Microsoft Corp. v. United States: Do you know where your records are?

By Steve Youngman, VP Finance and Legal

An upcoming ruling by the US Supreme Court will shed some interesting light on the cloud and underscore the importance of knowing where your records are located and whose laws apply.

On February 27, attorneys for Microsoft and the United States will appear before the Supreme Court to argue the question of whether or not the US government can compel a US-based internet service provider to produce records stored exclusively outside of the US.

In December of 2013, the Southern District of New York issued a warrant under the Stored Communications Act (SCA) for the records of a particular named Microsoft email account. The warrant was served at Microsoft’s office in the US and Microsoft produced the account records that were stored in the US. However, the email content of the particular account was stored “on the cloud,” which in this case meant on servers located in Dublin, Ireland.

Microsoft made the decision to not produce the records, taking the position that the warrant did not have extra-territorial effect, and that the US would have to make a Mutual Legal Assistance Treaty request of Ireland to obtain the records.

At the original hearing and at the District Court, the government prevailed and Microsoft was found to be in contempt. However, the appellate court reversed the decision and found for Microsoft.

In February, the Supreme Court will rule on whether the warrant requires Microsoft to produce records within its control, regardless of their stored location, or if, because the records are located in Ireland, Irish law governs, and a Mutual Legal Assistance Treaty request is required.

The case raises the difficult question of what law governs records stored on the cloud. Is it the law of the originating country? Or is it the law of the country where the servers reside? Microsoft and others host huge quantities of data in many jurisdictions. The whereabouts of cloud-stored data is often out of the user’s control, giving the user no certainty as to what laws or courts apply to protect their records.

This uncertainty is one of the reasons why we do not store email records on the cloud at Hushmail. Our customers’ email records are stored on our servers located in Vancouver, Canada, and are governed by Canadian law.

We have multiple reasons for maintaining our own servers. One is the ability to protect our customers’ data from vulnerabilities such as Meltdown and Spectre as detailed in a recent blog post. Another is that it gives our customers the peace of mind knowing that their records are protected by Canadian law and the courts of Canada.

At Hushmail we are watching this case carefully. Microsoft Corp. v. United States promises to be notable in a time when we find it necessary to adapt old laws to new technology. Regardless of the ruling, our approach to the security of our customer’s personal information will always be in line with our greatest priority – providing safe, secure, private email.

Steve Youngman has been part of the Hushmail team since 2000. With degrees in Commerce and Law from the University of British Columbia, he is well suited to lead our finance, privacy, and legal departments. Steve has extensive experience providing business, tax, and legal advice to entrepreneurial clients.

Subscribe to our newsletter

Enter your email address in the box below to receive regular updates.