Publication: Data, Extraterritoriality and International Solutions to Transatlantic Problems of Access to Digital Evidence

on the December 19, 2017

Theodore Christakis has just published his legal study for CEIS and Microsoft in the so-called "Microsoft Ireland Warrant Case" between the US government and Microsoft in the United States Supreme Court.
Lawful Access to Data: The US v. Microsoft Case, Sovereignty in the Cyber-Space and European Data Protection, CEIS & The Chertoff Group White Paper (December 2017)

livre Christakis 2017
Abstract

This study is the Legal Opinion prepared, at the request of CEIS and Microsoft, in the so-called "Microsoft Ireland Warrant Case" (USA v. Microsoft Corporation, US Supreme Court). This legal study was integrated into a "White Paper" on this case, initiated by Microsoft and published on December 3, 2017, by CEIS, the Chertoff Group and the author of this study.

The Microsoft Ireland case raises fundamental questions about the legal status of data and the cloud, the sovereignty of States in cyberspace, human rights and the General Data Protection Regulation (GDPR), the access of authorities to evidence stored in the cloud and the potential for conflict of laws. These issues should be of interest to public authorities in different nations as well as to businesses, individuals and civil society.

Part I of this study presents in the most accessible way the parameters of this highly interesting - but particularly complex case. Part II examines the specific issues raised in the US Supreme Court. It demonstrates the very fragile nature of the US government's arguments against the July 14, 2016, decision of the US Second Circuit, which found that the US government could not compel Microsoft to transmit to the US authorities e-mails from its clients stored on servers located outside the United States. Part III questions the negative consequences that a decision of the Supreme Court in favor of the American government might have. Part IV, finally, shows that international law offers States different possibilities to find mutually acceptable solutions, respectful of their sovereignty and compatible with the protection of human rights, to the important problem of criminal law enforcement access to digital evidence. States thus have the choice between a risky unilateralism, advocated by the American government before the Supreme Court, and the multilateral way, which has shown its effectiveness time and again in the history of international law.

Keywords: Data, Cloud, Data Protection, GDPR, Privacy Shield, Cybersecurity, Cyber-criminality, International Law, Sovereignty, Extraterritoriality, Jurisdiction, Law Enforcement, MLAT, Microsoft, GAFA, United States Supreme Court, Budapest Convention, Evidence

Access to the paper
French version
Published on May 23, 2018