UNITED STATES DISTRICT COURTSOUTHERN DISTRICT OF NEW YORK- - - - - - - - - - - - - - - - - -:IN THE MATTER OF A WARRANT TO:SEARCH A CERTAIN E-MAIL ACCOUNT:CONTROLLED AND MAINTAINED BY:MICROSOFT CORPORATION::- - - - - - - - - - - - - - - - - -:JAMES C. FRANCIS IVUNITED STATES MAGISTRATE JUDGE13 Mag. 2814MEMORANDUMAND ORDER“The rise of an electronic medium that disregards geographicalboundaries throws the law into disarray by creating entirely newphenomena that need to become the subject of clear legal rules butthatcannotbegoverned,satisfactorily,byanycurrentterritorially based sovereign.” David R. Johnson & David Post, Lawand Borders -- The Rise of Law in Cyberspace, 48 Stan. L. Rev.1367, 1375 (1996).In this case I must consider the circumstancesunder which law enforcement agents in the United States may obtaindigitalinformationfromabroad.MicrosoftCorporation(“Microsoft”) moves to quash a search warrant to the extent that itdirects Microsoft to produce the contents of one of its customer’se-mails where that information is stored on a server located inDublin, Ireland.Microsoft contends that courts in the UnitedStates are not authorized to issue warrants for extraterritorialsearch and seizure, and that this is such a warrant.reasons that follow, Microsoft’s motion is denied.1For theBackgroundMicrosoft has long owned and operated a web-based e-mailservice that has existed at various times under different internetdomain names, including Hotmail.com, MSN.com, and Outlook.com.(Declaration of A.B. dated Dec. 17, 2013 (“A.B. Decl.”), ¶ 3).1Users of a Microsoft e-mail account can, with a user name and apassword, send and receive email messages as well as store messagesin personalized folders.(A.B. Decl., ¶ 3).E-mail message datainclude both content information (the message and subject line) andnon-content information (such as the sender address, the recipientaddress, and the date and time of transmission).(A.B. Decl., ¶4).Microsoft stores e-mail messages sent and received by itsusers in its datacenters.Those datacenters exist at variouslocations both in the United States and abroad, and where aparticular user’s information is stored depends in part on aphenomenon known as “network latency”; because the quality ofservice decreases the farther a user is from the datacenter wherehis account is hosted, efforts are made to assign each account tothe closest datacenter.(A.B. Decl., ¶ 6).1Accordingly, based onPursuant to an application by Microsoft, certain informationthat is commercially sensitive, including the identity of personswho submitted declarations, has been redacted from public filings.2the “country code” that the customer enters at registration,Microsoft may migrate the account to the datacenter in Dublin.(A.B. Decl., ¶ 7).When this is done, all content and most non-content information associated with the account is deleted fromservers in the United States.(A.B. Decl., ¶ 7).The non-content information that remains in the United Stateswhen an account is migrated abroad falls into three categories.First, certain non-content information is retained in a datawarehouse in the United States for testing and quality controlpurposes.(A.B. Decl., ¶ 10).Second, Microsoft retains “addressbook” information relating to certain web-based e-mail accounts inan “address book clearing house.”(A.B. Decl., ¶ 10).Finally,certain basic non-content information about all accounts, such asthe user’s name and country, is maintained in a database in theUnited States.(A.B. Decl., ¶ 10).On December 4, 2013, in response to an application by theUnited States, I issued the search warrant that is the subject ofthe instant motion. That warrant authorizes the search and seizureof information associated with a specified web-based e-mail accountthat is “stored at premises owned, maintained, controlled, oroperated by Microsoft Corporation, a company headquartered at OneMicrosoftWay,Redmond,WA.”(SearchandSeizureWarrant(“Warrant”), attached as Exh. 1 to Declaration of C.D. dated Dec.317, 2013 (“C.D. Decl.”), Attachment A).The information to bedisclosed by Microsoft pursuant to the warrant consists of:a.The contents of all e-mails stored in the account,including copies of e-mails sent from the account;b.All records or other information regarding theidentification of the account, to include full name,physicaladdress,telephonenumbersandotheridentifiers, records of session times and durations, thedate on which the account was created, the length ofservice, the types of service utilized, the IP addressused to register the account, log-in IP addressesassociated with session times and dates, account status,alternativee-mailaddressesprovidedduringregistration, methods of connecting, log files, and meansand sources of payment (including any credit or bankaccount number);c.All records or other information stored by anindividual using the account, including address books,contact and buddy lists, pictures, and files;d.All records pertaining to communications between MSN. . . and any person regarding the account, includingcontacts with support services and records of actionstaken.