Microsoft also argued that to obtain data stored abroad, the U.S. government should turn to mutual legal assistance treaties, or MLATs. The U.S. has MLATs, which are separate from the Safe Harbor accord, with Ireland and the EU. In addition to the Privacy Shield agreement, Microsoft has cited the broad new General Data Protection Regulation, due to go into effect in 2018, to support its claim that the U.S. government should use inter-governmental agreements rather than a warrant to require technology companies to turn over data stored in the EU that are required for an investigation.
The government countered that the location of records is irrelevant under the Stored Communications Act, which was passed as part of the 1986 Electronic Communications Privacy Act and was the law on which the court relied to issue the warrant. If territorial restrictions applied to SCA warrants it would be very easy for criminals to evade investigations, the government said.
Otherwise, relying on MLATs would dramatically slow down and undercut investigations, the government said. The MLAT process is subject to national laws, can be lengthy and a country can deny assistance to a nation with which it has a treaty for a variety of political, security or other reasons.
In April 2014, Judge Francis sided with the government, saying that the order to produce the emails stored in Ireland was "not a conventional warrant; rather, the order is a hybrid: part search warrant and part subpoena." It is obtained like a warrant, with a judge finding probable cause that the records requested would provide evidence of a crime, but it is executed like a subpoena, since it is served directly on the company and does not involve federal agents seizing and searching company servers.
"It has long been the law that a subpoena requires the recipient to produce information in its possession . . . regardless of the location of that information," Francis wrote.
Francis also said the "search" would take place only when the emails were opened and read, and that would be in the U.S.
However, in the appeals court decision, Judge Carney rejected these arguments: "When, in 1986, Congress passed the Stored Communications Act as part of the broader Electronic Communications Privacy Act, its aim was to protect user privacy in the context of new technology that required a user's interaction with a service provider. Neither explicitly nor implicitly does the statute envision the applications of its warrant provisions overseas."
This is the second time Microsoft has appealed a decision against it in the case. The company appealed Francis' ruling but in July 2014, District Court Judge Loretta Preska, also of the Southern District of New York, rejected the company's appeal. Preska ruled that Microsoft would not have to turn over the emails while it filed another appeal, this time to the U.S. Court of Appeals for the Second Circuit.
Sign up for MIS Asia eNewsletters.