Microsoft Corp. v. U.S. Dep't of Justice

• Decision Date: 08 February 2017
• Docket Number: CASE NO. C16–0538JLR
• Citation: 233 F.Supp.3d 887
• Parties: MICROSOFT CORPORATION, Plaintiff, v. UNITED STATES DEPARTMENT OF JUSTICE, Defendant.
• Court: U.S. District Court — Western District of Washington

233 F.Supp.3d 887

MICROSOFT CORPORATION, Plaintiff,

v.UNITED STATES DEPARTMENT OF JUSTICE, Defendant.

CASE NO. C16–0538JLR

United States District Court, W.D. Washington, at Seattle.

Signed February 8, 2017

Alexander Adelman Berengaut, James McMackin Garland, Katharine Reams Goodloe, Covington & Burling LLP, Laura R. Handman, Davis Wright Tremaine, Washington, DC, Ambika K. Doran, Stephen M. Rummage, Davis Wright Tremaine, Seattle, WA, for Plaintiff.

Eric Soskin, Jennie L. Kneedler, US Department of Justice, Washington, DC, Helen J. Brunner, Kerry Jane Keefe, US Attorney's Office, Seattle, WA, for Defendant.

ORDER ON MOTION TO DISMISS

JAMES L. ROBART, United States District Judge

I.INTRODUCTION

Before the court is Defendant United States Department of Justice's ("the Government")motion to dismiss PlaintiffMicrosoft Corporation's first amended complaint.(Mot. (Dkt. # 38).)Microsoft opposes the Government's motion.(Resp. (Dkt. # 44).)The court has considered the Government's motion, Microsoft's opposition to the Government's motion (Resp. (Dkt. # 44)), the Government's reply (Reply (Dkt. # 92)), the filings of amici (Amici Br. (Dkt. ## 43, 48, 49, 56, 57, 58, 61, 66, 71)), the relevant portions of the record, and the applicable law.In addition, the court heard argument from the parties on January 23, 2017.(1/23/17 Min. Entry (Dkt. # 105).)Being fully advised, the court GRANTS IN PART and DENIES IN PART the Government's motion for the reasons set forth below.

II.BACKGROUND

A.Statutory Background

The Electronic Communications Privacy Act of 1986("ECPA"), 18 U.S.C. §§ 2510, et seq. ,"addresses various areas of electronic surveillance, including wiretaps, tracking devices, stored wire and electronic communications, pen registers, and trap and trace devices."SeeUnited States v. Anderson , No. 2:15–cr–00200–KJD–PAL, 2016 WL 4191045, at *7(D. Nev.Apr. 27, 2016).ECPA addresses "electronic communications services (e.g., the transfer of electronic messages, such as email, between computer users) and remote computing services (e.g., the provision of offsite computer storage or processing of data and files)."In re Zynga Privacy Litig. , 750 F.3d 1098, 1103(9th Cir.2014).Under ECPA, an electronic communications service provider ("ECS provider") is an entity that offers "any service which provides to users thereof the ability to send or receive wire or electronic communications,"18 U.S.C. § 2510(15), and a remote computing service provider ("RCS provider") is an entity that provides "to the public ... computer storage or processing services by means of an electronic communications system,"18 U.S.C. § 2711(2).A subscriber is a person who uses one or more of those services.See, e.g. , In re Application of the U.S. for an Order Pursuant to 18 U.S.C. § 2705(b) , 131 F.Supp.3d 1266, 1268(D. Utah2015).

Title II of ECPA—the Stored Communications Act ("the SCA"), 18 U.S.C. §§ 2701, et seq. —governs the government's access to "electronic information stored in third party computers."In re Zynga , 750 F.3d at 1104;see alsoStephen Wm. Smith, Gagged, Sealed & Delivered: Reforming ECPA's Secret Docket , 6 HARV. L. & POL'Y REV. 313, 324 (2012)[hereinafter "Reforming ECPA's Secret Docket "]("Title II of the ECPA ... prescribes requirements and procedures under which the government can obtain court orders (known as § 2703(d) orders) compelling access to stored wire and electronic communications, as well as related subscriber and customer account information.").Two sections of the SCA, 18 U.S.C. § 2703and18 U.S.C. § 2705, "regulate relations between a government entity which seeks information; a service provider which holds information; and the subscriber of the service who owns the information and is therefore a target of investigation."In re Application of the U.S. , 131 F.Supp.3d at 1268.The information sought from ECS and RCS providers may contain "content" or "non-content" data.Id.Content includes items such as emails and documents, while non-content data includes things like email addresses and IP addresses.See, e.g. , Req. for Int'l Judicial Assistance from the Turkish Ministry of Justice , No. 16-mc-80108-JSC, 2016 WL 2957032, at *1(N.D. Cal.May 23, 2016);Integral Dev. Corp. v. Tolat , No. C 12–06575 JSW (LB), 2013 WL 2389691, at *1(N.D. Cal.May 30, 2013).

