Recap: Oral Arguments in Microsoft-Ireland

The Supreme Court heard oral argument Tuesday morning in United States v. Microsoft Corp.—a case that readers will by now be familiar with. (See a fantastic summary of Lawfare coverage here). It was a packed house, with attendance from other branches of government—I recognized hill staffers and executive branch officials, as well as Senator Hatch, lead sponsor of the CLOUD Act which could moot this case—and members of foreign governments. Microsoft’s president, Brad Smith, was also in attendance and gave interviews to the phalanx of journalists after the case. What follows is my rough-and-dirty summary of what happened at oral argument.

The Government’s Argument

The government’s lawyer, Michael Dreeben, began oral argument by pointing out that the focus of Section 2703 of the Stored Communications Act is entirely within the U.S.—and indeed, an hour later, Microsoft’s lawyer would close out his time with a back and forth with Chief Justice John Roberts about the focus of the statute, with Roberts pointing out that the specific name of Sections 2703 and 2702 refer to “disclosure,” an act that takes place in the U.S.

Is this a warrant or subpoena or something else?

This line of inquiry was quickly interrupted by Justice Sonia Sotomayor, who said this is a “search”—perhaps suggesting that the U.S. government cannot search things held abroad under normal Rule 41 warrant authority. The U.S. responded by arguing that this order is actually a “hybrid” between a warrant and a subpoena. Under a warrant, the government would go in and conduct its own search of Microsoft’s computers, but that is not what would happen here. Rather, under the SCA the government secures a production order but then requests compliance from Microsoft, and at that point, the order operates like a subpoena—which Microsoft can challenge, as it did in this case. (Dreeben pointed out that if it were really a warrant to search Microsoft’s computers, Microsoft would not have the same opportunity to challenge the order ex ante, suggesting that their very ability to litigate the case belies the idea of this being a normal warrant.) After a lengthy exchange on this point, the U.S. went on to suggest a hypothetical: Suppose that the U.S. gets a subpoena for a laptop. The target of the subpoena produces the laptop. The government still needs a warrant to search the laptop. This case, the U.S. argued, is functionally similar: subpoena for content, produced by Microsoft, followed by a search by U.S. authorities in the U.S.

What about Congress? Aren’t they better suited to address this, and isn’t there a bill pending?

Justice Ruth Bader Ginsburg jumped in to ask why the court should decide this case, which might be better left to Congress, especially since Congress is considering a bill on this issue (the CLOUD Act—covered here). More on this issue later.

Is there extraterritorial conduct here?

Justice Anthony Kennedy then asked whether the government conceded that the SCA does not apply extraterritorially, and the U.S. seemed to say “yes.” Dreeben pivoted immediately back to the relevant conduct here being in the United States. Ginsburg pushed back, saying “but something happens abroad, right?” Dreeben agreed, but then he argued that under the test from RJR Nabisco and Morrison, the court needed to identify the focus of the statute, taking us back to the opening issue. Justice Neil Gorsuch challenged him on this, saying that something indeed happens abroad. And Dreeben offered the following hypothetical: Suppose that a court orders someone to pay a fine. And the person says “I can’t pay, my funds are all abroad.” Would ordering the person to bring their funds into the U.S. be an improper extraterritorial order? The answer, the justices nodded in acknowledgement, is no.

What about foreign conflicts?

Sotomayor revived the concerns about which branch ought to resolve this matter: “I understand there’s a bill with bipartisan support …” And she suggested that Congress was better suited to address foreign conflicts. The government responded by noting that no government has actually complained about an improper or illegal extraterritorial application of U.S. law in this context. Indeed, the U.S. government’s position is that it has obligations under international agreements—principally the Budapest Convention—to request data in the context of investigations like the one at the heart of this case. Sotomayor didn’t buy it, and asked whether the bill will pass. The U.S. said that the bill had not been marked up and that it was the court’s job to interpret the law as it is, not as it will be.

Is this a warrant or not? Look at the text!

Gorsuch returned to the language of the statute. Why does the state say “warrant” if that’s not what it is? The U.S. responds to this by saying that it is called a duck in the statute, but it does not walk and talk like a duck: The order not actually like a Rule 41 warrant which would let U.S. law enforcement agents sit down at a terminal and search Microsoft’s computers. Alito jumped in to ask whether the government could get a normal Rule 41 warrant in this case, and the U.S. seemed to say yes.

How have other courts looked at this?

Alito then asked whether other courts have looked at the issue differently than the Second Circuit, the court that produced the opinion that the U.S. appeals. The U.S. pointed out that every district court that has looked at the matter (over half a dozen) have found that the orders operate in the U.S. and there is no extraterritoriality question. There are no appeals of those cases, Dreeben notes, because some of them have been stayed pending the outcome of this case.

Do courts have the tools to resolve the sovereignty issues?

Justice Stephen Breyer returned to the question of sovereign conflicts. Suppose that the U.S. gets a warrant from a magistrate judge. Can’t the judge just conduct a comity analysis and determine whether the warrant will in fact raise any foreign affairs concerns? The U.S. agrees. Justice Elena Kagan jumped in here to ask the U.S. to be clear about what the comity analysis would look like—presumably since comity has been criticized as squishy and malleable. The U.S. response to this is that the court has articulated comity principles—notably in Societe International v. Rogers—that could guide a court’s analysis in these cases too. (I have an article forthcoming in the Yale Law Journal on this topic.)

