Microsoft believes its refusal to turn over email held in Ireland to the U.S. government got a boost from an opinion of the Supreme Court on Monday, which upheld that U.S. laws cannot apply extraterritorially unless Congress has explicitly provided for it.
In a decision Monday in a separate case on the extraterritorial application of a provision of the Racketeer Influenced and Corrupt Organizations Act (RICO), the Supreme Court set out the ground rules for its analysis, pointing out that “absent clearly expressed congressional intent to the contrary, federal laws will be construed to have only domestic application.” The court was applying a canon of statutory construction known as the presumption against extraterritoriality.
It stated that the “the question is not whether we think ‘Congress would have wanted’ a statute to apply to foreign conduct ‘if it had thought of the situation before the court,’ but whether Congress has affirmatively and unmistakably instructed that the statute will do so."
The statements by the Supreme Court, which were cited on Tuesday in a notice of supplemental authority in the U.S. Court of Appeals for the Second Circuit by Microsoft’s lawyer, E. Joshua Rosenkranz, appear to be in accordance with Microsoft’s own argument that nowhere did the U.S. Congress say that the Electronics Communications Privacy Act "should reach private emails stored on provider's computers in foreign countries."
The proceedings in this high-profile lawsuit have been rather slow, although a decision by the court is eagerly awaited because of its far-reaching implications.
Microsoft provided non-content information held on its U.S. servers in response to the search warrant, but tried to quash the warrant when it concluded that the account and the content of the mails were hosted in Dublin. The company favors instead an inter-governmental resolution to the U.S. demand for access to the emails, through the use of "mutual legal assistance treaties" that the U.S. has with other countries including Ireland.
In an earlier decision, U.S. Magistrate Judge James C. Francis IV of the U.S. District Court for the Southern District of New York had ruled that the warrant under the Stored Communications Act, a part of the ECPA, was "a hybrid: part search warrant and part subpoena." It is executed like a subpoena in that it is served on the Internet service provider, which is required to provide the information from its servers wherever located, but does not involve government officials entering the premises, Judge Francis ruled.
The government has argued that the MLAT procedure through inter-government collaboration is time-consuming, even though Ireland has offered to consider a request for the data under the treaty. Microsoft wants that Congress should be asked for a decision on whether warrants under the ECPA can be executed abroad.
The Supreme Court in its opinion on Monday also adopted a view that appears to tally with the stand taken by Microsoft and its backers on the international implications of a decision against the company.
The court noted that there are several reasons for the presumption that a statute does not have an extraterritorial implication if it gives no clear indication of one, including that “it serves to avoid the international discord that can result when U.S. law is applied to conduct in foreign countries.” Although the risk of conflict between an American statute and a foreign law is not a prerequisite for applying the presumption against extraterritoriality, where such a risk is evident, the need to enforce the presumption is at its apex, the court observed elsewhere in its opinion.
Tech companies are worried that if the appeals court decides against Microsoft, it would scare European cloud and other customers who would be wary of the long arm of U.S. law, particularly after revelations by former National Security Agency contractor Edward Snowden about large-scale domestic and foreign surveillance by the U.S.
The case before the Supreme Court arose from allegations that tobacco and food company RJR Nabisco and related entities participated in a global money-laundering scheme in association with various organized crime groups. The European Community and 26 of its member states first sued RJR in the Eastern District of New York in 2000, alleging that RJR had violated RICO.
Nothing in the text of RICO establishes that Congress meant to allow a provision for private lawsuits to recover for injuries outside the U.S., the Supreme Court ruled. “A private RICO plaintiff therefore must allege and prove a domestic injury to its business or property,” it added.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.