Section 2703 of the SCA authorizes the government to acquire a subscriber's information from a service provider when the subscriber is a "target" of the government's information request.See18 U.S.C. § 2703.The provision "establishes a complex scheme pursuant to which a governmental entity can, after fulfilling certain procedural and notice requirements, obtain information from [a service provider] via administrative subpoena or grand jury or trial subpoena."Crispin v. Christian Audigier, Inc. , 717 F.Supp.2d 965, 974–75(C.D. Cal.2010)(citing18 U.S.C. § 2703(b) ).Section 2703 requires the government to give notice to subscribers that it has obtained their information from a service provider in some but not all circumstances.See18 U.S.C. § 2703(a) -(c)(describing various notice requirements for communication contents and records in electronic storage and remote computing services).

Section 2705 of the SCA addresses when the government may withhold notice that is otherwise required under Section 2703.See18 U.S.C. § 2705(a) -(b);In re Application of the U.S. , 131 F.Supp.3d at 1268.Under Section 2705(a), the government may delay giving notice to the subscriber that the government has collected the subscriber's information if certain requirements are met.Id. at 1267.Under Section 2705(b), the government may apply for "a preclusion-of-notice order."Id.Such an order "command[s] a provider of electronic communications service or remote computing service not to notify any person of the existence of a grand jury subpoena [or other acceptable court order under the SCA] which the Government has served on the provider."Id.;see alsoReforming ECPA's Secret Docketat 325("The SCA does authorize the court to issue a gag order (called ‘preclusion of notice’) to service providers, commanding them not to notify any other person of the existence of the court order.").A court may issue such a "preclusion-of-notice order" if the court

determines that there is reason to believe that notification of the existence of the warrant, subpoena, or court order will result in (1) endangering the life or physical safety of an individual; (2) flight from prosecution; (3) destruction of or tampering with evidence; (4) intimidation of potential witnesses; or (5) otherwise seriously jeopardizing an investigation or unduly delaying a trial.

18 U.S.C. § 2705(b)."The combined effect of [Sections 2703 ] and 2705(b) is that the subscriber may never receive notice of a warrant to obtain content information from a remote computing service and the government may seek an order under § 2705(b) that restrains the provider indefinitely from notifying the subscriber."In re Application of the U.S. , 131 F.Supp.3d at 1271.

Since Congress passed the SCA in 1986, the technological landscape has changed considerably.SeeOrin Kerr, The Next Generation Communications Privacy Act , 162 U. PA. L. REV. 373, 375(2014)("In recent years, ECPA has become widely perceived as outdated.");see alsoid. at 376(noting that at the time Congress passed ECPA, "[a]ccess to stored communications was a lesser concern," but "[s]ervice providers now routinely store everything, and they can turn over everything to law enforcement").As technology changes, the public has vigorously debated the appropriate reach of the government's electronic surveillance of its citizens.See, e.g. , Reforming ECPA's Secret Docketat 313–14;Jonathan Manes, Online Service Providers & Surveillance Law Technology , 125 YaleL.J. F. 343, 346(Mar. 3, 2016)("Over the past two-and-a-half years, we have had the most robust public discussion about surveillance in a generation.").As former Magistrate Judge Paul S. Grewal noted, "[w]arrants for location data, cell phone records[,] and especially email rule the day."In Matter of Search Warrant for [Redacted]@hotmail.com , 74 F.Supp.3d 1184, 1185(N.D. Cal.2014).And according to Magistrate Judge Stephen Wm. Smith, the "ECPA docket ... handles tens of thousands of secret cases every year."Reforming ECPA's Secret Docketat 313.

The public debate has intensified as people increasingly store their information in the cloud¹ and on devices with significant storage capacity.SeeIn re Grand Jury Subpoena, JK–15–029 , 828 F.3d 1083, 1090(9th Cir.2016)(quotingUnited States v. Cotterman , 709 F.3d 952, 964(9th Cir.2013) )(noting that "electronic storage devices such as laptops ‘contain the most intimate details of our lives: financial records, confidential business documents, medical records[,] and private emails,’ " which " ‘are expected to be kept private’ ").Government surveillance aided by service providers creates unique considerations because of the vast amount of data service providers have about their customers.For example, "[i]nternet service providers know the websites we have viewed.Google keeps records of our searches.Facebook keeps records of our ‘friends,’ our communications, and what we‘like.’ "Online Service Providers & Surveillance Law Technologyat 349.These developments have led several courts to conclude that certain material stored with providers deserves constitutional protection.See, e.g. , In re Grand Jury Subpoena , 828 F.3d at 1090("[E]mails are to be treated as closed, addressed packages for expectation-of-privacy purposes.");Search of Info. Associated with Email Addresses Stored at Premises Controlled by Microsoft Corp. , 212 F.Supp.3d 1023, 1034–35(D. Kan.2016)("In considering the email context specifically, courts have held an individual enjoys a right to privacy in his or her emails.");United States v. Warshak , 631 F.3d 266,...