A federal appeals court ruled for Microsoft Thursday in a case that pitted customer privacy against the government's need for evidence in criminal cases.
A unanimous three-judge panel of the Second Circuit Court of Appeals in New York said Microsoft cannot be compelled by a search warrant to turn over e-mail data stored on one of the company's servers overseas.
"Warrants traditionally carry territorial limits," the ruling said. "Law enforcement officers may be directed by a court-issued warrant to seize items at locations in the United States and in United States-controlled areas, but their authority generally does not extend further."
In a statement, Microsoft said the ruling was important for three reasons. "It ensures that people’s privacy rights are protected by the laws of their own countries. It helps ensure that the legal protections of the physical world apply in the digital domain. And it paves the way for better solutions to address both privacy and law enforcement needs."
Privacy advocates applauded the ruling as strongly pro-consumer and predicted it would lead to changes in how data is stored.
"This is a groundbreaking decision that helps protect privacy rights around the world," said the Electronic Frontier Foundation, which joined the case in support of Microsoft.
"This will lead companies to move more of their data centers outside the US because of a post-Snowden belief that the protections in the United States were not strong enough," said Marc Rotenberg of the Electronic Privacy Information Center in Washington, DC.
In 2013, federal agents served a search warrant on Microsoft's headquarters in Redmond, Washington, seeking information about an account that was suspected of being used for illegal drug trafficking. The company turned over basic information about the account but said the contents of the emails were stored on one of its servers in Ireland.
The government sought the contents under a federal law called the Stored Communications Act, but the court said Thursday that the focus of the law "is on protecting users' privacy interests."
The Obama administration said it was disappointed with the ruling.
"Lawfully accessing information stored by American providers outside the United States quickly enough to act on evolving criminal or national security threats that impact public safety is crucial to fulfilling our mission to protect citizens and obtain justice for victims of crime," said Peter Carr, a Justice Department spokesman.
Some legal experts said the ruling pointed out the difficulty of applying a 30-year-old federal statute to the rapidly changing digital domain.
"The law was enacted before today's Internet, before cloud storage, and before huge amounts of data were stored around the world. The law is and has been chasing technology," said Craig Newman of Patterson Belknap Webb & Tyler, a New York City law firm.
He said other legal means are available to law enforcement and intelligence agencies to access information stored abroad, but they were not used in this case.
The Justice Department has the option of asking the full Second Circuit to re-hear the case. Or it could go directly to the US Supreme Court, though the justices prefer to let several lower courts weigh in on an issue before taking it up.