An appeals court ruled on Friday that Microsoft must turn over email sought in a U.S. warrant, even though the customer's email is being hosted on servers in Ireland, not the U.S. Microsoft argued the US warrant has no jurisdiction in Ireland, but the court disagreed.
Microsoft's Deputy General Counsel has written about the original issue on Microsoft's site, discussing the challenge filed and outlined the reasons why it felt compelled to challenge the law in this case:
It’s generally accepted that a U.S. search warrant in the physical world can only be used to obtain materials that are within the territory of the United States. A U.S. prosecutor cannot obtain a U.S. warrant to search someone’s home located in another country, just as another country’s prosecutor cannot obtain a court order in her home country to conduct a search in the United States. That’s why the U.S. has entered into many bilateral agreements establishing specific procedures for obtaining evidence in another country. We think the same rules should apply in the online world, but the government disagrees.
Not only did Microsoft file this challenge, but the Electronic Frontier Foundation, Apple, Cisco, Verizon, and AT&T all filed amicus briefs, a statement given to the court by parties not directly involved with the case, but still interested in its outcome.
Regardless of what happens next, this is a case that virtually anyone using a cloud service should watch with interest. Since a user and their data may be in completely different places, it's important to know what expectation of privacy anyone using a cloud service can reasonably presume.