Four U.S. lawmakers are questioning a Department of Justice decision to appeal a July court decision quashing a search warrant that would have required Microsoft to disclose contents of emails stored on a server in Ireland.
But the four lawmakers, two Republicans and two Democrats, said the DOJ should be working instead with them on legislation that gives law enforcement agencies access to data on foreign servers in limited cases. The DOJ should instead help fine tune the International Communications Privacy Act (ICPA), introduced earlier this year, the four sponsors said in a Friday letter.
U.S. technology companies face a tough decision when receiving law-enforcement requests for data on servers in other countries, the letter said. They can either "comply with the demand and satisfy U.S. law and risk violating the privacy laws of the host country, or challenge U.S. law enforcement's request in order to comply with the laws of the host jurisdiction," the letter said. "No one should be placed in this untenable situation."
The appeals court suggested that legislative action is needed to revamp the "badly outdated," 30-year-old Electronic Communications Privacy Act that governs law enforcement access to electronic communications, the lawmakers noted.
"Federal judges have rightly concluded that current law does not provide U.S. law enforcement with authority to access data stored overseas," Senator Orrin Hatch, a Utah Republican and ICPA sponsor, said in a statement Sunday. "We can strengthen privacy and promote trust in U.S. technologies worldwide while enabling law enforcement to fulfill its important public safety mission."
Representatives of the DOJ and Bharara didn't immediately respond for comment on the letter.
The Microsoft case has raised questions about the authority of U.S. law enforcement agencies to investigate crimes by accessing data across international borders. The DOJ is seeking access to email records of a drug trafficking suspect tied to the notorious Silk Road website.
The suspect's email is stored on a Microsoft server in Ireland, and critics of the DOJ search warrant say the agency doesn't have the authority to compel companies to disclose information stored outside U.S. borders. If search warrants were enforceable across international borders, U.S. residents' data could be subject to search warrants from other countries, critics say.
But the DOJ argues that technology companies now have the ability to store customer data in many different locations, potentially allowing criminals to skirt domestic search warrants. Microsoft stores customer data in about 40 countries, with the data stored closest to the location reported by the customer, Bharara noted in his appeal.
"Microsoft makes no effort to verify the location reported by the customer," Bharara wrote in his appeal.
The International Communications Privacy Act would, in many cases, prohibit U.S. law enforcement agencies from searching data stored in other countries. Law enforcement agencies could gain access if they show the suspect is a U.S. resident, or if the U.S. has a law enforcement cooperative agreement with the host country.