The Second Circuit today issued a much-anticipated ruling holding that U.S. firms are not required to turn over user data stored overseas, even in the face of a government warrant.  This decision arose from Microsoft’s December 2014 appeal of a civil contempt ruling against the tech giant for refusing to turn over the personal data of an MSN email user, data that Microsoft stored in Ireland.

This decision overturns a July 2014 decision by Judge Loretta Preska of the Southern District of New York holding Microsoft in civil contempt for its refusal to turn over the foreign data.  To secure that 2014 contempt citation, the government argued that § 2703 of the Stored Communications Act, the provision requiring service providers to disclose the contents of stored communications in the face of a valid warrant, applied overseas.  In its appeal, Microsoft emphasized the “presumption against extraterritoriality” the Supreme Court enunciated in its 2010 decision in Morrison v. National Australian Bank.  For a federal statute to apply to conduct in foreign nations, Microsoft claimed, Congress must clearly articulate its intention for the statute to do so.  The Second Circuit agreed.  Finding that “[n]either explicitly nor implicitly does the statute envision the application of its warrant provisions overseas,” the panel held that government could not use § 2703 to force companies to hand over data stored overseas.

This ruling will certainly be heralded as a significant victory for American tech firms.   Dozens of the most prominent American media, telecommunications, and technology companies, as well as issue-advocacy organizations across the ideological spectrum, filed amicus curiae briefs supporting Microsoft’s appeal.

 

Tags: communications data, stored communications act
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Stephen M. Byers Stephen M. Byers

Stephen M. Byers is a partner in the firm’s White Collar & Regulatory Enforcement Group and serves on the group’s steering committee. He is also a member of the firm’s Government Contracts Group and E-Discovery & Information Management Group. Mr. Byers’s practice involves…

Stephen M. Byers is a partner in the firm’s White Collar & Regulatory Enforcement Group and serves on the group’s steering committee. He is also a member of the firm’s Government Contracts Group and E-Discovery & Information Management Group. Mr. Byers’s practice involves counseling and representation of corporate and individual clients in all phases of white collar criminal and related civil matters, including: internal corporate investigations; federal grand jury, inspector general, civil enforcement and congressional investigations; and trials and appeals.

Mr. Byers’s practice focuses on matters involving procurement fraud, health care fraud and abuse, trade secrets theft, foreign bribery, computer crimes and cybersecurity, and antitrust conspiracies. He has extensive experience with the federal False Claims Act and qui tam litigation, the Foreign Corrupt Practices Act, the Economic Espionage Act, and the Computer Fraud and Abuse Act. In addition to defense of government investigations and prosecutions, Mr. Byers has represented corporate victims of trade secrets theft, cybercrime, and other offenses. For example, he represented a Fortune 100 U.S. company in parallel civil and criminal proceedings that resulted in a $275 million criminal restitution order against a foreign competitor upon its conviction for trade secrets theft.

Read more about Stephen M. Byers
Show more Show less
Photo of Jeffrey L. Poston Jeffrey L. Poston

Jeff Poston is a partner in Crowell & Moring’s Washington, D.C. office, where he serves as co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and is a member of the Litigation Group. A seasoned trial lawyer with more than 25 years…

Jeff Poston is a partner in Crowell & Moring’s Washington, D.C. office, where he serves as co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and is a member of the Litigation Group. A seasoned trial lawyer with more than 25 years of experience leading investigations and litigation for corporate clients, Jeff counsels and defends clients in complex data protection matters involving class-actions and regulatory enforcement actions, as well as commercial disputes. Jeff also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

Read more about Jeffrey L. Poston
Show more Show less
Photo of Kate Growley Kate Growley

Businesses around the globe rely on Kate M. Growley to navigate their most challenging digital issues, particularly those involving cybersecurity, artificial intelligence, digital infrastructure, and their intersection with national security. Clients seek her guidance on proactive compliance, incident response, internal and government-facing investigations…

Businesses around the globe rely on Kate M. Growley to navigate their most challenging digital issues, particularly those involving cybersecurity, artificial intelligence, digital infrastructure, and their intersection with national security. Clients seek her guidance on proactive compliance, incident response, internal and government-facing investigations, and policy engagement. With a unique combination of legal, policy, and consulting experience, Kate excels in translating complex technical topics into advice that is practical and informed by risk and business needs.

Kate has extensive experience working with members of the U.S. government contracting community, especially those within the Defense Industrial Base. She has partnered with contractors from every major sector, including technology, manufacturing, health care, and professional services. Kate is an IAPP AI Governance Professional (AIGP) and a Certified Information Privacy Professional for both the U.S. private and government sectors (CIPP/G and CIPP/US). She is also a Registered Practitioner with the U.S. Cybersecurity Maturity Model Certification (CMMC) Cyber Accreditation Body (AB).

Having lived in Greater China for several years, Kate also brings an uncommon understanding of digital and national security requirements from across the Asia Pacific region. She has notable experience with the regulatory environments of Australia, Singapore, Japan, and Greater China—including the growing regulation of data flows between the latter and the United States.

Kate is a partner in the firm’s Washington, D.C., office, as well as a senior director in the firm’s consultancy Crowell Global Advisors, to which she was seconded for several years. She is a founding member of the firm’s Privacy & Cybersecurity Group and part of the firm’s AI Steering Committee. She has been internationally recognized by Chambers and named a “Rising Star” by both Law360 and the American Bar Association (ABA). She has held numerous leadership positions in the ABA’s Public Contract Law and Science & Technology Sections and has been inducted as a lifetime fellow in the American Bar Foundation.

Read more about Kate Growley
Show more Show less
Related Posts
Privacy & Cybersecurity Weekly News Update - Week of July 17
July 25, 2016
Digital Privacy and E-Discovery in Government Investigations and Criminal Litigation
June 24, 2015
BYOD Devices Create Many Challenges for Companies
July 15, 2014