Microsoft fighting order from U.S. prosecutors to disclose emails stored in Ireland


Microsoft is currently fighting a legal battle with U.S. federal prosecutors, who are ordering the company to disclose emails stored on a server based in Ireland.

The battle began in December, when a search warrant, requested by the federal government, was approved by a judge. The warrant was supposed to give prosecutors the right to obtain emails stored on a Dublin server owned by Microsoft. The prosecutors are looking to search the content of those emails from an unnamed customer in a criminal case. It is believed this person used Microsoft's Outlook.com service.

Microsoft has been fighting the court order since then, claiming that a domestic search warrant cannot be enforced on emails that are stored on an overseas server. However, in a decision made in April, federal magistrate judge James C. Francis sided with the feds, claiming their request was valid.

The legal fight has huge implications. On the one hand, there are fears that the government could gain the rights to access digital content from any server, located anywhere in the world, if their legal argument stands. On the other hand, a victory on Microsoft's side could be a big barrier in fighting criminals who might conduct their affairs overseas — or merely have their emails stored on a server overseas because that's where the service put them.

Verizon has already filed a legal brief supporting Microsoft's side, and the Electronic Frontier Foundation is expected to do the same, along with other major corporations.

What do you think about this legal tussle? Should the federal government have the right to issue search warrants on servers owned by U.S. companies that are located overseas, or are they overstepping their bounds?

Source: New York Times


Reader comments

Microsoft fighting order from U.S. prosecutors to disclose emails stored in Ireland


Can't the feds ask for a specific email address and be done with it... Why search everyone's email.

Or at least that's what I understood. Seems sketchy

If the person is an American, I'm actually on the governments side on this one. Storage location is totally random. That can't be a factor when the person is a criminal in America.

You make a good point, but a warrant recognized by Ireland would solve the issue and prevent any undesired legal precedent from being established.

@GoodYhings2Life I don't think they really want a warrant from Ireland. I really do think they want this legal precedence to be set (enough to take a gamble on the verdict) so they can do this easily from this point on.

I could MAYBE get on board with the "If the target is an American" argument but I'll have mull that over in my head awhile.

How about if the target ISN'T American? Then the suspect would have less legal protection. The only barrier would be Microsoft's legal rights at that point.

What about if they just make up a story about the person to get what they want? Look at all the lies they told about WMD in Iraq.

It does not matter where the person is from, but where the subject of the warrant is. If a US citizen owned a house in Ireland, a US court can't issue a search warrant for that house, same should be true for data stored in Ireland.

If they want the data they should use the proper legal channels and not try to circumvent international treaties.


The analogy is fatally flawed.

The defendant does not own the house (email), MS does. Furthermore, no one from the US would ever have to set foot on Irish territory. This can ask be handled within the USA.

This is a tough one.

While I partially agree, technically MS does not "own" the email. The user does, and MS stores it.

Maybe the closest analogy would be international banking?

It's tricky...

They do own it.  The content is yours, but the actual hard drives on which they sit -- that is, the physical instantiation of the email -- is theirs.

But point taken.  Yes, it's complicated.

What about a physical mailbox in Ireland owned by a US company? Would this even be up for debate? I doubt it, they'd need an Irish warrant.

technically MS owns the servers, the defendent owns the email address (not sure what the license agreement says though)


even then, I think they should collaborate with Ireland to gain access

So basically what you're saying is, give the courts control over servers if they suspect an American criminal is involved in a crime?!?!...dumbest remark I've ever read. I don't support criminals, but what you're saying is just another step in the wrong direction. Its nice to know that Microsoft understands this...along with Verizon. Seriously...smh!

I actually think "..." Makes more sense, but at least you think you're worthy of a "Ba-dum-tisss" and that's all that matters.

Right, who cares about the laws of another country and how their laws may differ from Americas. Lets just apply American laws to the whole world and do away with borders. One world government coming right up. /s

But if the person resided in another country the US government should have to ask the government of that country to extradite that person. If such a request meets all the criteria that both countries agreed upon than there would be no barrier for that to happen. Now I think the same rules should apply for data. Hence a request should be filed in the country where the data resides. Right now (with the patriot act as an excuse) the US seems to play a game of exerting their power. The same goes for a number of absurdly high fines (BNP Paribas was fined 10bln for something that wasn't even illegal in France). I applaud Microsoft and others for taking the stand here. I am all for fighting crime and terrorism but we do need fair rules.

This case about e-mails of "Unnamed customer" as I see from the text. He can be not American. But I think it doesn't matter. There is legal procedures to get access to any server in Ireland by legal request to Ireland's court. I think this possible. But they want avoid it through pressure on Microsoft. Because Microsoft is USA company. If no success for Microsoft here, they need to transfer all their online services to another country for customer protection. Big loss for USA. I hope Microsoft

win this case.

