Widespread adoption of cloud computing has been a game changer for many businesses. However, the high-profile data privacy case that pits Microsoft Corp. against the U.S. Department of Justice may be a prelude to stormy weather. The case, which will be argued in the U.S. Court of Appeals for the Second Circuit on Sept. 9, could determine whether the U.S. government has the power to seize the personal data of a company’s clients, even when that data resides overseas.
The case has attracted a lot of attention because Microsoft and the many companies and organizations that have supported its position fear that an adverse ruling could shake customer trust in U.S. cloud providers. Andrew Pincus, a Mayer Brown partner who filed an amicus brief for the U.S. Chamber of Commerce and other organizations, said that a government win would set a “very dangerous precedent” that could lead other countries to seize data on U.S. servers. “If the U.S. government does the same thing, how is the U.S. government supposed to oppose that?” he said.
Microsoft v. United States (aka the “Microsoft Ireland” litigation) began as a narcotics case. In December 2013, the DOJ, which declined to comment for this report, issued a warrant to access email communications of an unnamed user of Microsoft’s MSN email service in order to investigate drug trafficking. The user’s email records were stored on a Microsoft server in Dublin. But instead of seeking access to the emails through the government’s mutual legal assistance treaty (MLAT) with Ireland, the DOJ ordered Microsoft to copy the records and turn them over. The company refused and lost in the ensuing litigation before a federal magistrate judge and a district judge in the U.S. District Court for the Southern District of New York.