(Warrant, Attachment C, ¶ I(a)-(d)).ItistheresponsibilityofMicrosoft’sGlobalCriminalCompliance (“GCC”) team to respond to a search warrant seekingstored electronic information.(C.D. Decl., ¶ 3).Working fromoffices in California and Washington, the GCC team uses a databaseprogram or “tool” to collect the data.(C.D. Decl., ¶¶ 3, 4).Initially, a GCC team member uses the tool to determine where thedata for the target account is stored and then collects the4information remotely from the server where the data is located,whether in the United States or elsewhere.(C.D. Decl., ¶¶ 5, 6).In this case, Microsoft complied with the search warrant tothe extent of producing the non-content information stored onservers in the United States.However, after it determined thatthe target account was hosted in Dublin and the content informationstored there, it filed the instant motion seeking to quash thewarrant to the extent that it directs the production of informationstored abroad.Statutory FrameworkThe obligation of an Internet Service Provider (“ISP”) likeMicrosoft to disclose to the Government customer information orrecords is governed by the Stored Communications Act (the “SCA”),passed as part of the Electronic Communications Privacy Act of 1986(the “ECPA”) and codified at 18 U.S.C. §§ 2701-2712.That statuteauthorizes the Government to seek information by way of subpoena,court order, or warrant.The instrument law enforcement agentsutilize dictates both the showing that must be made to obtain itand the type of records that must be disclosed in response.First, the Government may proceed upon an “administrativesubpoena authorized by a Federal or State statute or a Federal orState grand jury or trial subpoena.” 18 U.S.C. § 2703(b)(1)(B)(i).In response, the service provider must produce (1) basic customer5information,suchasthecustomer’sname,address,InternetProtocol connection records, and means of payment for the account,18 U.S.C. § 2703(c)(2);unopened e-mails that are more than 180days old, 18 U.S.C. § 2703(a); and any opened e-mails, regardlessof age, 18 U.S.C. §§ 2703(b)(1)(B)(i).2The usual standards for2The distinction between opened and unopened e-mail does notappear in the statute. Rather, it is the result of interpretationof the term “electronic storage,” which affects whether the contentof an electronic communication is subject to rules for a providerof electronic communications service (“ECS”), 18 U.S.C. § 2703(a),or those for a provider of remote computing service (“RCS”), 18U.S.C. § 2703(b). The SCA regulates the circumstances under which“[a] governmental entity may require the disclosure by a providerof electronic communication service of the contents of a wire orelectronic communication [] that is in electronic storage in anelectronic communications system . . . .” 18 U.S.C. § 2703(a).“Electronic storage” is in turn defined as “(A) any temporaryintermediate storage of a wire or electronic communicationincidental to the electronic transmission thereof; and (B) anystorage of such communication by an electronic communicationservice for the purposes of backup protection of suchcommunication.” 18 U.S.C. § 2510(17). While most courts have heldthat an e-mail is no longer in electronic storage once it has beenopened by the recipient, see, e.g., Crispin v. Christian Audigier,Inc., 717 F. Supp. 2d 965, 987 (C.D. Cal. 2010); United States v.Weaver, 636 F. Supp. 2d 769, 771-73 (C.D. Ill. 2009); see also OwenS. Kerr, A User’s Guide to the Stored Communications Act, and aLegislator’s Guide to Amending It, 72 Geo. Wash. L. Rev. 1208, 1216(2004) (hereinafter A User’s Guide) (“The traditional understandinghas been that a copy of an opened e-mail sitting on a server isprotected by the RCS rules, not the ECS rules”), the Ninth Circuithas instead focused on whether “the underlying message has expiredin the normal course,” Theofel v. Farley-Jones, 359 F.3d 1066,1076 (9th Cir. 2004); see also id. at 1077 (“[W]e think that prioraccess is irrelevant to whether the messages at issue were inelectronic storage.”). Resolution of this debate is unnecessaryfor purposes of the issue before me.Likewise, it is not necessary to determine whether Microsoft6issuance of compulsory process apply, and the SCA does not imposeanyadditionalsuspicion.requirementsofprobablecauseorreasonableHowever, the Government may obtain by subpoena thecontent of e-mail only if prior notice is given to the customer.18 U.S.C. § 2703(b)(1)(B)(i).If the Government secures a court order pursuant to 18 U.S.C.§ 2703(d), it is entitled to all of the information subject toproductionunderasubpoenaandalso“record[s]orotherinformation pertaining to a subscriber [] or customer,” such aswas providing ECS or RCS in relation to the communications inquestion. The statute defines ECS as “any service which providesusers thereof the ability to send or receive wire or electroniccommunications,” 18 U.S.C. § 2510(15), while RCS provides “to thepublic [] computer storage or processing services by means of anelectronic communications system, 18 U.S.C.