Which Microsoft Users Gain Enhanced Protection Under US Laws?

CONCLUSION (I)

An undercurrent running through Microsoft’s and several of its amici’s briefing is the suggestion that this case involves a government threat to individual privacy. I do not believe that that is a fair characterization of the stakes in this dispute. To uphold the warrant here would not undermine basic values of privacy as defined in the Fourth Amendment and in the libertarian traditions of this country.

As the majority correctly points out, the SCA presents a tiered set of requirements for government access to electronic communications and information relating to them. Although Congress adopted the Act in order to provide some privacy protections to such communications, see H.R. Rep. No. 99-647, at 21–23 (1986); S. Rep. No. 99-541, at 3 (1986), those requirements are in many ways less protective of privacy than many might think appropriate. See, e.g., United States v. Warshak, 631 F.3d 266, 288 (6th Cir. 2010) (holding that the SCA violates the Fourth Amendment to the extent that it allows government agents to obtain the contents of emails without a warrant);[1] Orin S. Kerr, A User’s Guide to the Stored Communications Act, and a Legislator’s Guide to Amending It, 72 Geo. Wash. L. Rev. 1208, 1214 (2004) (emphasizing that “[t]he SCA is not a catch-all statute designed to protect the privacy of stored Internet communications” and that “there are many problems of Internet privacy that the SCA does not address”). But this case does not require us to address those arguable defects in the statute. That is because in this case, the government complied with the most restrictive privacy-protecting requirements of the Act. Those requirements are consistent with the highest level of protection ordinarily required by the Fourth Amendment for the issuance of search warrants: a demonstration by the government to an independent judicial officer that evidence presented on oath justifies the conclusion that there is probable cause to believe that a crime has been committed, and that evidence of such crime can be found in the communications sought by the government.

That point bears significant emphasis. In this case, the government proved to the satisfaction of a judge that a reasonable person would believe that the records sought contained evidence of a crime. That is the showing that the framers of our Bill of Rights believed was sufficient to support the issuance of search warrants. U.S. Const. amend. IV (“[N]o Warrants shall issue, but upon probable cause . . . .”). In other words, in the ordinary domestic law enforcement context, if the government had made an equivalent showing that evidence of a crime could be found in a citizen’s home, that showing would permit a judge to authorize law enforcement agents to forcibly enter that home and search every area of the home to locate the evidence in question, and even (if documentary or electronic evidence was sought) to rummage through file cabinets and to seize and examine the hard drives of computers or other electronic devices. That is because the Constitution protects “[t]he right of the people to be secure in their persons, houses, papers and effects” not absolutely, but only “against unreasonable searches and seizures,” id. (emphasis added), and strikes the balance between the protection of privacy and the needs of law enforcement by requiring, in most cases, a warrant supported by a judicial finding of probable cause before the most intrusive of searches can take place. See, e.g., Riley v. California, 134 S. Ct. 2473, 2482 (2014).

Congress, of course, is free to impose even stricter requirements on specific types of searches – and it has occasionally done so, for example in connection with the real-time interception of communications (as in wiretapping and electronic eavesdropping). See 18 U.S.C. § 2518(3)(a) (permitting the approval of wiretap applications only in connection with investigations of certain enumerated crimes); id. § 2518(3)(c) (requiring that a judge find that “normal investigative procedures have been tried and have failed or reasonably appear to be unlikely to succeed if tried or to be too dangerous” before a wiretap application can be approved). But it has not done so for permitting government access to any category of stored electronic communications, and Microsoft does not challenge the constitutional adequacy of the protections provided by the Act to those communications. Put another way, Microsoft does not argue here that, if the emails sought by the government were stored on a server at its headquarters in Redmond, Washington, there would be any constitutional obstacle to the government’s acquiring them by the same means that it used in this case. Indeed, as explained above, the showing made by the government would support a warrant that permitted agents to forcibly enter those headquarters and seize the server itself.

I emphasize these points to clarify that Microsoft’s argument is not that the government does not have sufficiently solid information, and sufficiently important interests, to justify invading the privacy of the customer whose emails are sought and acquiring records of the contents of those emails. Microsoft does not ask the Court to create, as a matter of constitutional law, stricter safeguards on the protection of those emails – and the Court does not do so. Rather, the sole issue involved is whether Microsoft can thwart the government’s otherwise justified demand for the emails at issue by the simple expedient of choosing – in its own discretion – to store them on a server in another country.

That discretion raises another point about privacy. Under Microsoft’s and the Court’s interpretation of the SCA, the privacy of Microsoft’s customers’ emails is dependent not on the traditional constitutional safeguard of private communications – judicial oversight of the government’s conduct of criminal investigations – but rather on the business decisions of a private corporation. The contract between Microsoft and its customers does not limit the company’s freedom to store its customers’ emails wherever it chooses, and if Microsoft chooses, for whatever reasons of profit or cost control, to repatriate the emails at issue here to a server in United States, there will be no obstacle to the government’s obtaining them. As the Court points out, Microsoft does in fact choose to locate the records of anyone who says that he or she resides in the United States on domestic servers. It is only foreign customers, and those Americans who say that they reside abroad, who gain any enhanced protection from the Court’s holding. And that protection is not merely enhanced, it is absolute: the government can never obtain a warrant that would require Microsoft to turn over those emails, however certain it may be that they contain evidence of criminal activity, and even if that criminal activity is a terrorist plot.[2] Or to be more precise, the customer’s privacy in that case is absolute as against the government; her privacy is protected against Microsoft only to the extent defined by the terms of her (adhesion) contract with the company.

Reasonable people might conclude that extremely stringent safeguards ought to apply to government investigators’ acquisition of the contents of private email communications, and that the provisions of the SCA, as applied domestically, should be enhanced to provide even greater privacy, at an even higher cost to criminal investigations. Other reasonable people might conclude that, at least in some cases, investigators should have freer access to stored communications. It is the traditional task of Congress, in enacting legislation, and of the courts, in interpreting the Fourth Amendment, to strike a balance between privacy interests and law enforcement needs. But neither privacy interests nor the needs of law enforcement vary depending on whether a private company chooses to store records here or abroad – particularly when the “records” are electronic zeros and ones that can be moved around the world in seconds, and will be so moved whenever it suits the convenience or commercial purposes of the company. The issue facing the Court, then, is not actually about the need to enhance privacy protections for information that Americans choose to store in the “cloud.”

[1] In the wake of Warshak, it has apparently been the policy of the Department of Justice since 2013 always to use warrants to require the disclosure of the contents of emails under the SCA, even when the statute permits lesser process. H.R. Rep. No. 114-528, at 9 (2016).

[2] Although the Court does not reach the question, its opinion strongly suggests that that protection is absolute in the further sense that it applies also to less-protected categories of information otherwise reachable by the SCA’s other disclosure-compelling instruments – subpoenas and court orders. If, as the Court holds, the “focus” of the SCA is privacy, and the relevant territorial locus of the privacy interest is where the customer’s protected content is stored, see Majority Op. at 39, the use of the SCA to compel the disclosure of any email-related records stored abroad is impermissibly extraterritorial, regardless of the category of information or disclosure order.