Google Required to Hand Over Foreign Stored Emails to US Justice Department

By Doug Austin , CloudNine

In the ruling In re Search Warrant No. 16-960-M-01 to Google , Pennsylvania Magistrate Judge Thomas J. Rueter ordered Google to comply with a search warrant to produce foreign-stored emails, disagreeing with the U.S. Court of Appeals for the 2nd Circuit’s ruling in the Microsoft Ireland warrant case, where Microsoft was not ordered to provide access to emails in that ruling.

In August 2016, the court issued two search warrants, pursuant to section 2703 of the Stored Communications Act (SCA), which required Google to disclose electronic data held in the accounts of targets in two separate criminal investigations to agents of the FBI.  Each account holder resided in the US, the crimes they are suspected of committing occurred solely in the US, and the electronic data at issue was exchanged between persons located in the United States.

Google partially complied with the warrants by producing data that is within the scope of the warrants that it could confirm is stored on its servers located in the US, but refused to produce other data required to be produced by the warrants that was stored on servers located out of the US, relying on the recent decision of a panel of the US Court of Appeals Second Circuit, Matter of Warrant to Search a Certain E-Mail Account Controlled & Maintained by Microsoft Corp., 829 F.3d 197 (2d Cir. 2016) , where the Second Circuit denied the government’s efforts to compel Microsoft to provide emails in that case.

In ruling that Google has to comply with the warrant in full, Judge Rueter stated that “Under the facts before this court, the conduct relevant to the SCA’s focus will occur in the United States. That is, the invasions of privacy will occur in the United States; the searches of the electronic data disclosed by Google pursuant to the warrants will occur in the United States when the FBI reviews the copies of the requested data in Pennsylvania. These cases, therefore, involve a permissible domestic application of the SCA, even if other conduct (the electronic transfer of data) occurs abroad.”

Judge Rueter also indicated that he “agrees with the Second Circuit’s reliance upon Fourth Amendment principles, but respectfully disagrees with the Second Circuit’s analysis regarding the location of the seizure and the invasion of privacy” , noting that “[e]lectronically transferring data from a server in a foreign country to Google’s data center in California does not amount to a ‘seizure’ because there is no meaningful interference with the account holder’s possessory interest in the user data. Indeed, according to the Stipulation entered into by Google and the Government, Google regularly transfers user data from one data center to another without the customer’s knowledge. Such transfers do not interfere with the customer’s access or possessory interest in the user data.”

Judge Rueter also noted that the searches would occur in the US, stating that “Even though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States.” As a result, Judge Rueter granted the Government’s motions to compel Google to comply with the search warrants.

So, what do you think?  Should the location of the data or the location of the searches for the data determine whether it is subject to foreign data privacy considerations?

[ View source .]