On Tuesday, February 27, 2018, the United States Supreme Court will hear oral argument in the case of tech-giant Microsoft Corporation, which has refused to hand over to the Federal Bureau of Investigation (FBI) information stored on foreign servers by Microsoft’s client and the target of the FBI’s investigation. The FBI sought the information through search warrants that were issued in the United States and which the FBI believes entitles it to information stored outside of the U.S. Microsoft, however, has refused to comply with the search warrant because of client privacy concerns and issues that would arise as a result of foreign laws’ privacy requirements as they pertain to data stored in the cloud. Now, the Supreme Court will need to decide how far a U.S. search warrant can reach when data is stored in a foreign country, the data is governed by that country’s laws, and company storing the data is based in the U.S.
The Microsoft case will likely have far-reaching consequences due to the ever-growing presence of cloud storage solutions. Before the Microsoft case, challenges to search warrants were not uncommon, but the situation presented in the Microsoft case is. Prior to the creation of cloud storage, which permits individuals to remotely store digital information anywhere in the world, most people had to physically travel to a particular place to store something. And, prior to the digitization of information, tangible things were stored in physical locations with clearly definable territorial boundaries. Thus, figuring out what laws applied to the stored information or items usually required figuring out what laws controlled the area where the items were stored.
Today, cloud storage and other technological advances blur the lines between geographical boundaries and create confusion as to which sovereign’s laws apply to a particular situation. This is particularly true in the Microsoft case: Microsoft is a multi-national company that has offices around the world, has storage centers for its cloud network around the world, but is still incorporated and based out of the United States. The FBI, on the other hand, is a U.S. government organization whose power to enforce the laws only extends as far as the territorial limits of the U.S. Then, there is the added layer of unknown information about the target of the FBI’s investigation. It is unknown whether the target of the investigation is a U.S. citizen, whether that individual has ever stepped foot in the United States, or whether he has any actual ties to the United States beyond using Microsoft’s services. Finally, the information itself is wholly stored in Ireland, and there is no indication that the information itself has traveled through the U.S. in any form. The only thing that apparently ties the information to the U.S. is Microsoft’s involvement in storing the data. The big question then becomes whether Microsoft’s close ties to the U.S. make it susceptible to comply with search warrants issued in the U.S. regardless of where Microsoft stores information for its various clients.
In deciding whether Microsoft must turn over the information to the FBI to further its investigation, the Supreme Court will likely balance all of the foregoing factors and possibly look to other issues. How the Supreme Court decides these issues will no doubt change individuals’ expectations of privacy in information stored in cloud servers, the privacy policies that cloud-providers create, and possibly the manner in which cloud storage works. Thus, this decision on search warrants and their scope may have huge consequences on how future investigations are conducted and what information is turned over by tech companies. While oral arguments will take place in February, the Supreme Court will issue its final decision on these issues sometime around June 2018. Check back for an update then.