This seems like a silly question until you realize that it’s actually critical for determining jurisdiction. In other words, what court can order me to hand over cryptocurrency? What court can order me to pay taxes on that cryptocurrency? Where do I owe taxes on it? These are all important and open questions, and they apply to all intangible digital assets. Recently, the Second Circuit decided a case that many are watching as a bellwether for these issues.
In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corporation, 829 F.3d 197 (2d Cir. 2016) [Link] [Denial of En Banc Review]
Summary: Stored Communications Act authorizes government subpoenas for e-mail communications, but does not reach extraterritorial communications. E-mails stored on a Microsoft server in Ireland are located extraterritorially and beyond the reach of an SCA Warrant, even though a Microsoft employee could retrieve the e-mails from terminals in the United States.
Microsoft Corporation appeals from orders of the United States District Court for the Southern District of New York denying its motion to quash a warrant (“Warrant”) issued under § 2703 of the Stored Communications Act (“SCA” or the “Act”), 18 U.S.C. §§ 2701 et seq., and holding Microsoft in contempt of court for refusing to execute the Warrant on the government’s behalf. The Warrant directed Microsoft to seize and produce the contents of an e-mail account that it maintains for a customer who uses the company’s electronic communications services. . . .
Microsoft produced its customer’s non-content information to the government, as directed. That data was stored in the United States. But Microsoft ascertained that, to comply fully with the Warrant, it would need to access customer content that it stores and maintains in Ireland and to import that data into the United States for delivery to federal authorities. It declined to do so. Instead, it moved to quash the Warrant. The magistrate judge, affirmed by the District Court (Preska, C.J.), denied the motion to quash and, in due course, the District Court held Microsoft in civil contempt for its failure.
. . . .
One of Microsoft’s datacenters is located in Dublin, Ireland . . . . According to Microsoft, when its system automatically determines, “based on [the user’s] country code,” that storage for an e-mail account “should be migrated to the Dublin datacenter,” it transfers the data associated with the account to that location. . . .
. . . .
Microsoft asserts that, after the migration is complete, the “only way to access” user data stored in Dublin and associated with one of its customer’s web-based e-mail accounts is “from the Dublin datacenter.” Id. at 37. Although the assertion might be read to imply that a Microsoft employee must be physically present in Ireland to access the user data stored there, this is not so. Microsoftacknowledges that, by using a database management program that can be accessed at some of its offices in the United States, it can “collect” account data that is stored on any of its servers globally and bring that data into the United States. Id. at 39-40.
Issues, Holdings, and Discussion:
- Do the warrant provisions of the Stored Communications Act contemplate extraterritorial application? No:
We dispose of the first question with relative ease. The government conceded at oral argument that the warrant provisions of the SCA do not contemplate or permit extraterritorial application.
. . . .
When Congress intends a law to apply extraterritorially, it gives an “affirmative indication” of that intent. Morrison, 561 U.S. at 265, 130 S.Ct. 2869. . . . We see no such indication in the SCA.
. . . .
The government asserts that “[n]othing in the SCA’s text, structure, purpose, or legislative history indicates that compelled production of records is limited to those stored domestically.” Gov’t Br. at 26 (formatting altered and emphasis added). . . . We find this argument unpersuasive: It stands the presumption against extraterritoriality on its head. It further reads into the Act an extraterritorial awareness and intention that strike us as anachronistic, and for which we see, and the government points to, no textual or documentary support.
Congress’s use of the term of art “warrant” also emphasizes the domestic boundaries of the Act in these circumstances.
. . . .
The term is endowed with a legal lineage that is centuries old.
. . . .
As the term is used in the Constitution, a warrant is traditionally moored to privacy concepts applied within the territory of the United States: “What we know of the history of the drafting of the Fourth Amendment … suggests that its purpose was to restrict searches and seizures which might be conducted by the United States in domestic matters.” In re Terrorist Bombings of U.S. Embassies in East Africa, 552 F.3d 157, 169 (2d Cir. 2008) (alteration omitted and ellipses in original) (quoting United States v. Verdugo-Urquidez, 494 U.S. 259, 266, 110 S.Ct. 1056, 108 L.Ed.2d 222 (1990)). Indeed, “if U.S. judicial officers were to issue search warrants intended to have extraterritorial effect, such warrants would have dubious legal significance, if any, in a foreign nation.” Id. at 171. Accordingly, a warrant protects privacy in a distinctly territorial way.
2. By requiring Microsoft personnel in the United States to retrieve data located in a Dublin datacenter, would the warrant reach extraterritorially? Yes:
Because the content subject to the Warrant is located in, and would be seized from, the Dublin datacenter, the conduct that falls within the focus of the SCA would occur outside the United States, regardless of the customer’s location and regardless of Microsoft’s home in the United States. Cf. Riley v. California, ___ U.S. ___, 134 S.Ct. 2473, 2491, 189 L.Ed.2d 430 (2014) (noting privacy concern triggered by possibility that search of arrestee’s cell phone may inadvertently access data stored on the “cloud,” thus extending “well beyond papers and effects in the physical proximity” of the arrestee).
The magistrate judge suggested that the proposed execution of the Warrant is not extraterritorial because “an SCA Warrant does not criminalize conduct taking place in a foreign country; it does not involve the deployment of American law enforcement personnel abroad; it does not require even the physical presence of service provider employees at the location where data are stored…. [I]t places obligations only on the service provider to act within the United States.” In re Warrant, 15 F.Supp.3d at 475-76. . . . [T]he magistrate judge’s observations overlook the SCA’s formal recognition of the special role of the service provider vis-à-vis the content that its customers entrust to it. In that respect, Microsoft is unlike the defendant in Marc Rich and other subpoena recipients who are asked to turn over records in which only they have a protectable privacy interest.
The government voices concerns that, as the magistrate judge found, preventing SCA warrants from reaching data stored abroad would place a “substantial” burden on the government and would “seriously impede” law enforcement efforts. Id. at 474. The magistrate judge noted the ease with which a wrongdoer can mislead a service provider that has overseas storage facilities into storing content outside the United States. He further noted that the current process for obtaining foreign-stored data is cumbersome. That process is governed by a series of Mutual Legal Assistance Treaties (“MLATs”) between the United States and other countries, which allow signatory states to request one another’s assistance with ongoing criminal investigations, including issuance and execution of search warrants. See U.S. Dep’t of State, 7 Foreign Affairs Manual (FAM) § 962.1 (2013), available at fam.state.gov/FAM/07FAM/07FAM0960.html (last visited May 12, 2016) (discussing and listing MLATs). And he observed that, for countries with which it has not signed an MLAT, the United States has no formal tools with which to obtain assistance in conducting law enforcement searches abroad.
These practical considerations cannot, however, overcome the powerful clues in the text of the statute, its other aspects, legislative history, and use of the term of art “warrant,” all of which lead us to conclude that an SCA warrant may reach only data stored within United States boundaries. Our conclusion today also serves the interests of comity that, as the MLAT process reflects, ordinarily govern the conduct of cross-boundary criminal investigations. . . .
Thus, to enforce the Warrant, insofar as it directs Microsoft to seize the contents of its customer’s communications stored in Ireland, constitutes an unlawful extraterritorial application of the Act.