The Second Circuit today issued a much-anticipated ruling holding that U.S. firms are not required to turn over user data stored overseas, even in the face of a government warrant.  This decision arose from Microsoft’s December 2014 appeal of a civil contempt ruling against the tech giant for refusing to turn over the personal data of an MSN email user, data that Microsoft stored in Ireland.

This decision overturns a July 2014 decision by Judge Loretta Preska of the Southern District of New York holding Microsoft in civil contempt for its refusal to turn over the foreign data.  To secure that 2014 contempt citation, the government argued that § 2703 of the Stored Communications Act, the provision requiring service providers to disclose the contents of stored communications in the face of a valid warrant, applied overseas.  In its appeal, Microsoft emphasized the “presumption against extraterritoriality” the Supreme Court enunciated in its 2010 decision in Morrison v. National Australian Bank.  For a federal statute to apply to conduct in foreign nations, Microsoft claimed, Congress must clearly articulate its intention for the statute to do so.  The Second Circuit agreed.  Finding that “[n]either explicitly nor implicitly does the statute envision the application of its warrant provisions overseas,” the panel held that government could not use § 2703 to force companies to hand over data stored overseas.

This ruling will certainly be heralded as a significant victory for American tech firms.   Dozens of the most prominent American media, telecommunications, and technology companies, as well as issue-advocacy organizations across the ideological spectrum, filed amicus curiae briefs supporting Microsoft’s appeal.

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Stephen M. Byers Stephen M. Byers

Stephen M. Byers is a partner in the firm’s White Collar & Regulatory Enforcement Group and serves on the group’s steering committee. He is also a member of the firm’s Government Contracts Group and E-Discovery & Information Management Group. Mr. Byers’s practice involves…

Stephen M. Byers is a partner in the firm’s White Collar & Regulatory Enforcement Group and serves on the group’s steering committee. He is also a member of the firm’s Government Contracts Group and E-Discovery & Information Management Group. Mr. Byers’s practice involves counseling and representation of corporate and individual clients in all phases of white collar criminal and related civil matters, including: internal corporate investigations; federal grand jury, inspector general, civil enforcement and congressional investigations; and trials and appeals.

Mr. Byers’s practice focuses on matters involving procurement fraud, health care fraud and abuse, trade secrets theft, foreign bribery, computer crimes and cybersecurity, and antitrust conspiracies. He has extensive experience with the federal False Claims Act and qui tam litigation, the Foreign Corrupt Practices Act, the Economic Espionage Act, and the Computer Fraud and Abuse Act. In addition to defense of government investigations and prosecutions, Mr. Byers has represented corporate victims of trade secrets theft, cybercrime, and other offenses. For example, he represented a Fortune 100 U.S. company in parallel civil and criminal proceedings that resulted in a $275 million criminal restitution order against a foreign competitor upon its conviction for trade secrets theft.

Photo of Jeffrey L. Poston Jeffrey L. Poston

Jeff Poston is a partner in Crowell & Moring’s Washington, D.C. office, where he serves as co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and is a member of the Litigation Group. A seasoned trial lawyer with more than 25 years…

Jeff Poston is a partner in Crowell & Moring’s Washington, D.C. office, where he serves as co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and is a member of the Litigation Group. A seasoned trial lawyer with more than 25 years of experience leading investigations and litigation for corporate clients, Jeff counsels and defends clients in complex data protection matters involving class-actions and regulatory enforcement actions, as well as commercial disputes. Jeff also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

Photo of Evan D. Wolff Evan D. Wolff

Evan D. Wolff is a partner in Crowell & Moring’s Washington, D.C. office, where he is co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and a member of the Government Contracts Group. Evan has a national reputation for his deep technical…

Evan D. Wolff is a partner in Crowell & Moring’s Washington, D.C. office, where he is co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and a member of the Government Contracts Group. Evan has a national reputation for his deep technical background and understanding of complex cybersecurity legal and policy issues. Calling upon his experiences as a scientist, program manager, and lawyer, Evan takes an innovative approach to developing blended legal, technical, and governance mechanisms to prepare companies with rapid and comprehensive responses to rapidly evolving cybersecurity risks and threats. Evan has conducted training and incident simulations, developed response plans, led privileged investigations, and advised on hundreds of data breaches where he works closely with forensic investigators. Evan also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). He is also a Registered Practitioner under the Cybersecurity Maturity Model Certification (CMMC) framework.

Photo of Kate M. Growley, CIPP/G, CIPP/US Kate M. Growley, CIPP/G, CIPP/US

Kate M. Growley (CIPP/US, CIPP/G) is a director in Crowell & Moring International’s Southeast Asia regional office. Drawing from over a decade of experience as a practicing attorney in the United States, Kate helps her clients navigate and shape the policy and regulatory…

Kate M. Growley (CIPP/US, CIPP/G) is a director in Crowell & Moring International’s Southeast Asia regional office. Drawing from over a decade of experience as a practicing attorney in the United States, Kate helps her clients navigate and shape the policy and regulatory environment for some of the most complex data issues facing multinational companies, including cybersecurity, privacy, and digital transformation. Kate has worked with clients across every major sector, with particular experience in technology, health care, manufacturing, and aerospace and defense. Kate is a Certified Information Privacy Professional (CIPP) in both the U.S. private and government sectors by the International Association of Privacy Professionals (IAPP). She is also a Registered Practitioner with the U.S. Cybersecurity Maturity Model Certification (CMMC) Cyber Accreditation Body (AB).