CLOUD Act ends Microsoft's US data privacy dispute
DoJ and Redmond giant ask Supreme Court to dismiss Irish data centre case
A long-running court battle between Microsoft and the US government over data sovereignty appears to be drawing to a close, with both sides calling for the dismissal of the case in light of a new law.
The case, which has been ongoing since 2013, centres around a number of emails stored in Microsoft's Dublin data centre related to a criminal investigation into alleged drug trafficking. Redmond has repeatedly refused to comply with a warrant to hand over the emails to US law enforcement agencies, arguing that as the information is stored outside of the country it doesn't fall under the jurisdiction of American authorities.
Prosecutors in the case have countered by saying that because the data is held by an American entity - i.e. Microsoft - it falls under American jurisdiction, basing their arguments on the US Stored Communications Act from 1986.
Over the course of the past five years, the case has been fought all the way up to the US Supreme Court and attracted interventions and amicus briefs from the likes of Apple, Cisco, AT&T and, most recently, the European Union.
It now seems, however, that this bitterly fought battle is coming to an end - for now, at least.
The US Department of Justice (DoJ) has requested the case be dismissed, according to Reuters, with Microsoft backing the call, despite the two presenting arguments to the Supreme Court justices as recently as 27 February.
The reason for the about turn is a new piece of legislation signed into effect by US president Donald Trump on 22 March, which both sides say effectively resolves the dispute. The CLOUD (Clarifying Lawful Overseas Use of Data) Act states that US law enforcement agencies have the right to issue and enforce warrants relating to data held by American companies abroad, although there is also recourse to object if the order is in conflict with foreign laws.
In the filing, Microsoft's lawyers said: "Microsoft agrees with the government that there is no longer a live case or controversy between the parties with respect to the question presented."
While it may be the end of this particular case, this isn't necessarily the end of the story completely. The DoJ has acquired a new warrant for the data governed by the new law, which means there's still opportunity for Microsoft to object and, indeed, for the whole cycle to start again.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Security best practices for PostgreSQL
Securing data with PostgreSQLDownload now
Transform your MSP business into a money-making machine
Benefits and challenges of a recurring revenue modelDownload now
The care and feeding of cloud
How to support cloud infrastructure post-migrationWatch now