In a decision that should not come as a big surprise, a US Federal Court judge has determined that the location of data under Microsoft's custody is not relevant. If Microsoft can produce it, it is required to do so.
As reported in Computerworld, the decision relates to a search warrant that directed Microsoft to produce the contents of one of its customer’s e-mails, where that information is stored on a server located in Dublin, Ireland. Microsoft contended that courts in the US cannot issue warrants for extraterritorial search and seizure, but the judge denied Microsoft's motion to quash the warrant. It argued, in part, that a US court can't issue a search warrant for premises outside of the United States so they should not be able to do so virtually.
However, the Court found that these orders may look like search warrants but they are more like subpoenas. They order an American company to do something entirely in the Unites States:
But the concerns that animate the presumption against extraterritoriality are simply not present here: an SCA Warrant does not criminalize conduct taking place in a foreign country; it does not involve the deployment of American law enforcement personnel abroad; it does not require even the physical presence of service provider employees at the location where data are stored. At least in this instance, it places obligations only on the service provider to act within the United States....
This case, for some Canadian readers will be reminiscent of the Canadian Federal Court decision in eBay Canada Ltd. v. M.N.R., 2008 FCA 348, where the Court ordered eBay in Canada to turn over information about Canadian "powersellers" regardless of the fact that the data was not within the territorial jurisdiction of the Court.
Microsoft is appealing this decision, but for now it stands for the proposition that the location of data is largely irrelevant in determining whether a government can order it to be turned over. The location or nationality of the custodian is much more relevant.