As I have previously written, at best Congress and technology have a shaky relationship. This is a result of many factors, including a lack of engineers in Congress, a willingness among lawmakers to cede their constitutionally-mandated role to an ever-increasing administrative state, and most importantly, a profound lack of comprehension of the speed and sophistication of technological innovation.
Earlier this year Congress was considering the International Communications Privacy Act (ICPA), which was a step in the right direction. While not perfect, it did address the policy concerns facing a technology universe in the cloud and artificial intelligence, rather than the floppy disk era of the 1980s, which gave us the Electronic Communications Privacy Act of 1986 (ECPA). More importantly, it demonstrated a sincere desire for Congress to finally stepping up to the plate instead of watching the US courts struggle with myriad vexing legal and policy questions.
Recently, Senator Orrin Hatch (R-UT) has taken a leadership role in moving Congress toward a modern view of technology and data privacy. Senator Hatch, along with Senators Coons (D-DE), Graham (R-SC), and Whitehouse (D-RI), and Representatives Collins (R-GA), Jeffries (D-NY), Issa (R-CA), and DelBene (D-WA) recently introduced the Clarifying Lawful Overseas Use of Data (CLOUD) Act of 2018. This legislation addresses a difficult data privacy issue that emerged from a case involving Microsoft Corporation and its use of Irish data storage facilities.
At question in the case is whether the U.S. government can issue a search warrant to obtain, from internet service providers like Microsoft, a customer’s electronic documents that are stored on that provider’s computer servers physically located outside the United States. In December 2013, Microsoft challenged a U.S. search warrant seeking email stored in its Dublin, Ireland, data center. At the U.S. government’s request, a federal court issued the warrant under the Electronic Communications Privacy Act (ECPA)—a U.S. statute written in 1986 governing the privacy of information stored with technology providers.
This case is currently in-front of the US Supreme Court. The fundamental legal disagreement between the two parties concerns the exact location of the search. For Microsoft to comply, they would have to search for an account in Ireland, collect the relevant emails in Ireland, and then transfer the data back to the US. This might constitute an intrusion into Irish customers’ interests. Microsoft generally tries to store data close to where its customers access it, meaning that data pulled from an Irish server would be likely to have data from Irish users. The United States is trying to use an American company to achieve its own goals. Obviously, this puts Microsoft in an incredibly awkward position and sets a highly problematic precedent for other technology companies. In a recent blog post, Brad Smith of Microsoft correctly stated “the risk of foreign relations clashes is all the more acute because state and local U.S. law enforcement—not just federal officials—can invoke the Stored Communications Act, the law the DOJ is using in this case.” The U.S. is basically trying to sidestep its treaty obligations by compelling Microsoft to do what the government legally can’t do.
Yesterday during oral arguments at the Supreme Court, Justices Ruth Bader Ginsburg, Stephen G. Breyer and Sonia Sotomayor asked why Congress wasn’t better suited to resolving the dispute.
“Wouldn’t it be wiser just to say let’s leave things as they are, and if Congress wants to regulate in this brave new world, it can do it?” Ginsburg said. Several times the justices mentioned pending legislation to address some of these issues, notably the CLOUD Act. I don’t often agree with the liberal-wing of the Court, but they are exactly correct in this instance. Congress should promulgate public policy, not the courts.
As the American innovation economy continues to crash through technological barriers, the last thing we want to do is put them in unreasonable positions that will hamper their growth, slow their ability to create wealth and jobs for its thousands of employees or cause US companies to reconsider the wave of repatriation, which was an incredibly beneficially aspect of the Trump tax plan.
Luckily, the aforementioned group of bipartisan members of congress are introducing the CLOUD Act to address this concern. If this bill moves forward and becomes law, it would essentially negate the need for the US Supreme Court to decide more technology policy, which obviously is not their role. Although it has taken far too long, it is encouraging to witness Congress finally take a proactive role in managing our nation’s culture of innovation, rather than depend on the courts to legislate from the bench.