Members of Congress praised a ruling by the U.S. Court of Appeals for the Second Circuit on Thursday affirming that the U.S. government does not have authority to serve search warrants unilaterally on electronic communications held abroad. The members, Senators Orrin G. Hatch (R-Utah) and Chris Coons (D-Del.) and Representatives Tom Marino (R-Pa.) and Suzan DelBene (D-Wash.), noted that the ruling in Microsoft v. United States was a pivotal moment for protecting Americans’ privacy rights and urged the passage of their bill, the International Communications Privacy Act (ICPA), which establishes a legal framework for law enforcement to obtain electronic communications, no matter where the person or the communications are located.
Senator Hatch said: “Today’s decision confirms that current law does not provide U.S. law enforcement with authority to access data stored overseas. ICPA provides this authority by establishing a legal standard for accessing electronic communications around the world. Our bill will strengthen privacy and promote trust in U.S. technologies worldwide while still enabling law enforcement to fulfill its important public safety mission. The court’s decision removes any excuse for Congress to delay passage of this legislation.”
Senator Coons said: “Today’s Second Circuit decision in Microsoft v. U.S. demonstrates why it is essential that Congress take action to establish clear procedures for U.S. law enforcement to use when seeking data stored overseas. The International Communications Privacy Act, a bipartisan bill that I’m proud to support, does just that. Just as law enforcement agencies should be required to get a warrant before accessing the content of Americans’ communications within our borders, processes for accessing content located abroad should also comply with the law. This common-sense bill will protect our data across borders, and encourage fair treatment by our international partners.”
Representative Marino said: “Our current electronic communications laws fail to address the advancements in technology over the last 30 years. When ECPA was enacted, cloud storage wasn’t even an idea. Today, U.S. companies work on a global scale and house information on servers all across the world. It is Congress’ job to recognize these lapses and update our laws to reflect the issues of the day. Today’s ruling clearly calls for Congress to act. New legislation is necessary to clarify when companies within the United States must turn over electronic communication to law enforcement agencies when stored abroad. This will not only provide swift access to information for law enforcement when appropriate, but will better protect customers’ privacy. Recognizing the discrepancy in the law is an important first step, but acting to fix the problem is critical. I will continue to work with my colleagues in Congress to address this issue and bring our laws into the 21st century.”
Representative DelBene said: “Our electronic communications laws never contemplated this era of cloud storage, where U.S. companies are maintaining servers abroad and providing web-based services to customers worldwide. It is the job of Congress to bring the law up to date where clear gaps exist. U.S. companies and consumers need clarity on when and how they are obligated to turn over electronic communications to U.S. law enforcement if that information is stored abroad. Cloud computing holds immeasurable promise as a source of jobs and economic growth in the United States. But the foundation of the cloud is based on trust, and U.S. companies can’t be world leaders if customers question whether their data is protected. Today’s decision is a great step in the right direction, and yet another sign that Congress should act swiftly to enact a solution. I look forward to continuing to work with our colleagues to build on that progress.”
In December 2013, a New York district judge issued a warrant compelling Microsoft to produce emails of an account hosted on a server in Ireland, which Microsoft refused. Microsoft argued that the U.S. government should make its request to Irish authorities under the Mutual Legal Assistance Treaty (MLAT) adopted by the two countries in 2001. The Department of Justice argued that since Microsoft is a U.S.-based company, it did not need to go through the MLAT process.
Background
The International Communications Privacy Act:
- Requires law enforcement agencies to obtain a warrant for all content. Under ICPA, law enforcement may only obtain the content of electronic communications stored with electronic communication service providers and remote computing service providers pursuant to a warrant.
- Creates a clear legal framework authorizing law enforcement to obtain the electronic communications of U.S. persons, regardless of where those communications are located. It also allows law enforcement to obtain electronic communications relating to foreign nationals in certain circumstances.
- Reforms the Mutual Legal Assistance Treaty (MLAT) process by providing greater accessibility, transparency, and accountability. ICPA requires the Attorney General to create an online docketing system for MLAT requests and to publish new statistics on the number of such requests.
Establishes a sense of Congress that data providers should not be subject to data localization requirements. Such requirements are incompatible with the borderless nature of the Internet, an impediment to online innovation, and unnecessary to meet the needs of law enforcement.
