IRAC application

- We're going to do our first IRAC exercise now. IRAC, as you recall, is our legal analysis tool to understand how to move from identifying a legal issue to reaching a conclusion and a decision about how to take action. For this first one, we're actually going to use an existing case so that we can learn about the component parts, the issue, rule, application, and conclusion, and also just more easily understand how this particular story and this particular case relates back to our three themes for the course, which are, that law is territorial, that there's a tension between law and technology, and finally, that there is a strained relationship between organizational and human rights in instances of law and technology. So, all of these cases start with a story, and again, this case is about a real case that concerned Microsoft. In this story, Microsoft stores data about its customers both in the United States and overseas. The information is stored in email communications. The U.S. government was issuing a warrant under a law, a U.S. law, called the Stored Communications Act because it was in an investigation about a particular individual and it wanted access to email communications that Microsoft had in its possession, both in the United States and overseas, in this case, overseas in Ireland. So, the U.S. government issued a warrant to try to get the information. Microsoft turned over the information within the territory of the United States, and that means within the territorial reach because they were on servers and data centers in the U.S. But with respect to the information held in Ireland, it refused to turn over the information, at which point the government issued this warrant that actually held them in contempt. So, coming out of this story, the issue is, in this case, whether that law, the Stored Communication Act, allows the U.S. government to obtain customer information stored in email from computer service providers like Microsoft when the information is stored on servers and in data centers that are outside of the physical territory of the United States. Remember, law is territorial, so we're really concerned with where the physical boundaries are for countries and nation states and governments. The rules here, once we identify what the legal question is, we look to see what the rules are. And again, I'm giving you the rules in this IRAC so that you can start to learn how the process works. The rule, the first rule, is that the Stored Communication Act, which is a part of something called the Electronic Communications Privacy Act, does actually protect consumer privacy, consumer private communications, electronic communications. That's what the intention of the ECPA is. However, there's exceptions to everything, and the Stored Communications Act does allow the U.S. government to access electronic communications of individuals pursuant to its surveillance and law enforcement activities. The second rule that's applicable here is a presumption, and there's a presumption in U.S. law against what we call extraterritorial application of law. What does that mean? It means that there is a presumption against any government reaching outside of its physical boundaries and trying to control what happens outside of those physical boundaries. So, when the government, like the U.S. government, wants to try to control something outside the United States, we say that that's an extraterritorial application or reach, and there's a presumption against that. The Supreme Court recently, in this Morrison decision, which is cited for you here, has said that there is a presumption against the extraterritorial application of U.S. law. So, in the application component, what we do is we take the rules and we apply them to the story of the case. And my question for you here would be, how would you apply those two rules on the previous slide to the facts of this particular case where Microsoft is contending that it is not responsible to turn over customer information held overseas? Finally, the conclusion is, actually, we know what the conclusion is in this case because there was a decision, the Second Circuit Court of Appeals, which is an appellate court in the U.S. federal court system, actually held for Microsoft. They found for Microsoft, Microsoft won this case, and the court said that Section 2703 of the Stored Communications Act was not intended to extend beyond the reach of the United States. Yes, it extends in the United States where the territorial jurisdiction is, but it does not extend beyond. There's a presumption against that, and Microsoft was actually within its rights to protect consumer privacy and refuse to provide the information to the U.S. authorities. Now, interestingly, you see here that that relationship between an organizational rights and individual rights is in alignment. Microsoft was, in fact, protecting its customers' privacy, and so, the rights or the concerns of the organization, Microsoft, were in alignment with the customer in this case.