Saturday, July 30, 2016

Cloud Storage Across Borders

Cloud storage of data for business brings efficiencies and as well could bring unbeknown reasons for concern.  Data is not static and neither is how it be directed for load balancing.  It is not only stored, it is shared via transfers and as such it is accessed by users. How the data is accessed and managed differs among businesses.  Whether the processes occur across national borders that is the issue being raised for consideration. If the operating server is located overseas that punctuates the issue of jurisdiction and welcomes international law to the realm of cloud computing via the protocols of the Internet in business practices.
The idea of a national law applying overseas, i.e., ‘extraterritoriality’, is common by the design of international agreements says in the Telecomm industry and natural gas referring to antitrust.[1]  Countries engage in mutual agreements to foster assistance with enforcement of law such as the mutual legal assistance treaties that the U.S. has engaged in with European and South American countries.  But when the national law addresses a function that has the capability of crossing borders, it must not be silent in order to apply cross-border .  When a law was written without cognition of its need to address international aspects of business, the law then is rendered ineffective to address the desired reach.
This transpired with the United Stated government seeking to apply the Stored Communications Act[2] for the purposes of acquiring data in an investigation.  When a law such as the SCA that was promulgated several decades ago without contemplation of business practices extending into cross-border digital records management, it will appear archaic and drastic need of congressional action to enhance its currency to today’s business practices.  In Microsoft Corp. v. U.S.[3], Microsoft sought to appeal the previous magistrate’s and district court’s determination of the United States District Court for the Southern District of New York, which denied Microsoft’s motion to quash a warrant.  The U.S. issued a warrant for records under the SCA that were stored on servers stationed outside of the U.S.  The records sought by the U.S. the contents of users emails.  Microsoft ran the risk of being held in contempt for failure to abide by the warrant.
The actual rendition of the SCA that was overturned was the depiction of the SCA warrant as if it was subpoena and not a search warrant.  With this depiction, the district court construed that Microsoft was compelled to produce that which it has control over and it operated and maintained.  The district court did not consider the location of the where the sought data to be an important consideration.  The district court stated that Congress intended the SCA to oblige ISP (internet service providers) to produce information that was under their control even if it was outside the United States. It, however, stayed its decision allowing for Microsoft’s appeal.
As Microsoft appealed, the issues of extraterritoriality reach of SCA and explicit intent of the statute to apply abroad became crucial was contemplated by the Second Circuit.  It also noted that the data content being sought by the United States was abroad located on a server in Ireland.  With the absence of the SCA having an international scope and the United States conceding the absence, the court determined that a warrant only applied if it is contemplated to be executed within the territorial confines of the United States.  The court depicted that an SCA warrant is not a subpoena and that it did not have that authority.  The Second Circuit rejected the district court’s description that the SCA warrant was equal to a subpoena.
As Congress proceeds to address enhancing the SCA it will encounter the various methods of data storage and integrated data sharing processes.  It will also have to embrace how the SCA will chime with European Union’s new General Data Protection Regulation (GDPR) and the EU-US Privacy Shield.  Privacy of user records remains the central point that will dominate the discourse as the SCA is placed under the microscope for contemporary relevance.
[1] Author’s doctorate in international law:  ‘Determining Jurisdiction Across Borders - Extraterritorial Application of Antitrust’. Doctoral dissertation, 2004 – Josef Korbel School of International Studies, University of Denver, Denver, Colorado.
[2] Stored Communications Act, 18 U.S.C. § 2701-2712.
[3] Microsoft Corporation v. the United States of America, No. 14-2985 (2d Cir. July 14, 2016)

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web." Copyright 2013- 2016, all rights reserved, Lorenzo Law Firm, P.A.

No comments:

Post a Comment