DOJ Says Microsoft Email Privacy Case No Longer Necessary Thanks to “Cloud Act” – Hits Microsoft with New Warrant
by Josh Anderson
WASHINGTON, D.C. — President Trump included a provision titled The Cloud Act into the Government Spending Bill signed March 23, and the Department of Justice believes that the directive provides all of the guidance needed to close the books on the long-standing, and controversial, legal battle facing Microsoft over data privacy — with U.S. Solicitor General Noel Francisco saying in the official brief that the case is now “moot.”
The case at hand began in 2013 when U.S. officials demanded that Microsoft hand over emails stored in a server in Ireland that could potentially lend insight into a drug trafficking case. In response, Microsoft asserted that sharing data abroad would be in violation of relevant international data privacy treaties. They specifically argued that no U.S. law provided the legal clarity needed. Since then, the battle between Microsoft and the U.S. government has escalated to the Supreme Court.
However, the Cloud Act establishes a legal pathway for the United States to form agreements with other countries, in which the U.S. law enforcement will find it significantly easier to collect data such as Microsoft’s — even if it is housed on foreign soil. The Cloud Act also includes a “comity analysis” that would protect any privacy laws of another country from being violated.
Both the U.S. Government and Microsoft are proponents of the directives in the Cloud Act, however proponents of civil liberties and advocates of data privacy, including Amnesty International and the American Civil Liberties Union, have been quick to denounce the regulation.
“The bill purports to address complaints that current mechanisms for foreign governments to obtain data from U.S. technology companies are slow, requiring review by the Justice Department and a warrant issued by a U.S. judge pursuant to the mutual legal assistance (MLA) process. The solution it proposes, however, is a dangerous abdication of responsibility by the U.S. government and technology companies,” wrote Neema Singh Guliani on the Lawfare Blog.
“The very premise of the current CLOUD Act—the idea that countries can effectively be safe-listed as human-rights compliant, such that their individual data requests need no further human rights vetting—is wrong,” continued Guliani. “The CLOUD Act requires the executive branch to certify each of these foreign governments as having “robust substantive and procedural protections for privacy and civil liberties” written into their domestic law. But many of the factors that must be considered provide merely a formalistic and even naïve measure of a government’s behavior.”
In the same brief issued to the Supreme Court, the U.S. Government slapped Microsoft with a search warrant on March 30 to obtain the highly sought email content. “Because Microsoft has thus far refused to comply with the original warrant,” wrote Solicitor General Francisco. “the government has determined that the most efficient means of acquiring the information sought is through a new warrant under the CLOUD Act.”