There is little question that technology has resulted in a tidal wave of change. From how we communicate, transact, collect, consume and more.
A cornerstone of the American justice system is the concept of jurisdiction, the rule that the government and its courts can try cases and decide legal matters when they occur within its reach. With cloud computing becoming commonplace, the federal government is seeking to place every byte of data on the Internet under its jurisdiction, a power-grab that should concern every American and every foreigner using an American corporation for computer services.
The Department of Justice is demanding Microsoft (NASDAQ:MSFT) comply with a warrant and deliver email messages belonging to a European Union citizen that are stored on a server in Ireland. Microsoft’s position is data that has never involved the United States is outside the jurisdiction of the United States, but if the government wants that data, it should utilize a treaty agreement between the U.S. and Irish governments rather than a domestic warrant.
The heart of the matter can be found in the now dated Electronic Communications Privacy Act (ECPA), which in 1986 was designed to protect the privacy of electronic communications. In 1986, many of the dilemmas of today’s interconnected world could not have been anticipated. Reviewing the ECPA’s text and history show Congress believed the law would only apply domestically.
In an era of cloud computing, jurisdictional overreach on the part of any government is likely to prevent its citizens trading abroad. If left unchecked, it could even lead to companies re-incorporating abroad. With an $18 trillion national debt, the last thing the country needs is to allow the Justice Department to skirt international protocols, while endangering the private sector’s ability to compete and proactively shrinking the domestic tax base.
Realizing the short and long-term stakes, including how international business could become impossible for American companies if the U.S. government is allowed to demand U.S. businesses treat all data everywhere as if it fell under U.S. domestic jurisdiction, Senators Hatch, Coons and Heller introduced the Law Enforcement Access to Data Stored Abroad (LEADS) Act. The legislation looks to safeguards Americans’ electronic data stored abroad and establish a balanced process for how U.S. law enforcement can obtain this data while respecting the sovereign rights of other countries. Among the finer points, the LEADS Act:
• Requires a warrant to access stored content irrespective of how old the content is;
• Confirms that warrants under the Electronic Communications Privacy Act (ECPA) do not reach extraterritorially;
• Creates an exception that would allow extraterritorial warrants for content of U.S. persons (citizens and residents) stored outside of the U.S.;
• Proposes several reforms designed to improve and facilitate the Mutual Legal Assistance Treaty (MLAT) process; and
• Expresses the sense of Congress that countries should not impose data localization requirements.
The response from technology companies and associations such as Apple (NASDAQ:AAPL), IBM (NYSE:IBM), Cisco Systems, Internet Infrastructure Coalition (i2 Coalition), BSA - The Software Alliance, ACT - The App Association, Entertainment Software Association (ESA), Information Technology & Innovation Foundation (ITIF), Information Technology Industry Council (ITI), TechNet, National Association of Manufacturers (NAM), Telecommunications Industry Association (TIA), and the American Consumer Institute (ACI) has been one of positive support for the LEADS Act.
With the situation locked and loaded, and the ability of American companies to compete on the world stage hanging in the balance, Congress needs no greater call to act. For those supporters of the Justice Department’s tactics, what would they say if Russia, China or North Korea requested similar information from an American company?