Dreeben said at that point: There’s “nothing new about this problem,” meaning that courts have long settled potential international conflicts arising from orders that have extraterritorial effects, and in any case, there are no conflicts in this case.

Microsoft’s Argument

Microsoft opened by arguing that this case is unusual—the U.S. government is reaching into another country’s soil to get data there.

Ginsburg immediately jumped in. Microsoft used to comply with these orders. Why did it stop? Microsoft conceded that it did comply with them, but it had stopped. Josh Rosencranz, Microsoft’s lawyer, said that the practice of storing data in different jurisdictions began in 2010, and only after a careful review in the wake of the Snowden disclosures did Microsoft decide to stop complying. Microsoft later noted that the number of cases like this is tiny—54 out of 60,000 warrants in a year are for foreign-held data.

How is data different from other evidence?

Roberts asked Microsoft why data is any different from money or any other form of evidence that might be in another jurisdiction. Microsoft responded that there is a statute here—the SCA—that focuses on “storage” and that is bound to the United States. So cases involving the production of foreign evidence are distinguishable because they are outside the scope of the statute.

Can Microsoft use jurisdictional hurdles to prevent U.S. law enforcement from getting stuff?

Alito asks a tough question: Suppose there is a U.S. crime, U.S. suspect, U.S. warrant, U.S. investigation, but Microsoft stores that user’s data abroad. Is it Microsoft’s position that U.S. law enforcement cannot get that data? Microsoft responded that the U.S. can use the mutual legal assistance treaty (MLAT) process to get the data. And Microsoft emphasized that the MLAT process “does work.”

Shouldn’t the Court interpret the SCA in ways that are reasonable in light of the modern world?

Breyer asked a very Justice-Breyer question: If we can construe the statute in ways that accord with the real world—in ways, presumably, that are agnostic about wherever Microsoft chooses to store the data—shouldn’t we do so? And if there are any comity or sovereignty concerns, we can just deal with them using Aerospatiale (comity) standards. Microsoft responds that this would not be faithful to the SCA and that the CLOUD Act is better.

What about voluntary disclosures under Section 2702?

Kennedy asked Microsoft whether it could disclose the relevant information under Section 2702 (which regulates voluntary disclosures). Microsoft says that it would be free to do that. (I think Rosencranz misspoke here—it would clearly violate Section 2702 for Microsoft to voluntarily disclose the relevant information—unless he meant that it could be disclosed in the event of an emergency under Section 2702(b)(8), but that was not the hypothetical.) Justice Kennedy noted that it would be odd if Microsoft could voluntarily give up the material it says it cannot be compelled to give up under an SCA warrant. (Lots of confused looks in the audience in response to this exchange.)

What are the physical components of this order in Ireland?

Ginsburg then asked Microsoft what would happen, physically, in Ireland if Microsoft were to comply. Microsoft said it would use a remote control (a person at a computer terminal in Washington) to execute a command that would go out over a physical hard line across the Atlantic where a physical disc would spin up and a computer would find the responsive data, copy it to another disc, and transmit it back along the physical route that the order went through. Justice Kennedy asked whether humans in Ireland would be involved, and Microsoft said “no.”

Could Microsoft purposefully evade U.S. law enforcement?

Roberts then asked Microsoft if it was advocating a rule that would create a market for services that would be keep data away from the U.S. even in legitimate investigations. He asked Microsoft if it could store everything abroad and market that to its customers. Microsoft’s response was that it would never do that because it tends to keep data close to users in order to keep latency times low. Roberts pushed back: The service would be slower, but to some users it would be worth it if it meant their data was not available to law enforcement, right? Microsoft might even gain customers! Microsoft’s response was that criminal use other services—not Microsoft services, which are used by hundreds of millions of customers—to keep data out of the hands of the government. He mentioned encrypted services.

Is Ireland really an interested party?

Justice Alito then jumped in. If the person in the case isn’t Irish, does Ireland really have an interest in the case? Microsoft’s response was that emails have a physical presence, and in this case they are in Ireland.

There is a final exchange between Justice Kagan, Chief Justice Roberts, and Microsoft about the text of Section 2703 and the focus of the statute, with Kagan and Roberts noting that “disclosure” is in the title, but Microsoft noting that “storage” is in the title too.

Microsoft concludes with this remarkable statement to the court: “You are as likely to break the cloud as you are to fix it.”

Government Rebuttal

Dreeben takes the podium again for a brief rebuttal. He notes that Kennedy was onto something and that Microsoft’s lawyer likely misspoke: Under 2702, Microsoft is not at liberty to disclose emails except in the exceptional circumstances outlined in Sections 2702 and 2703. The logic of Microsoft’s position is that if they store data in Ireland, outside of the U.S., then the U.S. government cannot get it under an SCA warrant but that since the SCA doesn’t apply, the protections of Section 2702 also do not apply, leaving Microsoft free to disclose the data to anyone (or to sell it).