The Internet of 2018 is not the Internet of 2000, or even of 2010. The “cloud” and computing capabilities of our modern day are an astronomical leap over the impressive but now seemingly quaint websites, services, and hardware of the turn of the millennium, let alone before.
With the increasingly global and ubiquitous reach of Internet services, the very infrastructure of a lot of the Internet and other software and hardware technologies has transformed dramatically.
With that evolution, previously seemingly straightforward questions regarding regulatory enforcement and oversight have become far more murky as well. With the pace of technological development happening well beyond the non-tech backgrounds of a lot of policymakers in D.C., we increasingly see these problems come up more and more frequently.
Microsoft is currently embroiled in a data privacy dispute before the Supreme Court that precisely embodies this increasingly untenable dilemma.
The Supreme Court is currently reviewing a potentially transformative case whereby it will determine whether or not the U.S. government can use a search warrant under the Electronic Communications Privacy Act to examine Microsoft’s customer electronic data that is stored in an offshore computer server, this one specifically in Dublin, Ireland.
The particular issue in the case is whether federal jurisdiction and laws apply to entities and property that are held overseas, or outside of the U.S.’s territory.
Current well-established U.S. law prevents physical searches of property outside the U.S.’s jurisdiction, as the Supreme Court has stated in cases such as United States v. Jones (2012) and Riley v. California (2014). Such territory-jurisdiction disputes are normally resolved by bilateral “Mutual Legal Assistance Treaties” between countries. However, the reason the issue remains unresolved in this case is because of the nature of electronic and digital information, which raises complex questions of location.
The Microsoft case demonstrates precisely how with many technology companies now spread out across the entire world, traditional concepts of property and control are increasingly becoming convoluted and raising legal and policy questions previously unfathomed.
Earlier this week Supreme Court Justices Ginsburg, Breyer, and Sotomayor inquired as to why Congress is not the better place to address such a seemingly political and policy question.
Indeed, Congress has. Last month the bipartisan CLOUD Act was introduced in Congress as a remarkable innovative policy solution in a D.C. that too often is confused by the increasingly complex legal and policy issues technology presents.
The CLOUD Act stands for the “Clarifying Lawful Overseas Use of Data” Act and is being led by Senator Orrin Hatch (R-UT) and Congressman Doug Collins (R-GA). The bill, which has earned the support of both the Department of Justice and the Trump Administration, would essentially set a new playing field of clear rules and standards for how cross-border data issues will be resolved.
Specifically, the bill would allow companies to formally notify the U.S. government about orders that would force them to violate foreign privacy and human rights laws. The bill then provides means for the U.S. government to negotiate with foreign governments to create bilateral agreements that would soothe out these differences, and thereby not force many technology companies into otherwise impossible situations.
The CLOUD Act strikes a particularly meaningful balance between U.S. sovereign interests and ensuring that technology services and innovation are not disrupted for the general public.
On one hand, the act does not nullify the U.S. government’s right to acquire foreign-stored data that it is able to get under the U.S. Constitution and applicable domestic law.
Rather, it provides a formal process for situations where the technology company would have to choose to violate one country’s laws or the other, and thereby facilitate solutions that not only make it easier for technology companies to justly be able to rely upon, but also to strengthen relations with other nations to resolve otherwise potentially destructive privacy right disputes.
By allowing technology companies to better understand the rules and laws applicable, technology companies will be able to better plan, invest, and innovate, rather than deal with needless uncertainty created by what is more a policy and legal “accident” rather than conscious affirmative policy.
As Microsoft President Brad Smith recently stated, comprehensive action by Congress would end the currently unpredictable playing field that is not only resulting in technology companies facing uncertainty and disruption, but also the U.S. government, law enforcement, and other actors relying on clear rules and standards to operate in.
However Microsoft’s case is resolved, it is clear that Congress needs to act and resolve what has been a growing point of uncertainty for many companies and agencies across the board.
The increasingly global nature of technology development and services are exciting, and have made major headway in promoting greater product innovation and delivery at lower costs. However in order to spur continued development, the current legal and policy uncertainty needs to be resolved by clear and definitive policy action.