Off-Shore Search Warrants

The Microsoft Ireland Case

The decision of the United States Court of Appeals for the Second Circuit in the case of Microsoft v US – otherwise known as Microsoft Ireland – has brought a breath of fresh air to the law relating to warranted searches for evidence online and whether those warrants can cover material located on servers in other jurisdictions – a concept known as extraterritoriality.

A search warrant was issued by the United States District Court for the Southern District of New York. It directed Microsoft to seize and produce the contents of an e-mail account it maintained for a customer. There was probable cause that the account was being used to further narcotics trafficking.

Microsoft, it must be emphasised, was not charged with any offence. It complied with the warrant as to data that was stored in the United States. However, to comply fully with the warrant it would need to access the customer’s content that was stored and maintained in its servers located in Ireland, and to import that data into the United States to deliver up to the Federal authorities. Microsoft moved to quash the warrant, but this was denied and the lower Court held Microsoft in civil contempt.

It is important to be aware of the legislative context. The warrant was issued under the provisions of the Stored Communications Act (SCA) which was enacted as Title II of the Electronic Communications Privacy Act 1986. The SCA is designed to protect the privacy of the contents of files stored by service providers and records held about subscribers by service providers.

It is also important to note that the SCA was passed in 1986 – thirty years ago when as the Court put it the “technological context was very difference from today’s Internet-saturated reality.” This context had a significant affect upon the way that the Court construed the Statute.

In addition the Federal Rules of Criminal Procedure limited the territorial scope of warrants to United States Territories, possessions or Commonwealth and the diplomatic missions and residencies of the United States in foreign countries.

The argument of the United States Government was based upon the concept of control of data and on that basis extended the reach of the warrant to premises owned, maintained or controlled by Microsoft. The concept of control for the purposes of discovery in civil proceedings may require a party to discover material in another jurisdiction, but could a search warrant have the same effect?

The starting point is the principle that the legislation enacted by Congress is meant to apply within the territorial jurisdiction of the United States unless a contrary intent clearly appears. This presumption is applied to protect against unintended clashes between US laws and those of other nations which could result in international discord. It was conceded that the warrant provisions of the SCA did not permit nor contemplate extraterritorial application. Indeed, the focus of the warrant provisions was upon protecting the privacy interest of users in their stored communications.

Under the focus on privacy if there were to be a warrant issued, the invasion of privacy would take place where the protected content of the customer was accessed which was in the Irish datacenter. That conduct – accessing the data – would take place outside the US, regardless of the fact that Microsoft was a US company. The Court held that the text of the statute, its legislative history, the use of the particular term “warrant” all lead to the conclusion that an SCA warrant could only apply to data held within the boundaries of the US.

It must be remembered that the decision is within the context of a particular statute which had a significant privacy purpose behind it. There are other ways to obatin the information sought such as the application of Mutual Assistance in Criminal Matters Treaties or the provisions of the Convention on Cybercrime 2001 – assuming a State is a signatory and has adopted those treaties into domestic law.

Applicability in New Zealand

Do the provisions of the Search and Surveillance Act 2012 have an extraterritorial reach in the case of computer searches.

Extraterritorial Searches?

There is one school of thought which says that it does, based on the very broad definition of a computer system which could conceivably include the Internet. A properly obtained warrant search warrant or remote access search warrant would allow an investigator to look for and locate data hosted in servers offshore.

In its considerations of search and surveillance procedures the Law Commission suggested that cross border searches could be specifically authorised under a search warrant. In my view that raises some very real difficulties, especially where there are no mutual assistance arrangements in place – although New Zealand has enacted the Mutual Assistance in Criminal Matters Act 1992. The proper course would be to use the provisions of that Act.

The Law Commission acknowledged that while principles of territorial sovereignty should be recognised to the maximum extent possible, observation of such principles may be impossible where the identity of the relevant jurisdiction is unknown.

The suggestion that search warrant authorisation would cure jurisdictional problems arising in a remote cross border search does not, in my view, solve the problem. The Law Commission suggested that if a remote cross border search was sought a warrant application:

(a) would require disclosure of that fact,

(b) that the search was or would likely to be a cross border search,

(c) together with the nature of any mutual assistance arrangements with the relevant country if the identity of that country was known.

Where a warrant was issued without specific authorisation for a cross border search, the enforcement agency would have to return to the issuing officer for further authorisation for a cross border search. Such a situation might become apparent in the course of executing the initial search warrant. This is the preferred option for the Law Commission given the “inconclusive state” of international law.

In the case of Stevenson v R, [2012] NZCA 189.the police applied for a search warrant addressed to Microsoft for records that were kept in the USA. The request was directed to Microsoft in New Zealand who forwarded it to the American parent. The appellant challenged the issue of the warrant. The court held as follows:

‘Fourth, Mr Haskett submits that the warrant issued against Microsoft should be ruled invalid and the evidence obtained from that source excluded. He relies on the same grounds advanced in support of the challenge to the search warrant, which we have rejected. Additionally, however, he submits that the warrant for Microsoft was invalid because it purported to authorise search in the United States of America. The answer to that submission is, as Mr Ebersohn points out, that the Summary Proceedings Act does not require a warrant to be limited to the New Zealand jurisdiction although of course it could not be practically enforced outside of New Zealand.’ [2012] NZCA 189 at [57]

Could this approach – without any developed reasoning – be applied under the Search and Surveillance Act and particularly to remote access searches? The determinative language of the court would suggest it does.

