foundation are supporting Microsoft's position, it was Apple and Cisco's legal teams that filed a joint amicus brief with the court in the Southern District of New York late on Friday. Apple makes the case that it offers iCloud services to customers for storing photos, contacts, calendars, documents and more. Because some of those servers are located outside the United States, Apple is subject to, or may become subject to, various foreign laws regarding data transfer. Apple further noted that "neither the broad economic interests nor the political interests of the United States will be served if foreign citizens believe that they are better off not doing business with U.S. based companies" – due to the overreach of US government search warrants.

The following is from the Apple-Cisco Amicus Brief filed with the court on Friday, June 13, 2014.
The Background
The Government served Microsoft with a search warrant directing it to produce the contents of a customer's email account. Microsoft determined that it had stored the responsive email content on a server in Dublin, Ireland, which was leased and operated by its wholly-owned subsidiary. Rather than produce the email content, Microsoft produced only non-content data stored in the United States and moved to quash the warrant to the extent it required Microsoft to conduct an exterritorial search at the government's behest.
The Magistrate denied Microsoft's motion, upheld the warrant and commanded Microsoft to produce data stored in Ireland. In doing so, the Magistrate held that the Stored Communications Act creates a special "SCA warrant" that is a hybrid between a Rule 41 Warrant and a subpoena. The Magistrate treated the "warrant" as a subpoena and held that Microsoft had "possession, custody, or control" over information stored in Ireland, and must produce the email content.
The Magistrate examined ECPA's structure and legislative history and found it trumped Rule 41's limitations, erroneously concluding that Congress intended the SCA to apply extraterritorially because it was "unlikely" to have intended for the Government to comply with the MLAT process.
The Magistrate's decision did not mention international law, possible conflicts of laws, or the burden on providers of complying with conflicting legal regimes. The Magistrate made no findings regarding (1) whether there were any treaties between Ireland and the United States; (2) whether the Irish government was slow to respond to U.S. law enforcement requests; or (3) whether the Irish government would refuse this request.
The Argument
The argument presented by Apple and Cisco states that "The Magistrate's analysis improperly ignores the interplay of foreign and domestic laws when determining whether the government can use a warrant to require a U.S. company to produce data about a non-U.S. citizen when the data is held by a foreign subsidiary and stored in a foreign location. Rather than ignoring foreign law, courts should examine possible conflicts of law, inquire into the weight of the U.S. government's interest in each case, and determine whether those interests are sufficiently compelling to outweigh principles of international law, comity, sovereignty, and reciprocity, such that the government may circumvent U.S. treaty obligations.
The Magistrate's failure to include a more thorough international law and comity analysis has serious consequences and, if followed by other courts, is likely to put Apple and other providers in the untenable situation of being forced to violate one nation's laws to comply with another.
The Magistrate's error is compounded by the weak reasoning underlying his decision to apply ECPA extraterritorially. ECPA contains no express statement about extraterritoriality. It makes no reference to seeking data abroad. Instead of relying on ECPA's plain text and canons of construction that weigh against extraterritorial application of laws, or existing case law finding no extraterritorial application (Zheng v. Yahoo! Inc., No. C-08-1068 MMC, 2009 WL 4430297 (N.D. Cal. 2009)), the Magistrate found that Congress was "unlikely" to have intended to require law enforcement to use the MLAT process because, (1) it is sometimes slow; (2) member states may refuse requests; and (3) it is unavailable when no treaty is in place.
The Magistrate further justified his decision to compel Microsoft to produce data stored abroad based on speculation about how U.S. law enforcement efforts could be thwarted by users and providers in the future. The Magistrate considered activities that did not occur here: whether users can give false addresses to providers to effectuate foreign storage, what would happen if a nation refuses an MLAT request, and what happens when no treaty exists. Order at 18-20. Rather than speculating and using ECPA to reject the MLAT process unilaterally, this Court should evaluate the MLAT with Ireland, the relevant provisions of Irish data protection law, and determine whether the MLAT process was appropriate for this case."
  • The Magistrate Ignored Conflicts of Laws and International Comity In Dismissing the MLAT Process
  • ECPA Does Not Provide a Basis to Forego a Comity Analysis
  • The Magistrate Failed to Consider Possible Conflicts with Foreign Law Which Have a Substantial Impact on Providers.
  • The Magistrate Improperly Rejected the MLAT Process in All Cases
  • Allowing the Government to Avoid the MLAT Process in All Cases Will Place Providers at Greater Risk of Sanction in Foreign Countries
  • Requiring the Government to Use the MLAT Process Has Ancillary Benefits
The Conclusion
In their conclusion, the Counsel for Apple Inc. and Cisco Systems, Inc. states that "The Magistrate erred by giving undue weight to unsupported concerns about the viability of the MLAT process, while ignoring the reality that U.S. providers frequently receive foreign requests for user data that implicate conflicts of laws. The MLAT process plays a vital role in defusing such conflicts. Accordingly, this Court should reject the magistrate's incomplete reasoning. It should also avoid the temptation to oversimplify what, for both service providers and law enforcement, is a complex web of often conflicting national laws on data privacy and law enforcement access, intricate global data flows to support performance and technical needs, and broader issues of diplomacy and comity in international investigations.
Furthermore, viewing the use of warrants in these circumstances as protecting U.S. interests is short-sighted. Neither the broad economic interests nor the political interests of the United States will be served if foreign citizens believe that they are better off not doing business with U.S. based companies. Based on the evolution of the case, the Court should reject the effort to apply ECPA extraterritorially, and conclude that absent further Congressional action, the MLAT process remains the appropriate vehicle for the retrieval of foreign user data stored abroad".


