Last week, the United States Court of Appeals for the Second Circuit heard arguments in Microsoft’s litigation with the U.S. government over data stored in its Ireland data center. Cisco joined together with Verizon, HP, eBay, salesforce, and Infor to file an amicus (friend of the court) brief in support of Microsoft’s position. The Government of Ireland along with Apple, the ACLU, the Electronic Frontier Foundation, Fox News, and NPR also supported Microsoft’s argument.
The case turns on whether or not the U.S. government can serve a warrant at a location in the United States demanding access to data stored abroad. (The specific facts involve a warrant for the contents of a Hotmail account hosted in Ireland sought as part of a narcotics investigation).
The case is important to Cisco because it demonstrates our commitment to protecting European data privacy.
Here we are supporting the notion that Europeans who store data within their own region can rightfully claim the protections of their own laws against foreign (in this case U.S.) government demands for access.
The brief Cisco joined makes four arguments:
- There is a presumption against giving U.S. laws extraterritorial reach where Congress hasn’t explicitly expressed that intention or where the law would create significant conflicts of law with other countries. (Both are true here).
- Allowing the U.S. government to compel data from foreign storage locations would put U.S. providers in a bind—potentially subjecting them to civil and criminal liability abroad for complying with U.S. law.
- The U.S. government view would ignore Mutual Legal Assistance Treaties (MLAT) treaties, infringe on the sovereignty of Ireland, and empower foreign governments to compel access to data owned by American citizens and businesses.
- Even if the law allows the U.S. government to reach data in the possession and control of companies doing business in the United States, it should not reach data owned by Europeans who happen to be customers of such providers.
Important updates to U.S. laws that limit governmental access to electronic communications in criminal cases are needed. We are optimistic that a combination of decisions by U.S. courts and action by Congress can help create a modernized framework for protecting privacy and managing cross-border governmental data demands. We support codifying Electronic Communications Privacy Act (ECPA) reform so that U.S. law explicitly requires warrants for content stored in the cloud. Cisco also supports of a proposed legislative fix offered by U.S. Senators Hatch (R-UT), Heller (R-NV), and Coons (D-DE) called the LEADS Act, which would limit the reach of ECPA warrants obtained by U.S. law enforcement and update the MLAT process. These changes will allow governments to seek information necessary to investigate and prosecute crimes in an efficient manner without violating reasonable expectations of privacy—or trapping providers between competing legal requirements.