Would you impose a rule you set up for your child when they were 4 today, when they are 36? Probably not since the person has changed, matured, and is much more complicated today than they were 32 years ago. Unfortunately, there is a case in the Supreme Court right now trying to decide how a law enacted in 1986 applies to todays much more international cloud landscape. United States v. Microsoft boiled down is a simple case but with major implications. In 2013, US Law enforcement was investigating a drug trafficking case and needed access to a person’s emails. Therefore, they issued a search warrant to Microsoft for the user’s data. Microsoft handed over all the data that was housed on American servers, unfortunately the user had registered their account in Ireland which meant that most of the user’s data was stored on Irish servers. Here is where the dilemma for the Supreme Court comes up. Does 1986’s Stored Communications Act (SCA) apply to data stored internationally by American Corporations? The Stored Communications Act allows emails and other communications to be obtained by the US Government from tech companies. and with that definition the sides are made clearer; Microsoft insists that the US Government should work with Irish authorities to obtain the Irish server held data and the US Government insists that their warrant should suffice since Microsoft can obtain the Irish server held data from within the US.
Whatever the ruling there are massive data privacy implications. If the Supreme Court rules in favor of Microsoft, a loophole would be opened where corporations could potentially store incriminating data of wrong doing on a server in a country that the US does not have a MLAT (Mutual Legal Assistance Treaty) with which could slow or even stop any legal proceedings where the data stored is key evidence. However, if the Supreme Court rules in favor of the US Government it could open data stored on US Servers to similar international reach from other countries. Countries that may not have the same data and personal privacy laws as the US, potential allowing US Citizens Data being exposed to potential unknown threats. There is no easy answer to this question and it appears that the Justices would much rather Congress make the point moot, via newly introduced legislation.
The CLOUD Act (Clarifying Lawful Overseas Uses of Data Act), which was introduced in 2018, sets out to make clear that the 1986 Stored Communication Act does apply to overseas data, and allows corporations to challenge orders that may violate the other countries laws. The Act also allows other countries similar access to US stored data. The act setups up a process for setting up agreements with foreign governments for US Corporations to turn over the US stored data in response to foreign requests. The agreement would be reviewed by congress and the foreign country must have basic privacy and human rights laws in place. A much more elegant solution to the problem at hand but not without its own critics; Data Privacy advocates feel this act gives Law Enforcement too much access to information. Right now, the decision is up to the supreme court and a decision to either side would undoubtedly apply pressure to congress to enact the Cloud Act to essentially overturn any Supreme Court decision.
For more detailed information, visit the links below: