Image from Shutterstock.com Privacy Security U.S. law can’t force American service providers to turn over foreign data: Court Howard Solomon @HowardITWC Published: July 15th, 2016Organizations worried about the ability of American law enforcement agencies to get at electronic data in foreign data centres have at least some temporary relief after a U.S. federal appeal court ruled the government can’t force Microsoft to turn over a customer’s email held in Ireland.In a decision released Thursday the court said a search warrant issued under the Stored Communications Act (SCA), which obliges U.S.-based service providers to hand over electronic records under certain circumstances, cannot apply to data held outside the United States and its territories.Neither the SCA, nor its sister legislation, the Electronic Communications Privacy Act, implicitly or explicitly envision the application of warrants overseas, the appeal court ruled.A lower court held Microsoft in contempt for refusing to obey the warrant following a long court fight that began in 2013 when the government sought email of a suspected narcotics dealer. Related Articles Microsoft loses email case, gets chance to appealLast month we told you of a U.S. court case to keep an eye on involving a government attempt to... August 7th, 2014 Howard Solomon @HowardITWC However, while the appeal court decision stands for now, the Obama administration could take the fight to the U.S. Supreme Court. And in an interview Halifax privacy lawyer David Fraser noted Congress could also amend the SCA to specifically say its warrants and subpoenas apply outside the U.S.The ruling “is one which with I am pleased,” said Fraser, who acts for a number of U.S. technology companies in Canada who intervened in the case. “This is a very important case for determining some very important questions for determining, at least in this case, how far the United States government can reach through the Internet but outside the territory of the United States to compel access to content. But in the big picture it also relates to an will likely have an effect on the extent can other countries do the same sort of thing.”He noted a growing number of privacy lawyers and professionals are watching this case, particularly after the revelations of former NSA contractor Edward Snowden on the electronic data gathering power of a number of countries, including Canada.Dalhousie University law professor Robert Currie, who studies how countries co-operate in fighting cybercrime, said the decision is good although doesn’t go far enough. While it suggests Congress could fix the SCA by explicitly saying warrants apply outside the U.S., “there is a hard rule against one country executing something like a search on the territory of another country.” Many countries have agreed to co-operate to fight sex crimes and terrorism, they don’t agree to honour U.S. search warrants for electronic data, he pointed out.As expected, Microsoft is pleased with the ruling. “The decision is important for three reasons: it ensures that people’s privacy rights are protected by the laws of their own countries; it helps ensure that the legal protections of the physical world apply in the digital domain; and it paves the way for better solutions to address both privacy and law enforcement needs,”chief legal officer Brad Smith said in a statement.Attempts by American law enforcement to use the SCA and the U.S. Patriot Act to get at foreign data have made organizations outside the U.S. sensitive about storing data locally. As a result a number of companies, including Microsoft and IBM, have built data centres here to assure Canadian customers their data isn’t being held in the U.S. Similarly other data centre owners have been expanding their Related Articles What are the enterprise benefits of Microsoft’s Canadian cloud?Microsoft Corp.’s opening of two data centres in Canada are expected to fuel an uptick in adoption of its cloud... May 26th, 2016 Gary Hilson @itworldca Ottawa worries about Patriot Act, tooWe have this funny love-hate relationship with the United States. On the one hand Canadian organizations fill their data centres... March 13th, 2014 Howard Solomon @HowardITWC Don’t use the Patriot Act as an excuseCanadians are cautious about using cloud computing services hosted in the United States due to concerns that data stored there becomes... July 5th, 2010 Jennifer Kavur @itworldca In its decision the appeal court said the focus of the SCA is on customer privacy and not the disclosure of customer information. However, it is important to note that the appeal court only dealt with the SCA’s reach of its search warrant provisions. The legislation also gives the courts the power to subpoena electronic data, and the U.S. Justice Department argued there is no difference between a warrant and a subpoena. The appeal court disagreed but said its decision only applies to warrants — but it also hinted its decision on limiting jurisdiction to only the U.S. would apply to a subpoena as well. Related Download Sponsor: Micro Focus How GDPR can be a strategic driver for your business Register Now Privacy, Security privacy, security strategies, U.S. government
