A federalappeals court reaffirmed Microsoft's legal right to refuse a U.S. government order to hand over data stored overseas in a case with important privacy implications. A divided panel of judges in New York denied a petition by the U.S. for a rehearing of a ruling last year in a case pitting Microsoft against the government over data stored in servers in Ireland.

The case has been watched closely for its implications for privacy and surveillance in the digital age. The December 2013 warrant directed Microsoft to turn over the contents of an email account used by a suspected drug trafficker. Redmond, Washington-based Microsoft handed over account information it kept on U.S. soil, but said the content of emails was off-limits because it was stored on servers in Ireland. Microsoft chief legal officer Brad Smith welcomed the ruling while noting that "we need Congress to modernize the law both to keep people safe and ensure that governments everywhere respect each other's borders."

Many privacy and digital rights activists have supported Microsoft as a way of guarding against overreach by the U.S. government, although some say the implications of the case are not clear.

Concurring and dissenting justices on the panel agreed that Congress that the 1986 Store Communications Act (SCA) that was at the heart of the case should be modified by Congress to better balance privacy, crime fighting, and national security. Judge Susan Carney said Congress did not intend for the law to apply "extraterritorially," or outside U.S. borders, and disputed the government's argument claiming the data remained domestic because it could be accessed by Microsoft.

"Mundane as it may seem, even data subject to lightning recall has been stored somewhere, and the undisputed record here showed that the 'somewhere' in this case is a datacenter firmly located on Irish soil," she wrote in a concurring opinion.

While Microsoft has received backing from most technology allies and digital rights groups, some activists say the case is far from clear-cut. Jennifer Granick of the Stanford Center for Internet and Society has argued that a Microsoft win could mean these cases are decided in countries with fewer privacy protections, and drive more companies to "localize" data in places where authorities can't access it. But Greg Nojeim of the Center for Democracy and Technology said a ruling for the government "could have resulted in chaos and a privacy disaster."

Nojeim said that tech firms under such a ruling "would have been subject to conflicting obligations to an even greater extent than is the case today, and users' communications privacy could become, over time, subject to the whims of not just the U.S. government, but also other countries seeking their data."