Follow me on Twitter @tdubuisson or check my professional profile on LinkedIn: http://www.linkedin.com/in/thomasdubuisson

Comments

Post a Comment

Popular posts from this blog

Ethical Coffee Company Sues Nestlé Nespresso For €150m

Image
Fresh and interesting article posted by WIPR  concerning a European patent for a "device for preparing a drink extracted from a capsule", owned by Ethical Coffee Company (ECC). As you all know, Nespresso machines brew espresso from coffee capsules, a type of pre-apportioned single-use container of ground coffee and flavorings. In the case at hand, ECC, a Swiss Company, also creating capsules compatible with Nespresso machines, is suing Nestlé, in Paris, for alleged patent infringement. In other words, ECC is not happy with the way Nestlé modified the Nespresso machines back in 2010, keeping competitors’ capsules out of them and, more importantly, violating the patented "harpoon mechanism". Happy reading! "The man who oversaw  Nestlé’s Nespresso brand of coffee machines  has sued his former employer for alleged patent infringement.   Ethical Coffee Company , which makes coffee capsules that can be used in the Nespresso machine, has claimed that
Read more

A Look Inside The Apple Watch : Intellectual Property Rights And Future Legal Battles

Image
It is not just a watch. It is a masterpiece of intellectual property (IP) rights. It is not just a revolutionary product. It is the next chapter in Apple Inc.’s story. Apple believes in technology designed for the wrist (such as a smartwatch), but also in a strong design patent protection strategy. To protect this wearable, as a result of their investment, Apple applied for and received several design patents. Every detail is protected: the drawer where the watches are shown, the bracelet, the “slide-in” interchangeable strap system mechanism, the digital crown, the display, the charger, the retail box, etc. Future innovations will however continue to copy this kind of consumer products and challenge the Courts. In this context, developing and/or acquiring intellectual property rights may create a solid foundation for growth and success. Indeed, a winning exploitation of IP assets, including but not limited to know-how, patents, trademarks, aligned with your passion for innovati
Read more

Jouets connectés : Méfiez-vous des poupées et robots qui violent la vie privée de vos enfants... et la vôtre !

Image
C ’est la période des fêtes : le moment est venu de trouver le prochain cadeau de vos enfants ! Les Playmobil et Lego étant un peu trop muets à votre goût, vous penchez cette année pour les jouets dits « connectés », tels la poupée « My Friend Cayla » et le robot « I-QUE ». Méfiez-vous, bien qu’innovants, ces jouets ne respectent pas toujours la vie privée de vos enfants ! Il n’en fallait bien pas moins à la CNIL pour mettre la main dessus… Source Qu’est-ce qu’un objet connecté ? Les objets connectés sont des objets dotés de moyen de communication avec ou sans fil (Wi-Fi, Bluetooth) qui prennent souvent la forme d’objets d’apparence anodine (poupées, robots, etc.) et qui collectent des informations. On les retrouve dans de nombreux domaines, comme la domotique, le sport, le bien-être et la santé, les activités de loisirs, etc. Ces objets peuvent être autonomes ou peuvent fonctionner avec un smartphone ou une tablette. Ce dernier sert de télécommande pour les contrôler
Read more