On July 14, 2016, in Microsoft Corp. v. USA, the US Court of Appeals for the Second Circuit held that Section 2703 of the Stored Communications Act (SCA) does not authorize courts to issue and enforce warrants for the seizure of email content stored exclusively on foreign servers ( (2d Cir. Jul. 14, 2016)).

Enacted as part of the Electronic Communications Privacy Act of 1986 (18 U.S.C. §§ 2701 to 2712), the SCA protects the privacy of:

In connection with a criminal investigation, the US government issued an SCA Section 2703 search and seizure warrant to Microsoft, seeking to obtain, among other things, information associated with a particular individual's email address, including the email contents. Microsoft complied with the warrant to the extent it stored the requested information within the US. However, Microsoft determined that the actual email content was stored in its Dublin, Ireland datacenter and moved to quash the extraterritorial application of warrant to that content.

The Magistrate Judge, and subsequently the US District Court of Southern District of New York, denied Microsoft's motion to quash, finding that:

Microsoft appealed the ruling to the Second Circuit, arguing principally that Congress specifically used the term "warrant" in the Act, knowing it is a term of art with established parameters, including limits on extra-territorial application. .

The Second Circuit agreed with Microsoft, specifically recognizing that warrants are moored to Fourth Amendment privacy concepts and traditionally protect personal privacy in a distinctly territorial way. Reviewing the statutory language and history, the court found the SCA did not explicitly or implicitly express any Congressional intent to have the warrant provisions apply outside of the US. Without clear congressional intent supporting extraterritorial application, the court applied the strong and binding presumption against extraterritoriality that the US Supreme Court recently re-stated and emphasized in RJR Nabisco, Inc. v. European Community (136 S. Ct. 2090 (June 20, 2016)).

Noting that Congress' express aim in passing the SCA was to protect the privacy of users' communications in the context of new technologies that required service provider interactions, the court determined that the protected content's location should determine whether or not a warrant request was an unlawful extraterritorial application. As a result, requiring Microsoft to seize their customer's email communications stored in their Dublin, Ireland datacenter and export them to the US constituted an unlawful extraterritorial application of the SCA. The court further found this interpretation served the interests of comity, respecting the Irish government's sovereignty over data stored in its jurisdiction and international treaties governing criminal investigation assistance.

The court, however, took great care to distinguish between warrants and subpoenas in the decision, noting that warrants provide a higher level of protection and the SCA did not use the terms interchangeably.

Because Microsoft complied with the warrant's domestic directives, the Second Circuit reversed and vacated the district court's civil contempt finding and remanded the case with instructions to quash the warrant to the extent it directed Microsoft to collect, import, and produce customer emails stored outside the United States.