There is an important battle looming in the US Supreme Court, which affects us as British lawyers. It is the long-running saga of the US government vs Microsoft.
The question in the case is simply put: does the US government have the right to access data stored in Microsoft’s servers in Ireland? The case arose when, in December 2013, Microsoft challenged a US search warrant seeking email stored in its Dublin data centre. A federal court had issued the warrant under the Stored Communications Act, a US statute, which governs the privacy of information stored with technology providers.
Although the question is easy to state, the law has proved sufficiently complex for judges to take different views on its way to the Supreme Court. It affects us because, if the US government were to win the case, confidential data held by lawyers outside the US would be at risk.
The deadline for submitting amicus curiae briefs in support of Microsoft expired at the end of last week, and no fewer than 18 such briefs were filed on the last day possible, one of them from the Council of Bars and Law Societies of Europe (CCBE). Others came from leading MEPs, European trade associations and the European Company Lawyers Association.
The European Commission filed a brief in support of neither party. It states that it would be appropriate for the court to consider EU domestic law relating to searches of data stored in the EU, since the production of data stored in the EU is already addressed by EU privacy law, in particular the General Data Protection Regulation.
The UK government has also filed a brief in support of neither party. It makes two arguments. First, a solely location-based approach to access to data by law enforcement no longer makes sense in the digital age. The UK’s own approach now focuses on those providing services within the UK, regardless of the data’s storage location. Second, under the current UK-US Mutual Legal Assistance Treaty (MLAT), the UK submits requests for electronic communications belonging to US providers to the US Department of Justice, but the lower court decision in the Microsoft case means the US can no longer assist the UK in accessing electronic communications held by US providers abroad. Since the traditional MLAT process can in any case be too slow for many modern criminal investigations, the UK is now negotiating a new bilateral agreement with the US.
The CCBE in its brief agrees with the UK government on the point about the MLAT system being undermined if the US government were to win. But it has other arguments, one of them directly focused on lawyers. The CCBE says that the US government’s position affords no meaningful consideration to foreign law concerning professional secrecy. In particular, the CCBE says:
‘But a client (or, in relevant cases, a lawyer) whose privileged correspondence stored on a European server is seized by the Government pursuant to a Section 2703 warrant would have no redress – she would likely not have an opportunity to intervene because the Government would not be required to provide notice of the seizure, see 18 U.S.C. § 2703(b)(A), and the procedure would not be supervised by a judicial authority that is obligated to respect the privileges or professional secrecy obligations that may attach to the materials seized.
Interestingly, the CCBE differs from the UK government’s belief that it matters where the provider is providing services for data to be accessible to a government. The CCBE says that ‘a modern interpretation of search and seizure law requires that the focus be on the location of the electronic records seized’. So both disagree with the US government, but for different reasons.
The CCBE says that the US government’s interpretation would make the US the information clearinghouse of the world:
‘To comply with U.S. warrants, this approach would require – if not in every case, then in many – that U.S. companies violate the laws of the foreign countries in which they operate, and would encourage those abroad to avoid using U.S. companies to conduct business.’
The European Company Lawyers Association also takes up the professional secrecy point, and makes a similar point to the CCBE, stating that its members:
‘Would have a strong incentive to conduct all communications through service providers that are not subject to the jurisdiction of U.S. courts. The result would be increased complexity and costs for European companies and their counsel and reduced competition in the market for online services.’
I would be interested to know why the American Bar Association did not intervene as an amicus curiae to defend professional secrecy, too.
We should hope that Microsoft wins, to reduce at least one of the burgeoning threats to professional secrecy.