§ 2711(2).Sinceservice providers now generally perform both functions, thedistinction, which originated in the context of earlier technology,is difficult to apply. See Crispin, 717 F. Supp. 2d at 986 n.42;In re Application of the United States of America for a SearchWarrant for Contents of Electronic Mail and for an Order Directinga Provider of Electronic Communication Services to not Disclose theExistence of the Search Warrant, 665 F. Supp. 2d 1210, 1214 (D. Or.2009) (hereinafter In re United States) (“Today, most ISPs provideboth ECS and RCS; thus, the distinction serves to define theservice that is being provided at a particular time (or as to aparticular piece of electronic communication at a particular time),rather than to define the service provider itself.”); Kerr, AUser’s Guide at 1215 (“The distinction of providers of ECS and RCSis made somewhat confusing by the fact that most network serviceproviders are multifunctional. They can act as providers of ECS insome contexts, providers of RCS in some contexts, and as neither insome contexts as well.”).7historicallogsshowingthecustomer had communicated.e-mailaddresseswith18 U.S.C. § 2703(c)(1).whichtheIn order toobtain such an order, the Government must provide the court with“specific and articulable facts showing that there are reasonablegrounds to believe that the content of a wire or electroniccommunication, or the records or other information sought, arerelevant and material to an ongoing criminal investigation.”18U.S.C. 2703(d).Finally, if the Government obtains a warrant under section2703(a) (an “SCA Warrant”), it can compel a service provider todisclose everything that would be produced in response to a section2703(d) order or a subpoena as well as unopened e-mails stored bythe provider for less than 180 days.In order to obtain an SCAWarrant, the Government must “us[e] the procedures described in theFederal Rules of Criminal Procedure” and demonstrate probablecause.18 U.S.C. § 2703(a); see Fed. R. Crim. P. 41(d)(1)(requiring probable cause for warrants).DiscussionMicrosoft’s argument is simple, perhaps deceptively so.Itnotes that, consistent with the SCA and Rule 41 of the FederalRules of Criminal Procedure, the Government sought information hereby means of a warrant.Federal courts are without authority toissue warrants for the search and seizure of property outside the8territorial limits of the United States.Therefore, Microsoftconcludes, to the extent that the warrant here requires acquisitionof information from Dublin, it is unauthorized and must be quashed.That analysis, while not inconsistent with the statutorylanguage, is undermined by the structure of the SCA, by itslegislative history, and by the practical consequences that wouldflow from adopting it.A. Statutory LanguageIn construing federal law, the “starting point in discerningcongressional intent is the existing statutory language.” Lamie v.United States Trustee, 540 U.S. 526, 534 (2004) (citing HughesAircraft Co. v. Jacobson, 525 U.S. 432, 438 (1999). “And where thestatutory language provides a clear answer, [the analysis] endsthere as well.”Hughes Aircraft Co., 525 U.S. at 438.However, acourt must search beneath the surface of text that is ambiguous,that is, language that is “capable of being understood in two ormore possible senses or ways.”Chickasaw Nation v. United States,534 U.S. 84, 90 (1985) (internal quotation marks omitted).Here, the relevant section of the SCA provides in pertinentpart:A governmental entity may require the disclosure by aprovider of electronic communication service of thecontents of a wire or electronic communication, that isin electronic storage in an electronic communicationssystem for one hundred and eighty days or less, only9pursuant to a warrant issued using the proceduresdescribed in the Federal Rules of Criminal Procedure. . . by a court of competent jurisdiction.18 U.S.C. § 2703(a).This language is ambiguous in at least onecritical respect. The words “using the procedures described in theFederal Rules of Criminal Procedure” could be construed to mean, asMicrosoft argues, that all aspects of Rule 41 are incorporated byreferenceinsection2703(a),includinglimitationsonterritorial reach of a warrant issued under that rule.theBut,equally plausibly, the statutory language could be read to meanthat while procedural aspects of the application process are to bedrawnfromRule41(forexample,thepresentationoftheapplication based on sworn testimony to a magistrate judge), moresubstantive rules are derived from other sources. See In re UnitedStates,665F.Supp.2dat1219(findingambiguityinthat“‘[i]ssued’ may be read to limit the procedures that are applicableunder § 2703(a), or it might merely have been used as a shorthandfor the process of