Privacy Concerns Overseas

The conflict over who has the legal right to search data overseas can be unclear.
March 9, 2015

It all started when Edward Snowden shed the light on spying operations occurring outside of U.S. borders, these operations involved the National Security Agency (“NSA”) collecting data on many telephone and e-mail conversations in other nations, and many were linked to U.S. citizens. [1] This revelation has ignited a domino-effect that includes large companies taking measures to prevent the government from encroaching on their data. [2] The Snowden release has fueled the fear that large technology companies all share, which includes their impending future economic losses as other countries find their people’s data is unsafe contained in the U.S. data centers located all over the world.[3] As a result, technology companies have publicly denounced their willingness to comply with United States, when the U.S. asks them to produce their customers’ data stored in U.S. data centers abroad since some countries, like Ireland, protect privacy vehemently.[4]

Moreover, many companies have announced their unwillingness to cooperate with the United States government and refuse to hand over data. [5] The United States attempted to have extra-territorial power to search data overseas with a warrant, issued under 18 USC § 2703(a), which requires the Government to use procedures under Rule 41 of the Federal Rules of Civil Procedure, but these procedures do not mention its extraterritorial effects. [6] Since the government has prevailed over Microsoft in its case on this matter, there has been a large threat against American cloud companies that do business abroad, and these implications over the internet of things is unknown world-wide. [7] Recent legislation and technological innovations can provide the response to U.S. technology companies’ privacy concerns.[8]

Many large technology companies are calling for more privacy protections in legislation, and until this is done, there have been efforts to encrypt code, and amend the Electronic Communications Privacy Act (“ECPA”) of 1986. [9] ECPA needs an update since those who enacted this legislation could not have possibly foreseen the global effect the internet would have had from its infancy. [10] The Stored Communications Act is part of ECPA, and authorizes the government to seek the contents of stored communications that are more than 180 days old, using a subpoena or a warrant. [11] Recent efforts to update this legislation include a proposal that the U.S. Government be required to obtain a warrant before it can access emails overseas involving a U.S. person, and those who are not U.S. persons require the government to obtain this information through the multinational Mutual Legal Assistance Treaty.

In the private sector, there is the possibility of a new angle to push an online storage service called “Box”, which allows businesses to control their encryption keys (tools that keep data safe), which will also help quell fears about the government infiltrating one’s data. [12] Dropbox, Box’s largest competitor, is also considering user-control to attract new customers. Generally, new encryption technologies from Google and Apple have headed with the Federal Bureau of Investigation, but they have also geared toward ensuring consumer privacy, and the recent legislation may or may not help extinguish the need. The future is indeed murky, but this issue involves us all as one must pay attention to it moving forward. [13]


[1] Bamford, James, The most wanted man in the world, WIRED (August 22, 2014), http://www.wired.com/2014/08/edward-snowden/;
[2] Gellman, Barton et al, In NSA-intercepted data, those not targeted far outnumber the foreigners who are, THE WASH. P. (July 5, 2014), http://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html.
[3] Hudson, Alexandra, German government cancels Verizon contract in wake of U.S. spying row, REUTERS (June 26, 2014; 5:30 PM).
[4] Id.
[5] See In re Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp., 15 F. Supp.3d 466 (S.D.N.Y. 2014) (Microsoft denied the government data in Ireland involving a drug-trafficking investigation). E.g. Smith, Brad, Business, Media and Civil Society Speak Up in Key Privacy Case, THE OFFICIAL MICROSOFT BLOG (Dec. 15, 2014) http://blogs.microsoft.com/blog/2014/12/15/business-media-civil-society-speak-key-privacy-case/(Verizon, Apple, Amazon, eBay, CNN, Fox News, NPR, Salesforce, Ciscom the Washington Post, the ACLU, the Electronic Frontier Foundation, the U.S. Chamber of Commerce, AT&T, etc. all filed briefs in support of Microsoft).
[6] Can a U.S. Warrant Compel a U.S. Provider to Disclose Data it Stores Abroad, CENTER FOR DEMOCRACY & TECHNOLOGY (July 17, 2014) available at https://cdt.org/insight/microsoft-ireland-case-can-a-us-warrant-compel-a-us-provider-to-disclose-data-stored-abroad/.
Nakashima, Ellen, Microsoft fights U.S. search warrant for customer e-mails held in overseas server, WASH. P. (June 10, 2014) (quoting Michael Vatis, a lawyer for Verizon who co-authored the amicus curiae in support of Microsoft).
[7] Can a U.S. Warrant Compel a U.S. Provider to Disclose Data it Stores Abroad, CENTER FOR DEMOCRACY & TECHNOLOGY (July 17, 2014) available at https://cdt.org/insight/microsoft-ireland-case-can-a-us-warrant-compel-a-us-provider-to-disclose-data-stored-abroad/.
[8] http://www.hatch.senate.gov/public/_cache/files/1f3692d5-f41f-4c73-acf2-063c61da366f/LEADS%20Act,%20September%2018,%202014.pdf.
[9] Menn, Joseph, "Box Lets Cloud Storage Customers Control Encryption for Security," <RE/CODE> (Feb. 10, 2015, 10:49 AM) http://recode.net/2015/02/10/box-lets-cloud-storage-customers-control-encryption-for-security/.
[10] Id.
[11] Schatz, Amy, "FBI Director Calls on ‘Good People’ of Apple, Google to Dump New Encryption," <RE/CODE> (Oct. 16. 2014, 12:19 PM) http://recode.net/2014/10/16/fbi-director-calls-on-good-people-of-apple-google-to-dump-new-encryption/ (encryption technologies on the iPhone and Android).
[12] https://www.box.com/
[13] Menn, Joseph, "Cloud storage firm Box lets customers control encryption for security" REUTERS (Feb. 10, 2015, 12:03 PM EST) http://www.reuters.com/article/us-cybersecurity-box-idUSKBN0LE28Y20150210.

Caitlin Wilenchik (Kay-tee) is a 2L who currently works as a law clerk for the Senate Judiciary Subcommittee on Privacy, Technology, and the Law. She enjoys travel, and this past summer she studied International Intellectual Property and Trade law in Geneva, Switzerland. Before law school, she worked and studied broadcast journalism on the west coast, and does occasionally miss the sun.