It’s been a pretty good week for privacy advocates. First, a Federal Court judge ruled that the government couldn’t use secretive electronic devices to spy on suspect locations without a warrant, and now a three-judge panel of the Second Circuit Court of Appeals in New York has ruled that the Department of Justice cannot compel Microsoft to hand over email data stored on a server in Ireland.
In handing down the ruling, the appeals court panel said, “Warrants traditionally carry territorial limits…law enforcement officers may be directed by a court-issued warrant to seize items at locations in the United States and in United States-controlled areas, but their authority generally does not extend further.”
According to a statement from the software giant, Microsoft hailed the ruling as important for three reasons: “It ensures that people’s privacy rights are protected by the laws of their own countries. It helps ensure that the legal protections of the physical world apply in the digital domain. And it paves the way for better solutions to address both privacy and law enforcement needs.”
There is speculation that the ruling could have major consequences for how companies choose to treat sensitive customer or user data in the future. Some are even going as far as to say that U.S. companies will start to move data overseas to keep it out of the hands of an increasingly intrusive U.S. government.
The ruling stems from a 2013 action where federal agents served a search warrant at the Microsoft headquarters office in Redmond, Washington to demand information about an account suspected of being used in illegal drug trafficking. Microsoft turned over basic details about the account, but refused to transfer actual email messages because they were stored on a server in Ireland. Microsoft asserted that handing over data served on foreign servers could violate laws in countries where they are located.