SALT LAKE CITY — While the U.S. Supreme Court heard oral arguments Tuesday in a case pitting the U.S. Department of Justice against software giant Microsoft over access to emails stored on a foreign data server, some Utah leaders have thrown their support behind new legislation that could ease the dilemma and create some legal clarity in the new world of cloud-based digital services.
The Microsoft case pivots around the company's refusal, based on customer privacy obligations, to comply with a search warrant that called for email records of a suspect in a criminal investigation. In this instance, the email records are stored on a Microsoft-owned server in Ireland and the company's contention is that the U.S.-based warrant does not legally extend outside the country.
The justice department argues the warrant, issued in Redmond, Washington, applies to the controller of the information, regardless of where the data is stored. The most recent federal rules governing warrant-based access to documents and/or information stored in a foreign location were made in the pre-internet mid-’80s.
Justice Sonia Sotomayor, in an exchange with Department of Justice attorney Michael Dreeben, noted the difficulty in applying the current rules to a digital landscape that could not have been anticipated three decades ago.
"This is a 1986 statute," Sotomayor said. "The reality in 1986, if you look at the statute and its reference to stored records, to stored communications, was — it's a past technology, old concept.
"But what you're asking us to do is to imagine what Congress would have done or intended in a totally different situation today."
While the United States v. Microsoft case has been on a five-year journey to the Supreme Court, numerous other cases with similar legal murkiness have piled up, with lower courts waiting to make a move until the matter is adjudicated by the nation's highest court.
Utah Sen. Orrin Hatch was present for Tuesday's oral arguments in the court's D.C. chambers and he was there for a reason.
Recognizing the critical need for congressional action on the legal matters currently before the Supreme Court, Hatch is sponsoring a new piece of legislation, the Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, to help update rules to accommodate access issues amid the new realm of digitized records and a global cloud storage network.
Hatch said his bill — co-sponsored by Sen. Christopher Coons, D-Delaware, Sen. Lindsey Graham, R-South Carolina, and Sen. Sheldon Whitehouse, D-Rhode Island — would bring the rules up to date and accommodate cross-border, warrant-driven data access via international agreements that would help bridge the gap between the work of law enforcement agencies and the legal obligations tech companies have to clients and customers. He said it would do so without creating international incidents or inadvertently allowing for reciprocal actions targeting U.S. residents.
"To help law enforcement, the bill creates incentives for bilateral agreements — like the pending agreement between the U.S. and the U.K. — to enable investigators to seek data stored in other countries," Hatch said. "The bill sets forth strict privacy, human rights, and rule of law standards that countries that enter into such agreements must meet.
"To help technology companies, the CLOUD Act gives companies the ability to protect their customers’ data and to resolve conflicts of law if and when they arise. In particular, the bill allows tech companies to notify foreign governments when a request for data involves one of their residents and to initiate a legal challenge when necessary."
Utah Attorney General Sean Reyes has also weighed in in support of the CLOUD effort and noted, in an op-ed he wrote for The Hill, that the new legislation would help establish appropriate protections for U.S. residents and companies, while helping law enforcement in their efforts to prosecute criminal activities.
"Digital privacy advocates argue that allowing the U.S. government to seize the data of foreign nationals who use American tech companies to store their data undermines long-standing cooperation agreements among law enforcement agencies worldwide," Reyes wrote. "I have grave concerns that such actions would open the door to foreign governments doing the same to American citizens, demanding access to data centers in the U.S. or seizing such data without following treaty requirements."
Reyes has also rallied his colleagues in the National Association of Attorneys General in a bipartisan effort that so far includes himself and 35 other state attorneys general who have signed a letter to congressional leaders urging them to support the CLOUD Act.
The CLOUD Act legislative effort was referenced repeatedly by several of the court justices during Tuesday's proceedings, and Microsoft attorney Josh Rosenkranz underscored, in his closing comments, the need for congressional action on the matter.
"These are all questions that only Congress can answer," Rosenkranz said. "And if you try to tinker with this, without the tools that … only Congress has, you are as likely to break the cloud as you are to fix it."