obtaining, issuing, executing, and returning awarrant, as described in Rule 41”); In re Search of Yahoo, Inc.,No. 07-3194, 2007 WL 1539971, at *5 (D. Ariz. May 21, 2007)(finding that “the phrase ‘using the procedures described in’ theFederal Rules remains ambiguous”).In light of this ambiguity, itis appropriate to look for guidance in the “statutory structure,relevantlegislativehistory,[and]10congressionalpurposes.”Florida Light & Power Co. v. Lorion, 470 U.S. 729, 737 (1985); seeBoard of Education v. Harris, 444 U.S. 130, 140 (1979); Hall v.EarthLink Network, Inc., 396 F.3d 500, 504 (2d Cir. 2005).B. Structure of the SCAThe SCA was enacted at least in part in response to arecognition that the Fourth Amendment protections that apply in thephysical world, and especially to one’s home, might not apply toinformation communicated through the internet.Absent special circumstances, the government must firstobtain a search warrant based on probable cause beforesearching a home for evidence of crime. When we use acomputer network such as the Internet, however, a userdoes not have a physical “home,” nor really any privatespace at all. Instead, a user typically has a networkaccount consisting of a block of computer storage that isowned by a network service provider, such as AmericaOnline or Comcast. Although a user may think of thatstorage space as a “virtual home,” in fact that “home” isreally just a block of ones and zeroes stored somewhereon somebody else’s computer. This means that when we usethe Internet, we communicate with and through that remotecomputer to contact other computers. Our most privateinformation ends up being sent to private third partiesand held far away on remote network servers.This feature of the Internet’s network architecturehas profound consequences for how the Fourth Amendmentprotects Internet communications -- or perhaps moreaccurately, how the Fourth Amendment may not protect suchcommunications much at all.See Kerr, A User’s Guide at 1209-10 (footnotes omitted).Accordingly, the SCA created “a set of Fourth Amendment-likeprivacy protections by statute, regulating the relationship between11government investigators and service providers in possession ofusers’ private information.” Id. at 1212.Because there were noconstitutional limits on an ISP’s disclosure of its customer’sdata, and because the Government could likely obtain such data witha subpoena that did not require a showing of probable cause,Congress placed limitations on the service providers’ ability todisclose information and, at the same time, defined the means thatthe Government could use to obtain it.See id. at 1209-13.In particular, the SCA authorizes the Government to procure awarrant requiring a provider of electronic communication service todisclose e-mail content in the provider’s electronic storage.Although section 2703(a) uses the term “warrant” and refers to theuseofwarrantprocedures,theresultingorderisnotaconventional warrant; rather, the order is a hybrid: part searchwarrant and part subpoena.It is obtained like a search warrantwhen an application is made to a neutral magistrate who issues theorder only upon a showing of probable cause.On the other hand, itis executed like a subpoena in that it is served on the ISP inpossession of the information and does not involve governmentagents entering the premises of the ISP to search its servers andseize the e-mail account in question.This unique structure supports the Government’s view that theSCA does not implicate principles of extraterritoriality.12It haslong been the law that a subpoena requires the recipient to produceinformation in its possession, custody, or control regardless ofthe location of that information.See Marc Rich & Co., A.G. v.United States, 707 F.2d 663, 667 (2d Cir. 1983) (“Neither may thewitness resist the production of documents on the ground that thedocuments are located abroad. The test for production of documentsis control, not location.”(citations omitted)); Tiffany (NJ) LLCv. Qi Andrew, 276 F.R.D. 143, 147-48 (S.D.N.Y. 2011) (“If the partysuboenaed has the practical ability to obtain the documents, theactual physical location of the documents -- even if overseas -- isimmaterial.”); In re NTL, Inc. Securities Litigation, 244 F.R.D.179, 195 (S.D.N.Y. 2007); United Sates v. Chase Manhattan Bank,N.A., 584 F. Supp. 1080, 1085 (S.D.N.Y. 1984).To be sure, the“warrant” requirement of section 2703(a) cabins the power of thegovernment by requiring a showing of probable cause not requiredfor a subpoena, but it does not alter the basic principle that anentitylawfullyobligatedtoproduceinformationmustdosoregardless of the location of that information.This approach is also consistent with the view that, in thecontext of digital information, “a search occurs when informationfrom or about the data is exposed to possible human observation,such as when it appears on a screen, rather than when it is copiedby the hard drive or processed by the computer.”13Orin