Last week, the U.S.government issued new guidance regarding when and how federal law enforcement
may deploy cell phone site simulators (i.e. stingray technology) that collect consumer
mobile phone/digital device data. In general, the U.S. Department
of Justice (DOJ) will now require federal officials obtain a warrant to deploy
these technologies and utilize the data collected. This change in policy signals that the U.S.
government is beginning to understand that it must create reasonable rules and
procedures regarding the collection and usage of digital evidence that adheres to the principles of the Fourth Amendment.
While the federal government has changed its policy regarding the
use of cell site simulators, I am perplexed that it hasn’t changed its position
about some other digital data privacy issues. For example, in
a New York City federal appeals courtroom later this week the DOJ will be
squaring off against Microsoft in a matter about digital privacy law that has tremendous international
ramifications. In short, the federal
government wants to be able to require U.S. based companies to turn over digital
data that is held in foreign based servers without being required to follow the
evidence collection laws of the countries where the data is located. This position is very troubling and goes
against well-established national and international law regarding the
collection and usage of evidence.
In general, to obtain physical evidence law enforcement must
follow the laws of the jurisdiction where it is located. In some circumstances jurisdiction occurs by citizenship. However, here the data is located outside the U.S. and the user (DOJ target) doesn't appear to be American. Under these facts, I question the DOJ's theory as to why it has the legal authority to obtain the requested information without the cooperation of the government of Ireland.
The DOJ is arguing that data stored in digital clouds should be treated differently than evidence stored in physical filing cabinets. Interestingly, the DOJ has so far won its flawed argument in federal court so Microsoft has taken its fight to the federal second circuit court of appeals.
The DOJ is arguing that data stored in digital clouds should be treated differently than evidence stored in physical filing cabinets. Interestingly, the DOJ has so far won its flawed argument in federal court so Microsoft has taken its fight to the federal second circuit court of appeals.
Multiple academics (i.e. here
and here)
have previously written about this case (and
so have I) because it sounds like a law school final exam. For non-lawyers this means that the law is
not clear on how to handle this specific situation.
If general jurisprudence on how to handle physical evidence is followed,
the DOJ would be required to contact law enforcement agencies in the country
(in this case it is Ireland) where the digital data is located. However, since this is technology, and the
information requested is stored in the cloud the courts are grappling with how
to handle these issues.
DOJ is claiming (among other things) that since Microsoft (i.e.
or other technology providers) has legal control over its servers in Ireland it should be required to turn over the data requested
without going through the legal process in Ireland. With this
same argument, a foreign government could in turn claim that it doesn’t have to
follow U.S. law when demanding access to U.S. consumer digital data located in
the U.S. if the server provider has operations in that foreign country.
If the DOJ wins its legal argument, in addition to foreign
governments making the same access demands to digital accounts
located in the U.S., a win may also encourage U.S. tech companies to change the
legal structure of their foreign subsidiaries to be able to legitimately claim
that they do not have the authority to access and/or turn over customer data located
in a foreign country. This may lead to
many high paying jobs being transferred from the U.S. to other countries to
oversee the operations of these new legal entities.
Amicus briefs from not only other technology companies, but also from civil rights groups, academic scholars, and privacy advocates supporting Microsoft's position demonstrate that this case is more than just about protecting the bottom line of the U.S. cloud industry. This case goes to the heart of the proper way to handle unique digital
law and public policy issues. Whether
its through the federal courts, or via congressional action such as the Law
Enforcement Access To Data Stored Abroad (LEADS)
Act, or other similar legislation, the U.S. must set an example and take a
leadership role on how to properly balance lawful access with personal privacy.
Regardless of the outcome of this case, it is imperative that a broad international discussion occur on how to handle this and similar burgeoning digital law and public policy issues.
Regardless of the outcome of this case, it is imperative that a broad international discussion occur on how to handle this and similar burgeoning digital law and public policy issues.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
