Normally, this blog is devoted to intellectual property issues specific to technology, much of which is case law analysis primarily in the areas of patent, trademark, and copyright laws. However, as is often the case in real-life when different laws clash, so do intellectual properties with other areas of law. The right of privacy is not an intellectual property, but there are many instances when the various intellectual properties will affect individual privacy. Examples include Facebook’s data collection patents, like U.S. Patent No. 9,947,031, for “content access management in a social networking system for locally stored content,” or U.S. Patent No. 9,923,981, for “capturing structured data about previous events from users of a social networking system.” Another example is the digital rights management (DRM) technologies which sprouted up as a result of the Digital Millennium Copyright Act (DMCA) in 1998, and are utilized by many companies affecting e-readers, streaming media, and gaming. So, it should be no surprise that a case dealing with both privacy and tech would eventually make its way to the highest court in the country.
On April 17, 2018, the U.S. Supreme Court issued a per curiam order dismissing U.S. v. Microsoft Corp.,[1] which dealt with the issue of access to emails stored on a server outside the territorial limits of the United States. Microsoft had resisted a Justice Department warrant for emails related to drug trafficking which were held in an email server in its datacenter in Ireland, on the grounds that the warrant did not meet the proper legal procedures, namely because the emails resided offshore. The district court in New York held Microsoft in civil contempt, but that was reversed on appeal to the Second Circuit. The U.S. Government appealed, and a petition for certiorari was granted in October 2017, with oral arguments heard in February 2018. However, in the interim between oral arguments and a ruling, Congress passed the CLOUD Act, or Clarifying Lawful Overseas Use of Data Act. The CLOUD Act amended the Stored Communications Act[2] by adding:
A service provider shall comply with the obligations of this chapter to preserve, backup, or disclose the contents of a wire or electronic communication and any record or other information pertaining to a customer or subscriber within such provider’s possession, custody, or control, regardless of whether such communication, record, or other information is located within or outside the United States.[3]
Microsoft then complied with the warrant request consistent with the CLOUD Act, much to the chagrin of privacy advocates. The Justices determined that no controversy existed at that point and rendered the case moot.
While set the realm of criminal law and procedure, the Microsoft case dealt squarely with tech and privacy. It is already a commonly-held belief that the law is far behind where technology currently is, and once the law has caught up to present, tech will have already moved on to the next big thing. Tech patents on data collection of private information is nothing new; it will be interesting how the tech world innovates around this particular issue (tech usually does). Incidentally, Microsoft has numerous patents in the area of data collection, including U.S. Patent No. 8,181,195, for “anonymous aggregated data collection,” directed to receiving and storing media information through anonymous data collection.
[1] In re Warrant To Search a Certain Email Account Controlled and Maintained by Microsoft Corp., 15 F.Supp.3d 466 (S.D.N.Y. 2014), rev’d and vacated 829 F.3d 197 (2d Cir. 2016), cert. granted sub nom., United States v. Microsoft Corp., 583 U.S.___, 138 S. Ct. 356 (2017), vacated as moot, 584 U.S.___ (2018).
[2] 18 U.S.C. §2701 et seq.
[3] CLOUD Act §103(a)(1).