CLOUD Act ends Microsoft's US data privacy dispute

DoJ and Redmond giant ask Supreme Court to dismiss Irish data centre case

A long-running court battle between Microsoft and the US government over data sovereignty appears to be drawing to a close, with both sides calling for the dismissal of the case in light of a new law.

The case, which has been ongoing since 2013, centres around a number of emails stored in Microsoft's Dublin data centre related to a criminal investigation into alleged drug trafficking. Redmond has repeatedly refused to comply with a warrant to hand over the emails to US law enforcement agencies, arguing that as the information is stored outside of the country it doesn't fall under the jurisdiction of American authorities.

Prosecutors in the case have countered by saying that because the data is held by an American entity - i.e. Microsoft - it falls under American jurisdiction, basing their arguments on the US Stored Communications Act from 1986.

Over the course of the past five years, the case has been fought all the way up to the US Supreme Court and attracted interventions and amicus briefs from the likes of Apple, Cisco, AT&T and, most recently, the European Union.

It now seems, however, that this bitterly fought battle is coming to an end - for now, at least.

The US Department of Justice (DoJ) has requested the case be dismissed, according to Reuters, with Microsoft backing the call, despite the two presenting arguments to the Supreme Court justices as recently as 27 February.

The reason for the about turn is a new piece of legislation signed into effect by US president Donald Trump on 22 March, which both sides say effectively resolves the dispute. The CLOUD (Clarifying Lawful Overseas Use of Data) Act states that US law enforcement agencies have the right to issue and enforce warrants relating to data held by American companies abroad, although there is also recourse to object if the order is in conflict with foreign laws.

In the filing, Microsoft's lawyers said: "Microsoft agrees with the government that there is no longer a live case or controversy between the parties with respect to the question presented."

While it may be the end of this particular case, this isn't necessarily the end of the story completely. The DoJ has acquired a new warrant for the data governed by the new law, which means there's still opportunity for Microsoft to object and, indeed, for the whole cycle to start again.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Ubiquiti insider says the company downplayed the severity of a major breach
data breaches

Ubiquiti insider says the company downplayed the severity of a major breach

31 Mar 2021
Forex broker FBS leaves millions of customer records exposed
data breaches

Forex broker FBS leaves millions of customer records exposed

25 Mar 2021
Performance benchmark: PostgreSQL/ MongoDB
Whitepaper

Performance benchmark: PostgreSQL/ MongoDB

22 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Data belonging to 500 million LinkedIn users found for sale on hacker marketplace
hacking

Data belonging to 500 million LinkedIn users found for sale on hacker marketplace

8 Apr 2021