Amicus brief: U.S. search warrants do not apply to data stored overseas
Today, Verizon filed an amicus brief in support of Microsoft’s appeal to reverse a federal court’s decision that allowed the U.S. government to use a warrant to compel Microsoft to produce a customer’s email stored overseas. We were joined on our brief by Cisco, Hewlett-Packard, eBay, salesforce.com and Infor. The case does not involve Verizon or any Verizon customers’ data. Indeed, Verizon has not received any warrants from the U.S. government for customer data stored in our enterprise data centers outside the United States and we do not expect to receive such demands.
Still, we have submitted this brief in order to turn back an unlawful overreach by the U.S. government. The law does not allow the U.S. government to use a search warrant to obtain customer data stored overseas. The U.S. Supreme Court has reiterated many times that U.S. statutes are presumed not to have extraterritorial application unless Congress “clearly expressed” its “affirmative intention” to the contrary.
Congress has not clearly expressed its intention in any U.S. statutes that domestic warrants should apply to data stored in other countries. And there is good reason for that. For starters, the data at issue (the contents of private emails) belongs to a customer, not to the provider. Moreover, if U.S. law were to require a U.S. business to turn over customer data stored overseas it would conflict with the laws of many other countries that protect the privacy of such data and limit disclosure outside the country in which the data is stored. Furthermore, permitting the U.S. government to use a warrant to obtain data stored overseas would just encourage foreign governments to claim that they can obtain data stored in the U.S., which would threaten the privacy of Americans. So, instead, Congress ratified a number of treaties (some are known as Mutual Legal Assistance Treaties, or MLATs) that allow the U.S. government to request data through the foreign government of the country in which it is stored, consistent with that country’s laws.
In this case, Microsoft stored the customer’s email content in Ireland. Ireland’s Minister for Data Protection has made clear that “when governments seek to obtain customer information in other countries they need to comply with the local laws in those countries.” Congress did not clearly express its intent to put a U.S. business in the precarious position of violating the local laws of countries where customer data is stored in order to comply with a U.S. search warrant. Rather than using a search warrant, the U.S. government should instead have followed the procedures of the Mutual Legal Assistance Treaty between the U.S. and Ireland to request the information it needed from the government of Ireland in a manner consistent with Ireland’s laws.
We strongly believe in the rule of law and the privacy interests at stake in this case. Even though we have not received a warrant from the U.S. government seeking Verizon customers’ data stored overseas, we have urged all three branches of our government (the courts, the Department of Justice and Congress) to set clear limits on the government’s use of such warrants. This summer, for example, we worked with Senators Hatch, Coons and Heller’s staffs on the LEADS Act, which would allow the government to use a warrant to force a U.S. company to produce customer data stored overseas only when the customer was a U.S. person. Such a bill, if passed, would bring much needed clarity to the law and protect the privacy of our customers.
We hope the Court of Appeals will recognize the significant issues associated with the use of a warrant in this case and overturn the Magistrate’s decision. But regardless of the outcome here, Verizon will continue to work to further the privacy interests of our customers.