Here’s what I mean. In the good old days, there were two major types of process to get information into the justice system for law enforcement and civil justice purposes. The subpoena required a person to bring themselves or their papers into court. The warrant gave government officials authority to go get people, their papers, and their things.
But times have changed, and today many of our essential papers and effects—bank records, communications, location data, and other personal information—are digital. They’re stored with third parties like banks, ISPs, phone companies, and others. Some of this information is all-new in for form of data, but much of it has just moved since the founding era, from our houses and desk drawers to the data banks of companies. Because the places we keep this information have moved, law enforcement has been increasingly using subpoenas to get access to materials that used to require a warrant. Vanderbilt law professor Christopher Slobogin describes the problem well in his article, Subpoenas and Privacy.
That’s a tear in the web of the law if law enforcement can get our data under the very low standards for issuing subpoenas, rather than the higher probable cause standard required for warrants.
This week, in United States v. Microsoft, we filed a brief inviting the Supreme Court to shore up the distinctions between subpoenas and warrants. We asked the court to recognize that law enforcement demands of third-party service providers for data owned by their customers should not come via subpoenas. They should require a warrant.
As we pointed out, most digital services are provided under terms of service and privacy policies that give the bulk of the property rights in data to the customer. The Internet service provider typically possesses the data, and is allowed limited use and sharing of it, but the rest of the ownership stays with the customer. The customer has the very important “right to exclude others,” which the Supreme Court has called “one of the most essential sticks in the bundle of rights that are commonly characterized as property.”
The modern era doesn’t require innovations in the law. Rather, the Supreme Court should get back to basics. The court should recognize that communications and data are property, and that they are often allocated to consumers in contracts. That would cut off the “innovative” use of subpoenas to collect data that should require a warrant supported by probable cause.
Microsoft has been fighting this case for years, and it reports that there has been severe damage to its international business since it was revealed that the U.S. federal government has been very aggressive about using our digital service providers as a conduit for investigative information.
The details of the case are almost beside the point for us: The U.S. government got a warrant in this case, as required by the Stored Communications Act, but it tried to use that warrant to force Microsoft to retrieve data from Ireland. That would be an extraterritorial application of the statute, which is something that Congress did not authorize. Our brief was intended to put that narrow statutory question in its proper context in terms of subpoenas, warrants, and digital property rights.