With less than a week before the Second Circuit considers the dispute between Microsoft and the government over emails stored in Ireland (an issue I have blogged about here, here, and here), I thought it worth responding to Orin Kerr’s novel suggestions as to how to understand the case. Over at the Washington Post, Kerr explains why both parties have the analysis all wrong. He then suggests that, under the (erroneous) theory being pursued, the government ought to win. I disagree with both points.
First, the framing. Both parties — as well as the district court and magistrate judge — have assumed the case is about the Stored Communications Act (SCA). Does the SCA, or does it not, authorize the government to compel Microsoft to produce data located overseas? Microsoft says no. The warrant authority extends to the territorial boundaries of the United States; the data is located extraterritorially, and therefore the government does not have the authority to compel. The government counters that the SCA turns on the location of the provider, not the data. Because Microsoft is located territorially and can access the data without ever leaving the United States, this ought to be understood as a territorial search and the warrant is therefore valid. To date, the courts have sided with the government.
In comes Kerr. Wait, he says, this dispute isn’t about the SCA after all. The SCA, according to Kerr, merely specifies that the government needs a warrant to compel disclosure of content data; it does not actually compel the company to produce the data. It is the warrant, not the SCA, that does the compulsory work. And parties should therefore be looking to the terms of the warrant, as opposed to the SCA, to determine what Microsoft does and doesn’t have to do.
But this argument, while clever, flies in the face of long-standing assumptions about how the SCA works. And for good reason. Without the SCA, there would be no authority to issue the kind of warrant at issue in the Microsoft case—directing a third party to do something, and to do so outside a law enforcement official’s presence. Moreover, the SCA talks in terms of “require[d] disclosure.” It specifies that the government “may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication . . .pursuant to a warrant issued using the procedures described by the Federal Rules of Criminal Procedure.” In presuming an authority to require, it assumes an obligation to comply.
Somewhat surprisingly, Kerr also suggests that Microsoft wins under his novel approach. According to Kerr, the warrant is directed at the government and doesn’t actually compel Microsoft to do anything. But Kerr seems to have overlooked Attachment C of the warrant, which explicitly tells Microsoft that it is “required to disclose” the specified data. In fact, the district court issued a contempt order based on Microsoft’s failure to do so.
Second, the merits. Kerr next turns his attention to the issue that is actually briefed by the parties—the one on which the case turns. Is this or is this not an extraterritorial application of the SCA? Nothing in either the terms of the statute or legislative history squarely answer that question. Thus, as Kerr rightly points out, the answer turns in large part on what one determines to be the focus of constitutional concern.
But here Kerr simply assumes away the answer to the key question in the case. As he puts it, “if you assume that § 2703(a) imposes a burden on providers to gather evidence in response to a warrant, then the focus of congressional concern is on the providers doing the gathering.”
This, however, is hardly the only conclusion that could be drawn. One could conclude (as one should) that the statute imposes a burden on providers, yet also think that the focus of congressional concern is something other than the providers—namely the underlying privacy interests at stake. The legislative history is, after all, replete with references to the need to “ensure the continued vitality of the Fourth Amendment;” “protect privacy interests,” and “strike a fair balance between the privacy interests of citizen and the legitimate needs of law enforcement needs.” In fact, Kerr himself notes that “the point of the SCA was mostly to provide for privacy protections where the Fourth Amendment did not.” The regulation of providers is thus a means of protecting the key underlying interest—the privacy of data.
Based on this understanding, the focus is on the data. And then Microsoft’s argument becomes somehow a whole lot more viable.
Kerr also ends with a discussion of the practical considerations at stake. But while I share some of Kerr’s concerns, he presents only one side of the issues. As I have written elsewhere and expand upon in a forthcoming post, both Microsoft’s approach and the government’s approach yield a range of potentially damaging policy consequences. No matter who wins, there will be a pressing need for congressional, executive, and international engagement. This case, whatever the outcome, should not be the last word.