S. Kerr,Searches and Seizures in a Digital World, 119 Harv. L. Rev. 531,551 (2005).In this case, no such exposure takes place until theinformation is reviewed in the United States, and consequently noextraterritorial search has occurred.This analysis is not undermined by the Eighth Circuit’sdecision in United States v. Bach, 310 F.3d 1063 (8th Cir. 2002).There, in a footnote the court noted that “[w]e analyze this caseunder the search warrant standard, not under the subpoena standard.While warrants for electronic data are often served like subpoenas(via fax), Congress called them warrants and we find that Congressintended them to be treated as warrants.”Id. at 1066 n.1.Giventhe context in which it was issued, this sweeping statement is oflittle assistance to Microsoft.The issue in Bach was whether thefact that a warrant for electronic information was executed byemployees of the ISP outside the supervision of law enforcementpersonnel rendered the search unreasonable in violation of theFourth Amendment.Id. at 1065.The court utilized the stricterwarrant standard for evaluating the reasonableness of the executionof a search, as opposed to the standard for executing a subpoena;this says nothing about the territorial reach of an SCA Warrant.C. Legislative HistoryAlthough scant, the legislative history also provides supportfor the Government’s position. When the SCA was enacted as part of14the ECPA, the Senate report, although it did not address thespecific issue of extraterritoriality, reflected an understandingthat information was being maintained remotely by third-partyentities:The Committee also recognizes that computers are usedextensively today for the processing and storage ofinformation.Withtheadventofcomputerizedrecordkeeping systems, Americans have lost the ability tolock away a great deal of personal and businessinformation.For example, physicians and hospitalsmaintain medical files in offsite data banks, businessesof all sizes transmit their records to remote computersto obtain sophisticated data processing services. . . .[B]ecause it is subject to control by a third partycomputer operator, the information may be subject to noconstitutional privacy protection.S. Rep. No. 99-541, at 3 (1986).While the House report did address the territorial reach ofthe law, it did so ambiguously.Because the ECPA amended the lawwith respect to wiretaps, the report notes:By the inclusion of the element “affecting (affects)interstate or foreign commerce” in these provisions theCommittee does not intend that the Act regulateactivities conducted outside the territorial UnitedStates.Thus, insofar as the Act regulates the“interception” of communications, for example it . . .regulates only those “interceptions” conducted within theterritorial United States. Similarly, the controls inSection 201 of the Act [which became the SCA] regardingaccess to stored wire and electronic communications areintended to apply only to access within the territorialUnited States.H.R. Rep. 99-647, at 32-33 (1986) (citations omitted).While thislanguage would seem to suggest that information stored abroad would15be beyond the purview of the SCA, it remains ambiguous for tworeasons.First, in support of its observation that the ECPA doesnot regulate activities outside the United States, the Committeecited Stowe v. DeVoy, 588 F.2d 336 (2d Cir. 1978).In that case,the Second Circuit held that telephone calls intercepted in Canadaby Canadian authorities were admissible in a criminal proceedingeven if the interception would have violated Title III of theOmnibus Crime Control Act of 1968 if it had occurred in the UntiedStates or been performed by United States officials.41.Id. at 340-This suggests that Congress was addressing not the reach ofgovernment authority, but rather the scope of the individual rightscreated by the ECPA.Second, in referring to “access” to storedelectronic communications, the Committee did not make clear whetherit meant access to the location where the electronic data wasstored or access to the location of the ISP in possession of thedata.Additional evidence of congressional intent with respect tothis latter issue can be gleaned from the legislative history ofthe Uniting and Strengthening America by Providing AppropriateTools Required to Intercept and Obstruct Terrorism Act of 2001 (the“Patriot Act”).Section 108 of the Patriot Act provided fornationwide service of search warrants for electronic evidence. TheHouse Committee described the rationale for this as follows:16Title 18 U.S.C. § 2703(a) requires a search warrant tocompel service providers to disclose unopened e-mails.This section does not affect the requirement for a searchwarrant, but rather attempts to address the investigativedelays caused by the cross-jurisdictional nature of theInternet. Currently, Federal Rules of Criminal Procedure41 requires that the “warrant” be obtained “within thedistrict”wherethepropertyislocated.Aninvestigator, for example, located