Microsoft in battle with US government over bank account info held in Ireland
MICROSOFT is in a legal wrangle with the US government which is seeking access to credit card numbers and bank account information stored in Ireland about a Microsoft customer.
The US search warrant issued last December also sought the customer's name, address, telephone number and the contents of all emails they had ever sent and received.
It's believed that the customer in question may be based in Ireland.
However, the probe was blocked after Microsoft determined the details were stored on a server in Dublin and refused to supply the information, arguing that US search warrants do not extend overseas.
A ruling by US judge James Francis at a District Court in New York stated that internet service providers such as Microsoft or Google cannot refuse to turn over customer information in other countries when issued with a search warrant from US law enforcement agencies.
It claimed it would be too much of a burden for the US government to co-ordinate efforts to secure confidential information with foreign governments. "The burden on the government would be substantial, and law enforcement efforts would be seriously impeded," the ruling stated.
But Microsoft said in a statement: "A US prosecutor cannot obtain a US warrant to search someone's home located in another country, just as another country's prosecutor cannot obtain a court order in her home country to conduct a search in the United States.
"We think the same rules should apply in the online world, but the government disagrees," it said.
Judge Francis said that while this was true for traditional search warrants, the same point could not be made for warrants seeking digital content, which he said are governed by federal US law.
He said this law, the Stored Communications Act, states that the information must be provided regardless of where it is held. Microsoft is seeking a review of the judge's ruling.
Digital law expert TJ McIntyre said due to conflicting data protection laws in Ireland and the US, it was difficult to ascertain whether Microsoft could be forced to supply the data.
According to the Data Protection Act 2003, personal data can be disclosed for the purpose of preventing, detecting or investigating offences.
Mr McIntyre added: "Given the enforcement of data protection law in Ireland on the whole is not very strong, Microsoft may well think that if there is a conflict they may be better served complying with the US law."
He added: "It is undesirable that a US court should be able to exercise control over the personal information of people based outside of the US in this way".