Verizon’s transparency report, the Microsoft case, and ICPA.

By: Craig Silliman
Verizon releases Transparency Report for first half 2016

Verizon is pleased to release our Transparency Report for the first half of 2016. As in the past, this report describes the different types of demands we receive and the types of data that we disclose in response to those demands. During the first half of 2016, we received 135,000 demands for customer information from United States law enforcement. The number of demands that we have received each year has been fairly stable since we made our first report three and a half years ago.

Importantly, none of the U.S. demands counted in this, or any of our prior Transparency Reports – over one million, in total – sought the data of our customers stored in our overseas data centers. Still, last week’s decision by the U.S. Court of Appeals for the Second Circuit holding that the U.S. government could not use a warrant to reach email that Microsoft stored in overseas email servers is an important one. Although we were not involved in the dispute with the U.S. government, Verizon filed a so-called “friend of the court” brief with the Second Circuit and the lower court to explain our views. We wanted to ensure that our customers outside the United States have confidence that the U.S. government cannot compel Verizon to turn over their data stored in our overseas data centers. Last week’s decision makes clear that is the law and refutes contrary assertions by competitors in Europe that, in an effort to win business away from U.S.-headquartered companies, have been inaccurately asserting that U.S. warrants have extraterritorial reach.

At bottom, the case was about a legal doctrine called the “presumption against extraterritoriality.” In 1909, U.S. Supreme Court Justice Oliver Wendell Holmes stated that “all legislation is prima facie territorial.” That is, as the Supreme Court explained just over a hundred years later in 2010, “when a statute gives no clear indication of an extraterritorial application, it has none.” All three judges in last week’s decision agreed that Congress had not stated a clear desire that warrants can apply extraterritorially – and thus the U.S. government could not use a warrant to access emails stored in Ireland.

We live in a world where networks, databases and platforms do not correspond to national borders. While last week’s decision is important in defining what the law is today, there is much work still to be done because it doesn’t answer the policy question of what the law needs to be going forward. To that end, a number of companies, including Verizon, have worked with Congress to obtain a sensible solution that brings clarity to the law and protects the privacy of our customers. Since 2014, we worked with Senators Hatch, Coon, and Heller’s staffs on the LEADS Act (The Law Enforcement Access to Data Stored Abroad Act, which they introduced that fall and then again, in 2015, in the next Congress. That bill has been reworked, renamed – now ICPA, the International Communications Protection Act, and reintroduced in the Senate and also the House.

ICPA would set a clear and reasonable limit on the U.S. government’s ability to use a warrant to obtain data stored outside the United States. Under the bill, the U.S. government could obtain the content of a U.S. citizen or a person in the U.S. with a probable cause warrant, regardless of where the data are stored. But, if a non-U.S. customer stores content in one of Verizon’s data centers outside the United States, the U.S. government could only obtain those records by working with the government of the country in which the records are stored, such as through a Mutual Legal Assistance Treaty. ICPA also would take an important first step towards improving and simplifying the complicated MLAT process.

ICPA’s approach seems to offer a balanced approach to respecting the sovereignty of other countries, the needs of law enforcement and the privacy of all countries’ citizens. As we have long warned, and highlighted in the briefs we filed with the courts, if the U.S. government can demand access to overseas customers’ data stored outside the U.S., other governments will demand the same for data from U.S. customers stored within the U.S., threatening the privacy of U.S. citizens. ICPA would also protect the privacy of our overseas customers by sensibly assuring, as did the Second Circuit’s decision, that the U.S. government must work with the overseas government, with due regard for its laws, if it wants to obtain the communications of our overseas customers stored in our overseas data centers.

We will continue to support the ICPA bill. More generally, we look forward to leading and participating in discussions to address these important issues internationally.

About the author(s): 

Craig Silliman is Verizon’s General Counsel and Executive Vice President for Public Policy. He leads Verizon’s legal, regulatory, public policy, government affairs and security groups. Before assuming his current position in January 2015, Silliman was senior vice president for public policy and government affairs, with responsibility for Verizon's global public policy, federal and state legislative affairs, federal regulatory affairs, strategic alliances, national security, privacy and corporate citizenship.  Prior to that, Silliman served in a number of other senior management roles at Verizon. He was senior vice president and general counsel for Verizon's wireline consumer, business and wholesale groups globally, and senior vice president and deputy general counsel, with responsibility for antitrust, intellectual property, national security, privacy and strategic product support.