It is illegal under Irish law for Microsoft to hand over information stored in Ireland to the US government without an Irish judge’s approval, former minister for justice Michael McDowell has warned.
In a strongly worded affidavit in support of the technology company embroiled in a landmark legal fight with the US government, Mr McDowell – who is also a practising senrior counsel – argued the disclosure of data is only lawful if signed off by a judge here.
Ireland is required by law to protect data held in the country from foreign law enforcement agencies.
The case being heard by a federal court in New York centres on the prosecution of a drug trafficker. Prosecutors want Microsoft to hand over emails stored in Microsoft’s server in Dublin, without going through existing international treaties. Microsoft has described it as potentially allowing federal agents to break down the door of its Dublin facility.
A federal magistrate had agreed a simple warrant, normally not valid outside US jurisdiction, was enough to force US-headquartered companies to hand over data. The ruling has been challenged by Microsoft and, if upheld, has deep implications, particularly for Ireland with its heavy US corporate footprint.
It will essentially allow US law enforcement agencies to easily get information held in other countries without worrying about international treaties. Oral arguments in Micrsoft’s appeal were heard yesterday.
Co-operation with the US seeking information for criminal prosecutions is covered by Irish and European mutual legal assistance treaties and a 2008 criminal justice act. “In the present case, I understand that US law enforcement seeks email content stored in Microsoft’s servers in Dublin, Ireland,” Mr McDowell wrote in a four-page statement.
“The aforementioned treaties and procedures were designed to apply under precisely these circumstances. The US government should therefore obtain the evidence it seeks through the MLA treaties,” he said.
The treaties and act are “highly effective”; Ireland rarely turns down requests. However, the prosecutors in the case argue using the treaties would be too “cumbersome.”
Echoing privacy activists in the US, Mr McDowell said this argument was in part about Ireland’s sovereignty. Leading US privacy advocates, the Electronic Frontier Foundation said Ireland’s sovereignty risks being “trampled on.”
Ireland’s data protection acts “highlights its sovereign interest guarding against foreign law enforcement activities within its borders by any means other than the applicable MLA treaties,” said Mr McDowell, who was asked by Microsoft to file the affidavit in support of its appeal.
Any disclosure of data held in Ireland “is only lawful where such disclosure is required or mandated by reference to Irish law and subject to the jurisdiction and control of the Irish court,”
The US Department of Justice argues overseas records held by US-based companies must be disclosed if when a valid “warrant compels their production”.