in Boston who isinvestigating a suspected terrorist in that city, mighthave to seek a suspect’s electronic e-mail from anInternet service provider (ISP) account located inCalifornia.The investigator would then need tocoordinate with agents, prosecutors and judges in thedistrict in California where the ISP is located to obtainthe warrant to search.These time delays could bedevastating to an investigation, especially whereadditional criminal or terrorist acts are planned.Section 108 amends § 2703 to authorize the court withjurisdiction over the investigation to issue the warrantdirectly, without requiring the intervention of itscounterpart in the district where the ISP is located.H.R. Rep. 107-236(I), at 58 (2001).This language is significant,because it equates “where the property is located” with thelocation of the ISP, not the location of any server.See In reSearch of Yahoo, Inc., 2007 WL 1539971, at *4 (“Commentators havesuggested that one reason for the amendments effected by Section220 of the Patriot Act was to alleviate the burden placed onfederal district courts in the Eastern District of Virginia and theNorthernDistrictofCaliforniawheremajorinternetserviceproviders [] AOL and Yahoo, respectively, are located.”) (citing,inter alia, Patricia L. Bellia, Surveillance Law Through Cyberlaw’sLens, 72 Geo. Wash. L. Rev. 1375, 1454 (2004)).17Congress thus appears to have anticipated that an ISP locatedin the United States would be obligated to respond to a warrantissued pursuant to section 2703(a) by producing information withinits control, regardless of where that information was stored.3D. Practical ConsiderationsIf the territorial restrictions on conventional warrantsapplied to warrants issued under section 2703(a), the burden on theGovernment would be substantial, and law enforcement efforts wouldbe seriously impeded.If this were merely a policy argument, itwould be appropriately addressed to Congress. But it also providescontext for understanding congressional intent at the outset, foritisdifficulttobelievethat,inlightofthepracticalconsequences that would follow, Congress intended to limit thereach of SCA Warrants to data stored in the United States.First, a service provider is under no obligation to verify theinformation provided by a customer at the time an e-mail account isopened.Thus, a party intending to engage in criminal activitycould evade an SCA Warrant by the simple expedient of giving false3Suppose, on the contrary, that Microsoft were correct thatthe territorial limitations on a conventional warrant apply to anSCA warrant. Prior to the amendment effected by the Patriot Act,a service provider could have objected to a warrant issued by ajudge in the district where the provider was headquartered on thebasis that the information sought was stored on a server in adifferent district, and the court would have upheld the objectionand quashed the subpoena. Yet, I have located no such decision.18residence information, thereby causing the ISP to assign hisaccount to a server outside the United States.Second, if an SCA Warrant were treated like a conventionalsearch warrant, it could only be executed abroad pursuant to aMutual Legal Assistance Treaty (“MLAT”).As one commentator hasobserved, “This process generally remains slow and laborious, as itrequires the cooperation of two governments and one of thosegovernments may not prioritize the case as highly as the other.”Orin S. Kerr, The Next Generation Communications Privacy Act, 162U. Penn. L. Rev. 373, 409 (2014).Moreover, nations that enterinto MLATs nevertheless generally retain the discretion to declinea request for assistance. For example, the MLAT between the UnitedStates and Canada provides that “[t]he Requested State may denyassistance to the extent that . . . execution of the request iscontrary to its public interest as determined by its CentralAuthority.” Treaty on Mutual Legal Assistance in Criminal Matters,U.S.-Can., March 18, 1985, 24 I.L.M. 1092 (“U.S.-Can. MLAT”), Art.V(1).Similarly, the MLAT between the United States and theUnited Kingdom allows the Requested State to deny assistance if itdeems that the request would be “contrary to important publicpolicy” or involves “an offense of a political character.”Treatyon Mutual Legal Assistance in Criminal Matters, U.S.-U.K., Jan. 6,1994, S. Treaty Doc. No. 104–2 (“U.S.–U.K. MLAT”), Art. 3(1)(a) &19(c)(i). Indeed, an exchange of diplomatic notes construes the term“important public policy” to include “a Requested Party’s policy ofopposingtheexerciseofjurisdictionwhichisinitsviewextraterritorial and objectionable.” Letters dated January 6, 1994between Warren M. Christopher, Secretary of State of the UnitedStates, and Robin W. Renwick, Ambassador of the United Kingdom ofGreat Britain and Northern Ireland (attached to U.S.-U.K. MLAT).Finally, in the case of a search and seizure, the MLAT in both ofthese examples provides that any search must be executed inaccordance with the laws of the Requested Party.Art. XVI(1); U.S.