August 2017

Bipartisan U.S. Senate Bill Would Allow U.S. Government Demands for Emails Stored Abroad

Following conflicting court decisions about whether the U.S. government may require the disclosure of electronic communications stored outside the United States, several U.S. Senators recently introduced the International Communications Privacy Act (the “ICPA”), bipartisan legislation intended to clarify the bounds of what the government may demand. Among other things, the proposed legislation would:

> permit the government to acquire a judicially-approved warrant to obtain the electronic communications of U.S. citizens and residents and persons located in the United States, wherever stored, as long as they are accessible from a U.S. computer; and

> provide procedures for obtaining the electronic communications of non- U.S. persons physically located outside the United States.

If enacted, this legislation will provide much needed clarity regarding the U.S. government’s ability to obtain electronic communications. Companies that provide data storage services and their customers should monitor this legislation as it could substantially affect their obligations under U.S. law to produce data to the U.S. government.

Currently, the Electronic Communications Privacy Act of 1986 (the “ECPA”) governs U.S. government demands for the content of electronic communications from service providers. The key provision, 18 U.S.C. § 2703, requires U.S. government entities to obtain a warrant from a court to obtain more recent electronic communications (stored for 180 days or less). To obtain older electronic communications (stored for more than 180 days), the U.S. government usually only needs a subpoena.

Section 2703—adopted more than 30 years ago—does not contain any language indicating whether the physical location of the electronic communications or the customer/subscriber is relevant to whether these communications are subject to production. Recently, successfully challenged a Section 2703 warrant by refusing to produce electronic communications stored outside the United

1

States.1 More recently, however, two lower federal courts have disagreed with the Microsoft decision, and have required Yahoo and to turn over emails, holding that the location of the emails is not relevant under Section 2703 if such emails are within the control of a service provider in the United States.2

Under the ICPA, the ability of the U.S. government to demand electronic communications would turn on the physical location and citizenship/residence status of the person whose communications are sought. The physical storage location of the communications would be irrelevant, as long as the communications are accessible from a U.S. computer.

As proposed by Senators Orrin Hatch (R-), Chris Coons (D-Del.) and Dean Heller (R-NV), the ICPA would make the following changes to current law:

> U.S. person or person located in the United States – The ICPA would clarify that U.S. law enforcement agencies may demand the electronic communications of U.S. persons (i.e., a U.S. citizen or lawful permanent resident) and persons physically located inside the United States (even if they are non-U.S. persons) pursuant to a warrant, regardless of where those communications are stored, provided the data is accessible from a U.S. computer.

> Non-U.S. person – With respect to the electronic communications of customers or subscribers who are not U.S. persons or located in the United States, the ICPA would provide the following procedures:

- First, the U.S. government must notify the person’s country of citizenship and provide that country an opportunity to object, if the country has an applicable Law Enforcement Cooperation Agreement with the United States.

- Second, if, after receiving notice, the other country objects, a U.S. court would undertake a comity analysis to determine whose interests should rightfully prevail.

- However, in order to receive notice and an opportunity to object, the other country must provide reciprocal rights to the United States. The ICPA permits the U.S. government to obtain a warrant for the electronic communications of a foreign national located in a foreign country that does not have an applicable Law Enforcement Cooperation Agreement with the United States.

1 Please see our earlier client briefing regarding In re Warrant to Search a Certain E-Mail Account Controlled & Maintained by Microsoft Corp., No. 14‐2985 (2d Cir. July 14, 2016), which is available here. The U.S. government has filed a petition for a writ of certiorari with the U.S. Supreme Court, which has yet to decide whether it will review the Second Circuit decision. 2 Matter of Search of Content that is Stored at Premises Controlled By Google, No. 16-mc-80263-LB, 2017 WL 1487625, (N.D.Cal. Apr. 25, 2017); In re: Information associated with one Yahoo email address that is stored at premises controlled by Yahoo, No. 2:17-mj-1234-WED, 2017 WL 706307 (E.D. Wis. Feb. 21, 2017). 2

> No timeframe distinction between recent and older content – The ICPA would remove the outdated distinction between electronic Contacts communications that have been maintained or stored 180 days or less versus those stored more than 180 days. This 180-day rule was enacted For further information when data typically was not stored for long periods of time due to data please contact: storage limits and related expenses. As a result, emails older than 180 Matthew Axelrod days receive few privacy protections under the current ECPA because Partner they are considered abandoned. Two other bills that have been recently +1 202 654 9264 introduced into the Senate would also remove the 180-day distinction.3 [email protected] > MLAT process – The legislation would reform and streamline the Mutual Legal Assistance Treaty (MLAT) process, which facilitates cooperation Adam Lurie and information sharing between nations, including by providing greater Partner accessibility, transparency, and accountability and requiring the Attorney +1 202 654 9227 General to create an online docketing system for MLAT requests and to [email protected] publish statistics on the number of such requests. Douglas Tween The ICPA was first introduced in the Senate and the U.S. House of Partner Representatives last year. While the ICPA did not progress when first introduced in Congress last year, the Senators recently re-introduced the +1 212 903 9072 legislation to reshape the balance between law enforcement’s access to [email protected] overseas data and U.S. and international data privacy protections. Recent legal James Warnot developments, including possible Supreme Court review of the issue, as well Partner as bipartisan and industry support, all suggest that the legislation could now gain traction. +1 212 903 9028 [email protected] We will continue to monitor developments in this area and welcome any queries you may have. If you have any questions, please contact the people on Caitlin Potratz the right or your usual Linklaters contact. Associate +1 202 654 9240 This publication is intended merely to highlight issues and not to be comprehensive, nor to provide legal advice. Should you have any questions on issues reported here or on other areas of law, please contact one of your regular contacts, or contact the editors. [email protected] © Linklaters LLP. All Rights reserved 2017 Linklaters LLP is a limited liability partnership registered in England and Wales with registered number OC326345. It is a Linklaters LLP law firm authorised and regulated by the Solicitors Regulation Authority. The term partner in relation to Linklaters LLP is used to refer to a member of Linklaters LLP or an employee or consultant of Linklaters LLP or any of its affiliated firms or 601 Thirteenth Street N.W. entities with equivalent standing and qualifications. A list of the names of the members of Linklaters LLP and of the non- members who are designated as partners and their professional qualifications is open to inspection at its registered office, Suite 400 South One Silk Street, London EC2Y 8HQ, England or on www.linklaters.com. Washington, D.C. 20005 Please refer to www.linklaters.com/regulation for important information on Linklaters LLP’s regulatory position. We currently hold your contact details, which we use to send you newsletters such as this and for other marketing and Telephone +1 202 654 9200 business communications. Facsimile +1 202 654 9210 We use your contact details for our own internal purposes only. This information is available to our offices worldwide and to those of our associated firms. If any of your details are incorrect or have recently changed, or if you no longer wish to receive this newsletter or other 1345 Avenue of the Americas marketing communications, please let us know by emailing us at [email protected]. New York, NY 10105

Telephone +1 212 903 9000 3 The ECPA Modernization Act and the Act would both require the U.S. government Facsimile +1 212 903 9100 to obtain a warrant before accessing electronic communications, no matter how long they have been stored. These bills do not, however, address the extraterritorial concerns raised by the Linklaters.com Microsoft case.

3