US judge: Microsoft must turn over customer data stored in Ireland

A ruling Thursday says customer data stored abroad is not immune from domestic search warrants, raising concerns among US technology companies and privacy advocates.

In a decision that's drawn ire from technology companies and privacy advocates, a US judge ruled Thursday that Microsoft must turn over a customer's e-mails stored in a data center located in Dublin, Ireland. 

Microsoft had previously challenged a criminal search warrant seeking one of its customer's e-mails on the grounds that federal prosecutors had no jurisdiction when data was stored abroad. However, at a Thursday hearing in New York, US District Judge Loretta Preska upheld an earlier ruling that said Microsoft must comply with the warrant, regardless of the data's location. 

In response to the judge's decision, Microsoft's general counsel Brad Smith issued a statement outlining the company's plans to appeal the ruling:

"The only issue that was certain this morning was that the District Court’s decision would not represent the final step in this process. We will appeal promptly and continue to advocate that people’s email deserves strong privacy protection in the U.S. and around the world."

It is currently unclear as to the nature of the investigation that resulted in the warrant as the case is under seal. But as Reuters reports, this case seems to be the first example of a corporation challenging a US search warrant that sought data held in a foreign location. 

Storing customers' data in cloud storage is becoming an increasingly common way for technology companies to do business with their customers. Yet there's a fear that this ruling could set a dangerous precedent that would grant the US government access to individuals' data stored around the world. 

That fear is compounded by continued distrust of US spying efforts after former National Security Agency contractor Edward Snowden revealed last year the extent of the NSA spying program.

This distrust has hurt US technology companies abroad. Last month, Germany announced that US wireless provider Verizon Communications would no longer be allowed to do business in the country.

More recently, both Microsoft and Apple have faced spats with China. In the wake of American officials confirming that Chinese hackers broke into US government computer networks and accessed personal information on federal employees, Chinese state media accused a feature on the Apple iPhone of posing a threat to its national security because it could supposedly reveal important state secrets. Apple subsequently refuted those allegations and a Chinese state newspaper seemed to retract the original accusation. 

Just this week, four Microsoft offices in China were visited by investigators from the State Administration for Industry and Commerce as part of an apparent antitrust investigation. Though a seemingly unrelated issue, Microsoft, like other US technology companies, has faced numerous hurdles in China since the Snowden leaks broke last year. 

"US companies including Apple, Microsoft, Google, Facebook, etc. are all coordinating with the PRISM program to monitor China," official Chinese media reported in June. 

Thursday's ruling will likely pave the way for future cases in which foreign countries believe their data is unsafe in the hands of American technology companies. 

"This type of ruling is going to open up a Pandora’s box of concerns by European countries," Craig Newman, a lawyer with Richards Kibbe & Orbe who was present at Thursday's ruling but not involved in the case, told The New York Times.