No, the US Government can't access emails that are stored overseas even if it’s hosted by an American company. That's according to a US appeals court ruling in a landmark case that involves one of the biggest technology players in the world, Microsoft. Here are the details.
Thanks to cloud computing, you can access hosted data from anywhere in the world so long as you have an internet connection. But the technology has raised privacy concerns, mainly because governments around the world have different laws when it comes to accessing information for criminal investigations and for national security reasons.
A few years ago, Microsoft was served with a warrant from a US government agency to surrender emails that were hosted in Ireland under its Outlook email service as part of a criminal investigation. Microsoft refused since the data was hosted overseas and had to go to court over the matter, arguing that the warrant did not apply to overseas data. Two years ago, a district court ruled in favour of the US government.
It was a big blow to privacy and had the potential to open the floodgates for the US government to demand American companies to surrender digital information regardless of what country it's stored, bypassing local laws that are in place to protect the privacy of citizens. The ruling put the concept of data sovereignty into question.
Microsoft refused to budge on the issue and appealed the decision. Thankfully, the 2nd Circuit appeals court has reversed the ruling, confirming that US government warrants are not applicable to overseas data. The court cited that the original ruling was based on false assumptions that the US Patriot Act and Stored Communications Act applied to overseas content when its hosted by a US-based company.
This doesn't mean that the US government can't touch data hosted overseas; it just involves a longer process and coordination with authorities overseas. There's also still a chance that the US government would appeal the decision.
Still, this is a great outcome for Microsoft and privacy for individuals and organisations that don't host their data on US soil.
You can read a detailed breakdown of the decision over at TechDirt