(Bloomberg) -- Microsoft Corp. won’t be forced to turn over e-mails stored in Ireland to the U.S. government for a drug investigation, an appeals court said in a decision that may affect data security throughout the U.S. technology industry.

The ruling on Thursday overturned a 2014 decision ordering Microsoft to hand over messages of a suspected drug trafficker. The company argued that would create a “global free-for-all” with foreign countries forcing companies to turn over evidence stored in the U.S. The government said a ruling in favor of Microsoft would create legal loophole to be exploited by fraudsters, hackers and drug traffickers.

The law doesn’t “authorize courts to issue and enforce against U.S.-based service providers warrants for the seizure of customer e-mail content that is stored exclusively on foreign servers,” U.S. Circuit Judge Susan Carney wrote for the majority of the New York appeals court. The government is considering its options, Peter Carr, a spokesman for the U.S. Department of Justice, said in a statement.

“Lawfully accessing information stored by American providers outside the United States quickly enough to act on evolving criminal or national security threats that impact public safety is crucial to fulfilling our mission to protect citizens and obtain justice for victims of crime,” Carr said.

Privacy Rights

Microsoft said the ruling is a win for the protection of people’s privacy rights under their own laws, rather than the reach of foreign governments.

“As a global company we’ve long recognized that if people around the world are to trust the technology they use, they need to have confidence that their personal information will be protected by the laws of their own country,” Microsoft said.

The name and home country of the customer involved haven’t been made public.

While this case was somewhat overshadowed in recent months by the battle between Apple Inc. and the U.S. government over access to a terrorist’s iPhone, it has been closely watched by the technology industry with more than two dozen companies, including Apple, Amazon.com Inc. and Cisco Systems Inc., backing Microsoft in court.

Cisco said the ruling is important for companies charged with protecting confidential data held outside the U.S.

“It reinforces appropriate safeguards on the U.S. government, and focuses law enforcement on the appropriate use of accepted international agreements,” the company said.

Pre-Internet Law

The dispute centered on the Electronic Communications Privacy Act of 1986, a law passed before the widespread use of e-mail, instant messages and Internet-based social networks. Its aim was to protect user privacy and the law didn’t envision the application of warrant provisions overseas, the appeals court said.

As more technology companies sell customers the ability to process and store their data using Internet-based cloud services, information is increasingly being housed in massive data centers around the world, a situation that the relevant U.S. law didn’t anticipate when it was written three years before the invention of the World Wide Web.

Faster Action

“It is even more important for Congress and the Executive Branch to come together to modernize the law,” Microsoft said. “We hope that today’s decision will bring an impetus to faster government action.”

The ruling was another setback for the government in disputes over privacy of data. In February, a federal magistrate in Brooklyn, New York, said the government lacked authority to force Apple to help it crack an iPhone that belonged to a drug dealer. The U.S later dropped its appeal of the ruling after it obtained a passcode to the phone.

The Justice Department and Apple also squared off over access to the iPhone used by a shooter who with his wife carried out a December attack in San Bernardino, California. Through independent means, the U.S subsequently gained access to the data in that device as well, ending the legal fight.

Chilling Effect

Microsoft, and it’s partners and rivals, had argued that giving the U.S. government access to data stored overseas could create a chilling effect on the rapidly growing cloud technology sector and push international clients, particularly in government and highly regulated industries, to avoid U.S. cloud providers.

The process of requesting evidence through foreign governments can be time-consuming. American law permits them to get the data directly from U.S.-based companies that choose to store it offshore, prosecutors said.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access