Using the Court’s reasoning in Stevenson a remote access warrant, like a warrant under the Summary Proceedings Act, may not be limited to the New Zealand jurisdiction. No reference to a presumption of territorial application – which was a significant feature in Microsoft Ireland – was mentioned. Indeed the reverse proposition seems to be the position – if the Summary Proceedings Act did not provide that a warrant be limited to New Zealand, it had extraterritorial effect. That flies directly in the fact of established principle which is that the statute must expressly authorise extraterritoral application.

A Forgotten Fundamental Principle of Law

But just because the technology allows it, should extraterritorial searches just happen? Should the issue of a search warrant allow an extraterritorial remote access search, and should the fruits thereof be admissible? A strict ‘crime control’ approach would suggest an affirmative response.

On the other hand a principled approach that recognises the broader issues of the Rule of Law must recognise that there is a customary international law prohibition on conducting investigations in the territory of another state. (see Michael A. Sussman, ‘The Critical Challenges from International High-tech and Computer-related Crime at the Millennium’ Duke Journal of Comparative & International Law Volume 9, Number 2 (Spring 1999), 451 – 489.)

Remote access searches may violate territorial integrity and, whatever the constitutional constraints that exist within the searching country, such searches are prohibited as violations of international law. Notwithstanding the utopian vision of a separate jurisdiction for cyberspace, the reality is that data has a physical location within the territorial jurisdiction of a state.

And this brings us back to the fundamental principle. It was stated by the Second Circuit Court of Appeals. I referred to it a couple of paragraphs ago. If a domestic law is to have extraterritorial effect the statute must clearly say so. It cannot have that effect by some back door interpretation of what amounts to a computer system. This principle of law is hardly “inconclusive”.

Section 144A of the Crimes Act 1961 (NZ) has extraterritorial effect. It deals with sexual conduct with children and young people outside New Zealand. It is clear a clear and unequivocal assertion of extraterritorial application.

It is perhaps astonishing that this elementary principle has been overlooked not only by the Law Commission but also by the Court of Appeal in R v Stevenson.

There are ways of conducting offshore searches both in the digital and real word spaces. The utilisation of Mutual Assistance Treaties under the 1992 Act is one way. Or perhaps it is time to consider adopting the Convention on Cybercrime to adopt a principled approach to the access of data offshore.

Thinking About Mastermind

About thirty-five years ago I had a bit of success in the TV quiz show Mastermind. It was an interesting journey.

The show continued here in New Zealand and then went off the screen towards the end of the 1980’s or early 1990’s. It has now been revived. And it is different, as one would imagine it would be. Times change and so do entertainment styles. And some things remain the same.

When I did Mastermind the format was two minutes on a specialist subject of one’s choice followed by two minutes of general knowledge questions. The winners of the eight preliminary rounds went to the semi-final. We were required to change specialist subject. Otherwise the format remained the same. The winner and runner-up made it through to the final. The current format reverses that process. The winners and eight other top scorers go through to the four semi-final rounds. Only the winners of the semi-final rounds make it to the final. And for the semi-final the specialist subject must change.

The trick with Mastermind was to answer as many questions correctly as possible within the two minutes. This meant maximising the number of questions asked. There were ways to do this. The first involved knowing what you don’t know and passing as quickly as possible – even if it mean interrupting the question. The other way was to get the answer out as quickly as possible if you did know it – and if you could get the correct answer out before the question finished so much the better – even if it is a bit rude to interrupt.

The current series of Mastermind screening on TV1 is far more polite. Contestants have to wait until the questioner has finished. Some of them have interrupted, but the questioner proceeds to finish the question. A bit strange and pedestrian in my opinion and certainly inhibits a fast paced round. And definitely inhibits building up a decent score.

On the subject of questions and pace I must say that the questions seem to be incredibly long and contain too much information. Surely it is better to ask for a simple fact than to preface the question with information that is not directly relevant to the answer. An example (and I have concocted this) would be “What were Gandalf’s last words to the Fellowship on the Bridge at Khazad-Dum” Brief, punchy and to the point. And there is only one answer. But question construction in the TV1 series means that the question would probably be phrased in this way, “As the Fellowship were fleeing from the Balrog in the Mines of Moria on their way to Lothlorien, what were Gandalf’s last words on the Bridge at Khazad-Dum” And the answer is the same. “Fly you fools!” But that answer doesn’t need all the prefatory stuff. And the problem is that this slows down the pace, prevents the accumulation of points and means more time is spent asking individual questions than really testing the contestant’s knowledge.

The format of the current show allows 90 seconds on the specialist subject, 90 seconds on general knowledge and 90 seconds on a New Zealand general knowledge topic. I don’t understand the addition of the New Zealand section unless it is to make the show “relevant” but general knowledge is general knowledge irrespective of location and when I did the show there were New Zealand general knowledge questions included – no need for a special round. Once again, 90 seconds is not really long enough to build up a decent score. If anyone has watched other quiz shows, especially The Chase, it will be obvious that once a contestant gets into rhythm of answering, more questions get answered and the tension – and the points – build up. An extra 30 seconds makes all the difference.

I understand that “commercial necessity” means that there have to be advertisements but I can’t understand why the placement of those announcements must be in the middle of each round. Murder on the contestants and once again slows down the pace of the show.

But it is still a great format. The filming location under the clock tower at Auckland University is different and appropriate. The show is entertaining and good on the contestants for giving it a shot – sitting in an exposed position under a bright light and having questions come out of the dark is quite tense. The show was inspired by the experiences of the originator being interrogated by the Gestapo in World War II. Whilst the tension is, shall we say, different, it is still there. Maybe a return to the original formula might increase the drama and the thrill and the tension, at least for the audience. And good luck to all concerned.