Klarquist Files U.S. Supreme Court Brief for 51 Computer Scientists as Amici Curiae in Support of Microsoft In United States v. Microsoft Corporation, No. 17-2

Published January 19, 2018

Today, more than a billion people around the world trust American “cloud” service providers such as Amazon, Google, IBM, and Microsoft to safeguard their private emails and other data in hundreds of high-security datacenters. This new paradigm combines the highest data security with nearly instantaneous data access from anywhere in the world.

That worldwide access has led the U.S. Government to assert that a statute permits it to order American “cloud” service providers, via a court-approved search warrant, to gather and hand over to the Government the private e-mails of customers whose e-mails are stored in a datacenter in any foreign country, despite the normal presumption against extraterritorial effect of U.S. laws. The Government has argued (1) the American company can access those emails without taking any actions in that foreign country, (2) the American company could store all e-mails outside the U.S. and defeat U.S. law enforcement needs, and (3) the emails can be accessed from anywhere and moved anywhere so they in effect have no specific location.

This issue is now before the U.S. Supreme Court, set for oral argument on February 27, because Microsoft disagreed that the statute gave the Government such control over foreign-stored data, and refused to hand over e-mails stored in its datacenter in Dublin, Ireland.

On January 17, 2018, Klarquist filed on behalf of 51 Computer Scientists an amicus curiae brief in support of Microsoft to explain to the Justices the science and engineering behind “cloud” data storage and access. The computer scientists explain the following salient points:

  1. The data is at a specific physical location: While the “cloud” allows the owner of personal data to access her data from Internet-connected computers throughout the world, and to do so without being aware of the location of the data, the data is always stored in at least one specific location: an electronic pattern of digital 0s and 1s on a spinning disk, or similar storage device, in a computer in a datacenter.
  2. Retrieving data from Ireland requires complex physical actions in Ireland: Retrieving data stored on a spinning computer disk, or similar device, in a high-security datacenter in Ireland requires myriad complex physical actions in Ireland.
  3. The data is protected in a digital “safe deposit box”: The owner’s personal data is made more secure in a “cloud” datacenter than on most home computers. This includes being shielded, by encryption, from employees of the datacenter to an even greater extent than personal papers in a safe deposit box in a bank vault are protected from a bank’s employees. The owner’s personal data also is protected in transit to and from the datacenter in a digital equivalent to an armored truck—again by means of encryption.
  4. The closer the data, the faster the access: Geography matters, as the data owner’s rapid access to her personal data is faster if the data is stored at the “cloud” service provider’s nearest regional datacenter.

Link to the brief.