This is Part Two in a series about Microsoft v. United States, the case in which Microsoft is challenging a search warrant for customer emails that Microsoft stores in Dublin, Ireland. In Part One I summarized the case’s procedural history and gave a quick overview of the main issue. In this Part, I will outline Microsoft’s lead arguments for its request for relief, namely, that the warrant requires Microsoft to perform an extraterritorial search.
To comply with the warrant, Microsoft would have to obtain emails from another country. Although some metadata about the sought emails are stored domestically, the actual contents of the emails are only stored overseas. If Microsoft receives a subpoena or otherwise needs to retrieve an email from overseas, Microsoft’s U.S.-based compliance center uses a computer program to fetch them. This, Microsoft argues, is the point: the warrant requires Microsoft to retrieve emails across jurisdictional lines. ECPA, Microsoft contends, doesn’t say that Microsoft is required to provide the emails in this situation.
Microsoft’s argument is really quite simple: the warrant requires an “extraterritorial” search because it requires obtaining information from outside the country. Since courts typically do not presume that American law applies outside the United States, and because ECPA does not expressly apply extraterritorially, ECPA cannot authorize such a search. The government’s only alternative, Microsoft argues, is for the government to use international mutual legal assistance channels (which use treaty arrangements to obtain assistance from foreign law enforcement agencies) to obtain the emails, not Microsoft’s Washington-based headquarters. (As a bonus argument, Microsoft asserts that “the territorial integrity of foreign nations is so strong that it provides an independent basis on which to invalidate” the warrant.)
Microsoft relies on the text of 18 U.S.C. § 2703, which names two types of process that the government could use to reach the emails. There’s a “warrant,” which is the subject of the lawsuit. There’s also the option of using a “subpoena,” which can reach email content as long as the subscriber whose emails are sought receives prior notice of the subpoena. Microsoft draws a strong distinction between these two forms of process and contends that allowing overseas data retrieval impermissibly converts a “warrant” into a “subpoena”: Whereas “subpoenas” can reach overseas data centers, ECPA warrants have at least one of the same physical limits as an ordinary search warrant. (I’ll discuss the form-of-process argument a bit more in Part Three.)
The government disputes that the ECPA-ordered search implicates the presumption against “extraterritoriality” at all, and both the magistrate judge and the district judge agreed. Since Microsoft is present in the United States (and other places), the government argues, the provider is within the territorial jurisdiction of the United States and thus there is no “extraterritorial” application. Thus, where Microsoft stores its records has no effect on Microsoft’s obligation to turn them over when served with the warrant as long as it has control. (This is closely related to the warrant/subpoena distinction I identified a moment ago, and which I’ll look at more closely in the next post.)
As it turns out, the distinction between “extraterritorial” and “non-extraterritorial” searches is not as easy to apply as either party suggests. The facts suggest that both arguments are plausible. First, procedural facts: the warrant was served domestically, by an agent in Manhattan to a company located in the state of Washington. There are also organizational facts: The organization that houses the data in Ireland exists under Irish corporate law, but is a wholly-owned subsidiary of a United States domestic corporation. Then the technical facts: The sought emails are stored, processed, and served from Ireland and are never routed back through the United States. But Microsoft determines where the emails are stored from its operations in the United States.
Then there are the legal questions: Is a guaranteed extraterritorial effect enough to create an extraterritorial search? Does the presumption against interpreting statutes to apply extraterritorially even apply to search and seizure? Can a court authorize a search that might have effects outside the United States? Does having jurisdiction over the head of the company mean that the court also has jurisdiction over the tail? These are issues that have bedeviled courts in cases about Internet law, and this one will be no exception.
In Part Three, I’ll discuss the second half of Microsoft’s argument, which focuses on the form of legal process used to obtain the emails. What should it matter that Microsoft receives a court order in the form of a warrant instead of a subpoena? Stay tuned.