This article appeared on Inside Sources on April 29, 2015.
Like the mythical Hydra, the serpent-like creature of Greek lore known for regrowing two heads when one was cut off, threats to the freedom of the Internet appear to be growing quicker than they can be defeated. From the Federal Communications Commission power grab known as “net neutrality” to the Federal Election Commission’s threat to regulate political speech of blogs and websites, the government continues its efforts to gain control of the last vestige of free-flowing information and debate.
One of the more dangerous threats, coming straight from the bowels of the Department of Justice, is not as well known. Even in an age of government snooping and routine meta-data collecting, an attempt by Justice to grab jurisdiction over every byte of data stored on cloud computing systems has raised eyebrows in Washington, even among a group of members of Congress not exactly known as civil libertarians.
The issue originates from an investigation by Justice against an Irish citizen. Information sought as part of the investigation was stored on a cloud computing system owned by an Irish company and hosted entirely in Ireland. Were the information requested a piece of paper instead of a byte of data, the Justice Department would be forced by treaty obligation to request that the Irish government obtain a warrant on its behalf to obtain the information. Such requests among allies are commonplace and are not a significant hurdle if the case has merit.
Rather than make such a request, however, Justice subpoenaed Microsoft and demanded the company turn over the information on the basis that the Irish company is a Microsoft subsidiary. In an effort to protect the privacy rights of its users, Microsoft rightfully refused to comply and filed a lawsuit against the government.
Yet a federal District Court in New York ruled for the government, suggesting that because an American company wholly owns the Irish subsidiary, a simple domestic warrant is enough. Last July the 2nd Circuit Court of Appeals agreed, and in September Microsoft asked to be held in contempt of the court so it could progress to the Supreme Court.
The ramifications of these decisions are critical for privacy rights, jurisdictional limitations of government power, and the ability for American companies to compete abroad.
To serve customers in a nation such as Ireland, for instance, Microsoft or any other American company must comply with local privacy laws – laws that are likely to prohibit release of information on their citizens. If the U.S. government insists a company release such information under the jurisdiction of another nation without consulting with the citizen’s home government, it will force the company to violate the law in one country or the other.
It’s hard to imagine the United States similarly tolerating a foreign government compelling disclosure of information on U.S. citizens entirely through their own legal processes. Yet unless overturned by the Supreme Court, the Justice Department will be free to continue operating under the assumption that anything stored on cloud-based computer systems falls under its power.
Rather than roll the dice that nine people in black robes would correctly limit the reach of government and protect privacy rights, a bipartisan group of senators is attempting to pass legislation known as the Law Enforcement Access to Data Stored Abroad Act.
This act aims to prevent this extraordinary abuse of power by the Justice Department. The group led by Sens. Orrin Hatch, R-Utah, Dean Heller, R-Nev., and Chris Coons, D-Del., seeks to establish rules balancing the needs of law enforcement to obtain the contents of electronic communications with privacy protections for citizens in the digital age.
The legislation would protect the ability of U.S. companies to compete overseas by modernizing the Electronic Communications Privacy Act to recognize that domestic warrants are insufficient for compelling the disclosure of non-American customer content stored outside the United States.
It’s no secret that privacy rights have been under massive assault for the last six years under President Obama and former Attorney General Eric Holder. From threatening to indict reporters who refuse to release their sources to Justice seizing two months’ worth of phone records from Associated Press reporters, this administration is likely to go down in history with one of the worst records for domestic civil liberties. The effort to grab control of cloud computing systems is just the latest affront in a sad era for American constitutional liberties.