NEW YORK (Reuters) - Microsoft Corp (MSFT.O) must turn over a customer’s emails stored in a data center in Ireland to the U.S. government, a U.S. judge ruled on Thursday in a case that has drawn concern from privacy groups and major technology companies.
Microsoft and other U.S. companies had challenged a criminal search warrant for the emails, arguing federal prosecutors cannot seize customer information held in foreign countries.
But following a two-hour court hearing in New York, U.S. District Judge Loretta Preska said the warrant lawfully required the company to hand over any data it controlled, regardless of where it was stored.
“It is a question of control, not a question of the location of that information,” Preska said.
The judge said she would temporarily suspend her order from taking effect to allow Microsoft to appeal to the 2nd U.S. Circuit Court of Appeals.
The case appears to be the first in which a corporation has challenged a U.S. search warrant seeking data held abroad.
It comes amid a debate over privacy and technology that erupted last year when former U.S. National Security Agency contractor Edward Snowden revealed the government’s efforts to collect huge amounts of consumer data around the world.
AT&T Inc (T.N), Apple Inc (AAPL.O), Cisco Systems Inc (CSCO.O) and Verizon Communications Inc (VZ.N) all submitted court briefs in support of Microsoft, along with the privacy group Electronic Frontier Foundation.
The companies are worried they could lose billions of dollars in revenue to foreign competitors if customers fear their data is subject to seizure by U.S. investigators anywhere in the world.
In a statement, Microsoft’s general counsel, Brad Smith, said the company would appeal.
“The only issue that was certain this morning was that the district court’s decision would not represent the final step in this process,” he said.
Thursday’s ruling concerned a warrant New York prosecutors served on Microsoft for an individual’s emails stored in Dublin, Ireland. A magistrate judge in April ruled the warrant was valid.
It is unclear what type of investigation led to the warrant, which remains under seal.
U.S. companies say they have been hurt by fears about government intrusion: companies such as Cisco, Qualcomm Inc (QCOM.O), International Business Machines Corp (IBM.N), Microsoft, and Hewlett-Packard Co (HPQ.N) reported declines in China sales since the Snowden leaks.
European telecom carriers such as Orange (ORAN.PA) and Deutsche Telekom (DTEGn.DE) started pitching local data storage soon afterward, and companies from start-up Silent Circle to software giant SAP SE (SAPG.DE) have also sought to capitalize.
In August last year, the Information Technology and Innovation Foundation estimated the Snowden revelations could cost the American cloud computing industry $22 billion to $35 billion over the next three years.
U.S. judges are grappling with privacy concerns over personal data. The U.S. Supreme Court in June ruled that police officers almost always need a warrant to search an arrested suspect’s cellphone, noting the enormous wealth of data on mobile devices. [ID:nL2N0P60TR]
Several magistrate judges across the country also have been divided on whether prosecutors can use search warrants to seize emails from providers. [ID:nL2N0PT1VJ]
Craig Newman, a lawyer who follows privacy legal issues and attended Thursday’s hearing, said the issue was far from settled.
“One thing we can say is that traditional notions of search and seizure and fourth amendment law don’t fit comfortably in the digital world,” said Newman, who is not involved in the case.
Joshua Rosenkranz, a lawyer for Microsoft, said in court that the law does not permit warrants to be executed overseas and called the request a bid for “extraordinary power.”
But Serrin Turner, a prosecutor from the office of Manhattan U.S. Attorney Preet Bharara, said the warrant did not involve a search in Ireland but simply required Microsoft to provide documents it controls.
“It makes no sense for Congress to make the government go on a wild-goose chase ... when the provider is sitting here in this country and can access the data at the touch of a button,” he said.
And Preska pointed out that U.S. banks have long been required to provide records in response to subpoenas, even when stored overseas.
Rosenkranz raised the specter of foreign governments turning the tables and seeking U.S.-based data via warrants issued in their own countries, which he said would be an “astounding” violation of our sovereignty.
Preska acknowledged that such a scenario was “pretty scary” but said she could not consider the potential actions of other governments when interpreting the law.
Reporting by Joseph Ax in New York; Additional reporting by Bill Rigby in Seattle and Leila Abboud in Paris; Editing by Grant McCool and Mohammad Zargham