A recent Federal Court decision out of New York set a dangerous precedent by requiring Microsoft to turn over emails stored outside the United States. This decision opens the door for unscrupulous foreign entities to seize the private communications of Americans living abroad.
Today, Senators Hatch, Coons, and Heller took a first step in reversing that precedent by introducing the Law Enforcement Access to Data Stored Abroad Act (LEADS), which states the Electronic Communications Privacy Act (ECPA) and subsequent amendments were never meant to give law enforcement the power to issue warrants that reach outside the United States while acknowledging the needs of law enforcement. The bill allows the government to obtain only through a warrant electronic communications relevant to criminal investigations of “United States persons,” regardless of where the communications are stored. However, that warrant cannot violate the laws of the country where the communications are stored.
Even more important, this bill emphasizes that “data localization requirements” (law enforcement telling cloud providers that U.S. data has to be stored in the U.S.) do not work in a borderless internet and will only serve to impede innovation. Since this bill clarifies that law enforcement can issue warrants for information outside the U.S. only when the criminal investigation is related to a U.S. person, there is no need to dictate to cloud providers where data is stored.
LEADS goes a long way to protect cloud providers and software developers from foreign legal liability stemming from a U.S. warrant. We in the app community appreciate and rely on law enforcement to get the bad guys. Let’s just not lock up the good guys along the way.