EU uses mostly Irish net law because most multi nat tech companies have their base in Ireland so use irish law... Its the only reason FB dont have face recognition and such is cause of ireland... Hope Ms wins this

Most companies are based in Ireland because of their low corporate tax rate. Privacy regulation is quite strict in all EU countries, not just Ireland.

So just because the proper process is more complex we should just screw it and let the US courts undermine centuries old international legal order?


The US have show interest in overseas civil matter's. Legally speaking the magistrate judge is wrong yet this will have to be done since EU stand for total data destruction. Why not show a rush in penal cases?

Microsoft should take it to Irish courts to get an order from them to block the US request, as illegal under Irish law. It is ridiculous to try to inforce US domestic law in another country, unless there is basis for it in international jurisprudence.


You sometimes wonder how a moron like that could be a judge.

The argument is simple because it is a simple matter, there are international agreements on obtaining foreign search warrants; it should have been a very simple verdict. The prosecutor is just lazy to go through that international process.


Totally disagree. Not necessarily with your final judgment (I'm torn) but that this is simple. MS is a US company and the defendant is a US citizen. MS US has full access to their servers everywhere in the world...why it should matter where the bits are physically stored seems of little relevance to me.
Certainly the notion of involving Ireland in a completely US affair seems bizarre to me. What does Irish law have to do with any of this?

I can actually see where this argument is stemming from. Taking a step back and thinking about it, Microsoft has huge government deals that I'm sure they wouldn't want to sour. Microsoft has no history of fighting to protect customer info from the government, at least none before Snowdon showed us all. Verizon from what I have read argued against much of the government snooping and was the first to reveal what the government asked of them. I have a feeling that was the Vodafone side pushing for releasing it. Anyways I find that everything you read online needs to be taken with a grain of salt. Basically I do smell a bit of a publicity stunt from M$


Indeed, I find it funny how this is coming on the heels of another WPCentral post about MS wanting to simplify legalese so consumers easily understood their rights m

It has to do with the fact the hardware itself is in Ireland and it doesnt matter who's company is it or where from. If it's doing bussines or has property in Ireland, its subjective to Irelands laws. If not, US company could buy Dublin square, dump toxic waste on it and say Its ok Im US company and I dont give a flying fuck for breaching your laws.

I agree that MS is subject to Irish laws.  Where I am absolutely certain you are incorrect is that it "doesn't matter who's company is it or where from."  Companies must obey the laws of any country in which they operate.  It get's even more complicated when a company is incorporated in a particular country, as the ordinary choice of "if you don't like those laws then stop doing business there" is removed.  MS must submit to all us laws.  Period.  It is absolutely within the US government's right to decide that they are entitled to access to any data held by a US company as long as they provide a valid US warrant.  Indeed, it would be bizarre of them to just give that right up.  Why would they do so? Can you imagine any government doing so?

The amazing thing is that, as a constitutional democracy, we may yet have a legal ruling by the government taking this power away from itself (we'll see).  But don't count on it.  And certainly don't delude yourself into thinking that that has anything to do with dumping toxic waste in Dublin Square.  That is an utterly specious argument.  Ireland gets to make their own rules about what people and corporations can do on their soil.

The logical fallout, which almost certainly will happen if the warrant is upheld, is that countries like Ireland will decide they won't allow MS and other US companies to operate servers on their soil.

Overstepping. No threat is big enough that we should go against the basics of freedom.

And as a person who already has a hard time selling Office 365 to companies in Europe because of crap the NSA did, the last thing I want is the uncertainty of which government gets to see my customers' data if a court order is presented. With servers located in Dublin and Amsterdam, it better not be the US government...

That's because the democratic party is made up of a bunch of weak pussies who have their heads crammed all the way up each others ass. Wonder how much crap I'm about to start?!?!

You can be a conservative for only three, not necessarily exclusive reasons: You're rich, you're dumb, you're a bigot.

Are you rich?

The vast majority of the Democratic Party is nothing but Corporate Democrats who vote on the whims of where the money comes from.

The U.S. Democratic Party needs less Corporate Shills and more Elizabeth Warren's.

do you understand he lives in US (going by his comments you can be sure about it), no? so how is your comment smart if it's obvious IF someone took his lunch money it would be someone from US?
do you understand not everyone in US agrees about how some people from US like politicians run can run a country and some politicans really want to get in everyone business?
or what... now it is like "oh you hate US stuff so you are not from US"?

lol please......

Microsoft clearly have little choice but to publicly fight this. I support them in principle anyway. The US government needs to be reminded that it cannot do whatever the hell it wants. Disgraceful.

Disgraceful that the UK government seems to be complicit in all of this NSA snooping too.