-U.K. MLAT, Art. 14(1), (2).U.S.-Can. MLAT,This raises thepossibility that foreign law enforcement authorities would berequiredtooverseeoreventoconducttheacquisitionofinformation from a server abroad.Finally, as burdensome and uncertain as the MLAT process is,it is entirely unavailable where no treaty is in place.Althoughthere are more than 60 MLATs currently in force, Amy E. Pope,Lawlessness Breeds Lawlessness: A Case for Applying the FourthAmendment to Extraterritorial Searches, 65 Fla. L. Rev. 1917, 1931(2013), not all countries have entered into such agreements withthe United States.Moreover, Google has reportedly explored thepossibility of establishing true “offshore” servers: server farmslocated at sea beyond the territorial jurisdiction of any nation.20Steven R. Swanson, Google Sets Sail: Ocean-Based Server Farms andInternational Law, 43 U. Conn. L. Rev. 709, 716-18 (2011).Thus,under Microsoft’s understanding, certain information within thecontrolofanAmericanserviceproviderwouldbecompletelyunavailable to American law enforcement under the SCA.4The practical implications thus make it unlikely that Congressintended to treat a Section 2703(a) order as a warrant for thesearch of premises located where the data is stored.E. Principles of ExtraterriorialityThe presumption against territorial applicationprovides that “[w]hen a statute gives no clear indicationof an extraterritorial application, it has none, Morrisonv. National Australia Bank Ltd., 561 U.S. 247, __, 130 S.Ct. 2869, 2878 (2010), and reflect the “presumption thatUnited States law governs domestically but does not rulethe world,” Microsoft Corp. v. AT & T Corp., 550 U.S.437, 454 (2007).Kiobel v. Royal Dutch Petroleum Co., __ U.S. __, __, 133 S. Ct.1659, 1664 (2013).But the concerns that animate the presumptionagainst extraterritoriality are simply not present here: an SCAWarrant does not criminalize conduct taking place in a foreigncountry; it does not involve the deployment of American lawenforcement personnel abroad; it does not require even the physical4Non-content information, opened e-mails, and unopened emails stored more than 180 days could be obtained, but only bymeans of a subpoena with notice to the target; unopened e-mailsstored less than 180 days could not be obtained at all.21presence of service provider employees at the location where dataare stored.At least in this instance, it places obligations onlyon the service provider to act within the United States.Manyyears ago, in the context of sanctioning a witness who refused toreturn from abroad to testify in a criminal proceeding, the SupremeCourt observed:With respect to such an exercise of authority, there isno question of international law, but solely of thepurport of the municipal law which establishes the dutyof the citizen in relation to his own government. Whilethe legislation of the Congress, unless the contraryintent appears, is construed to apply only within theterritorial jurisdiction of the United States, thequestion of its application, so far as citizens of theUnited States are concerned, is one of construction, notof legislative power.Blackmer v. United States, 284 U.S. 421, 437 (1932) (footnotesomitted).Thus, the nationality principle, one of the well-recognized grounds for extension of American criminal law outsidethe nation’s borders, see Marc Rich, 707 F.2d at 666 (citingIntroductory Comment to Research on International Law, Part II,Draft Convention on Jurisdiction With Respect to Crime, 29 Am. J.Int’l Law 435, 445 (Supp. 1935)), supports the legal requirementthat an entity subject to jurisdiction in the United States, likeMicrosoft, may be required to obtain evidence from abroad inconnection with a criminal investigation.The cases that Microsoft cites for the proposition that there22is no authority to issue extraterritorial warrants are inapposite,since these decisions refer to conventional warrants. For example,in United States v. Odeh, 552 F.3d 157 (2d Cir. 2008), the SecondCircuit noted that “seven justices of the Supreme Court [in UnitedStates v. Verdug-Urquidez, 494 U.S. 259 (1990)] endorsed the viewthat U.S. courts are not empowered to issue warrants for foreignsearches,” id. at 169, and found that “it is by no means clear thatU.S. judicial officers could be authorized to issue warrants foroverseas searches,” id. at 171.enforcementagentsresidence in Kenya.engagingBut Odeh involved American lawinId. at 159-60.wiretappingandsearchingaThe court held that while theFourth Amendment’s proscription against unreasonable search andseizure would apply in such circumstances, the requirement of awarrant would not.Id. at 169-71.Similarly, in Verdug-Urquidez,the Supreme Court held that a Mexican national could not challenge,on Fourth Amendment grounds, the search of his residence in Mexicoby American agents acting without a warrant.494 U.S. at 262-63,274-75; id. at 278 (Kennedy, J., concurring); id. at 279 (Stevens,J., concurring).Those cases are not applicable here, where therequirement to obtain a section 2703(a) order is grounded in theSCA, not in the Warrant Clause.Nor do cases relating to the lack of power to authorizeintrusion into a foreign computer support Microsoft’s position. In23In re Warrant to Search a Target Computer at Premises Unknown, 958F.Supp.2d753(S.D.Tex.2013),thecourtrejectedtheGovernment’s argument that data surreptitiously seized from acomputer at an unknown location would be “located” within thedistrict where the agents would first view it for purposes ofconforming to the territorial limitations of Rule 41.57.Id. at 756-But there the Government was not seeking an SCA Warrant.The Government [did] not seek a garden-variety searchwarrant. Its application request[ed] authorization tosurreptitiously install data extraction software on theTarget Computer.Once installed, the software [wouldhave] the capacity to search the computer’s hard drive,random access memory, and other storage media; toactivate the computer’s built-in camera; to generatelatitude and longitude coordinates for the computer’slocation; and to transmit the extracted data to FBIagents within this district.Id. at 755.“In other words, the Government [sought] a warrant tohack a computer suspected of criminal use.”Id.Though not“garden-variety,” the warrant requested there was conventional: itcalled for agents to intrude upon the target’s property in order toobtain information; it did not call for disclosure of informationin the possession of a third party.Likewise, in United States v.Gorshkov, No. CR 00-550, 2001 WL 1024026 (W.D. Wash. May 23, 2001),government agents seized a computer in this country, extracted apassword, and used it to access the target computer in Russia. Id.at *1.The court characterized this as “extraterritorial access”24to the Russian computer, and held that “[u]ntil the copied data wastransmitted to the United States, it was outside the territory ofthis country and not subject to the protections of the FourthAmendment.”Id. at *3.But this case is of even less assistanceto Microsoft since the court did not suggest that it would havebeen beyond a court’s authority to issue a warrant to accomplishthe same result.5Perhaps the case that comes closest to supporting Microsoft isCunzhu Zheng v. Yahoo! Inc., No. C-08-1068, 2009 WL 4430297 (N.D.Cal. Dec. 2, 2008), because at least it deals with the ECPA.There, the plaintiffs sought damages against an ISP on the groundthat it had provided user information about them to the People’sRepublic of China (the “PRC”) in violation of privacy provisions ofthe ECPA and particularly of the SCA.Id. at *1.The court foundthat “the alleged interceptions and disclosures occurred in the5Microsoft argues that the Government itself recognized theextraterritorial nature of remote computer searches when it soughtan amendment to Rule 41 in 2013. See Letter from Mythili Raman,Acting Assistant Attorney General, Criminal Division to Hon. ReenaRaggi, Chair, Advisory Committee on Criminal Rules (Sept. 18, 2013)(“RamanLetter”)at4-5,availableathttp://uscourts.gov/uscourts/RulesAndPolicies/. But the proposedamendment had nothing to do with SCA Warrants directed to serviceproviders and, rather, was intended to facilitate the kind of“warrant to hack a computer” that was quashed in In re Warrant toSearch a Target Computer at Premises Unknown; indeed, theGovernment explicitly referred to that case in its proposal. RamanLetter at 2.25PRC,"id.at *4,and as a result,dismissed the action on theground that "[p]laintiffs point to no language in the ECPA itself,norto anyindicatingstatementCongressin theintendedlegislative history ofthatthethe ECPA,ECPAapplyactivities occurring outside the United States," id. at *3.this language, too, does not advance Microsoft's cause.toButThe factthat protections against "interceptions and disclosures" may notapply where those activities take place abroad hardly indicatesthat Congress intended to limit the ability of law enforcementagentstoobtainaccountinformationfromdomesticserviceproviders who happen to store that information overseas.ConclusionEven when applied to information that is stored in serversabroad,an SCA Warrant does not violate the presumption againstextraterritorialapplicationofAmericanlaw.Accordingly,Microsoft's motion to quash in part the warrant at issue is denied.SO ORDERED.C-~~Jv~C. FRANCIS IVD STATES MAGISTRATE JUDGEDated: New York, New YorkApril 25, 201426Copies mailed this date:Guy Petrillo, Esq.Nelson A. Boxer, Esq.Petrillo Klein & Boxer LLP655 Third Ave.New York, NY 10017Nancy Kestenbaum, Esq.Claire Catalano, Esq.Covington & Burling LLPThe New York Times Building620 Eighth Ave.New York, NY 10018-1405James M. Garland, Esq.Alexander A. Berengaut, Esq.Covington & Burling LLP1201 Pennsylvania Avenue, NWWashington, DC 20004-2401Lorin L. Reisner, Esq.Justin Anderson, Esq.Serrin Turner, Esq.Assistant U.S. AttorneysOne St. Andrew's PlazaNew York, NY 1000727