A US judge has ruled that a government search warrant will require American companies providing internet, email, and online storage services to hand over data stored anywhere in the world.
This judgement came in response to a Microsoft’s challenge to a US warrant issued in December 2013, which required it to hand over the data of an Irish customer whose data was stored outside of the US. Microsoft challenged the warrant under the notion that federal courts are forbidden from issuing warrants for search and seizure of property outside the territorial limits of the US.
However, in his ruling issued Friday, New York Magistrate Judge James Francis noted that the territorial restrictions on conventional warrants burden the government substantially, and seriously impede law enforcement efforts.
In his decision, Judge Francis, states that “an entity lawfully obligated to produce information must do so regardless of the location of that information.”
Warrants can therefore be issued for information stored by US companies whenever granted by a judge, and the government may also obtain information via subpoena which requires the customer be notified prior to the search.
Judge Francis explained that the territorial requirement (that data be within the US to be searched and seized) presents several loopholes. For instance, a customer could present themselves as a foreigner to a US online service provider (who seldom verify this information) so their data could be out of reach of authorities. Also, service providers like Google have considered “offshore” data centers where data is beyond the territorial jurisdiction of any nation.
He also noted that the prominent existing system for legally gaining data from foreign parties, Mutual Legal Assistance Treaties, are often thought to be slow and fraught with difficulties for those investigating crimes.
After Edward Snowden revealed the extent to which US government agencies had access to user data, many worry that this ruling will make people more weary of US-based cloud services. And those who use US cloud service provides like Amazon, Microsoft and Google may worry that these relationships could result in user data being handed over to government bodies.
Stewart Room, a lawyer specializing in data protection, privacy and data security law, told UK tech blog V3, “Business customers will want to review their strategies going forward, although I urge them not to panic: the key issue for business is to understand the extent of its exposures, which in most cases will be very small indeed.”
But the fact that data stored on the cloud could be open for others to view creates a perception that data is unsafe, which could hurt many US cloud service providers who are still trying to regain public trust after the Snowden revelations.