Don't bring the UK into this, I don't like how the US government is complicit in all the SIS snooping too.

If the Police Service of Northern Ireland can get information from Boston University I'm sure the US government can get info out of the free state

The difference is that the Police in NI would have gone through due process and obtained an international search warrant, something that the US government is, apparently, too lazy to do.

Feds should have that countries legal system submit a warrant and share the information gained from it. The only gray area would be acts of terrorism... If that person or persons is a known affiliate of terrorists groups... MSFT should provide the access to the emails to both countries. this would eliminate alot of the confusion. IMHO

What if the server is located in a country that does not recognize requests from the US?

I am very skeptical of all this. I think this is a very changeling issue. To be so sure that your vote is right is arrogance on the extreme. I see massive upsides and downsides to either way this friend out.

If you feel anything other than torn over this, I think you're not thinking hard enough about it.

The government should be talking to the powers that be in Ireland before they force Microsoft to ruin its reputation there. How does Ireland feel about all of this?

i am totally angry with the NSA prying into its own citizen and now they are trying to get more information from other countries shame on you NSA

Nations must respect the each other's sovereignty. By issuing a properly obtained search warrant, I believe the US should be able to acquire information located and stored in other countries BUT this should all be accomplished with international treaties and cooperation. Much the same way that Sweden will share banking information with the US under special circumstances. Furthermore, it should be a two way street. Consequently, only the most heinous criminals and egregious crimes should be subject to these inquests and only with countries that mutually agree that certain crimes meet the standards for an international warrant (e.g., terrorism, arms dealing, drug trafficking, and etc.).

Easy solution. Get court orders from both the investigating country (in this case US) as well as the hosting country ( in this case Ireland).

I agree that the government shouldn't be able to search the entire contents of the sever however full access to that specific account should be granted at the same access level as the customer. It should be expected that the company disclose all data spec to that profile.

I agree. The government loves the "Burn down the house if you see a rat in the kitchen" mentality. They are more like opportunists, they see an opening and exploit it hoping to get 'lucky' in other areas.

I think it should be decided by wether or not the person is a US citizen. If he is, then they could get the content, if it isn't they need to go through either the Irish or the country where the person is a citizen.

Depends on the claim. I dont believe any country/company should harbor criminals- or their emails. With that said, I'm wary of the government's invasion of privacy and where the line should be drawn.

Is that all you care to say? Clearly the US govt is cutting off its nose to spite its face here, damaging the export interests of Microsoft and other American cloud providers. Europeans won't trust cloud providers when their security can be breached by an overarching foreign power who have been known to steal business secrets (British industrial revolution era and more recently). The EU position is strongly against this idiotic ruling by the magistrate judge and is on record that they want the US to use the normal international channels. Hopefully Juncker will get elected Commission President (I don't support his EPP, but the European Greens, though I want the one with the most votes elected instead of the Council picking someone else) and will continue the forceful defence of privacy pursued by Commissioner Reding.

The US needs to get over itself. If some podunk judge in the States can order actions to be taken in another sovereign country the system of international laws carefully built up since WWII will fall apart with serious consequences. They should get off their asses and negotiate some treaties for International extradition of data. We done kidnap people in Ireland at the behest of a US judge, we get that judge to approve a request for extradition. A person's private information should be handled the same way.
Of course ever since 9/11 US federal judges have become mere rubber stampers for the Feds, debasing themselves with their never ending approvals in"Star Chamber" proceedings. This country is rushing heading into moral irrelevancy.

if the servers are based in Dublin then the U.S. prosecutors should be told NO.

they should follow Irish/EU laws regarding the matter.

I don't know about RoI law, but how would this work under UK data protection act laws? If the data owner was a UK subject then MS would have no right to pass on to a third party without a UK court order. Otherwise the individual at MS who passed on the data would be personally criminally liable and would be facing prison time. If the data is owned by a US citizen and stored on a UK server then I'm not 100% sure, but I am pretty convinced they would still be in breach. If the MS data controller, who is and must be situated in the UK, allowed this then they would be up in front of the beak. RoI may be different, but I suspect if they are then this kind of thing might just prompt a tweaking of their laws.

Huge problem here: The email service is overseas, but the Microsoft is an American company. If they ask to search one persons email, then I would understand. But if they're doing this secretly to read EVERYONE'S emails, then that's too far. I'm not proud of what Edward Snowden did by turning all those cables to WikiLeaks, but I am glad he blew the whistle on this whole thing! But I digress. If Ireland allowed this warrant, then Microsoft would have no choice but to comply. Ireland needs to make a decision now.

Microsoft Ireland is not an US company but a legal entity registered in Ireland. You people need to make distinction between the mother company in the US and the acting company in Ireland.