Governance & Risk Management , Privacy , Standards, Regulations & Compliance

Federal Magistrate Orders Google to Turn Over Foreign Email

Google to Appeal After Microsoft Prevailed in a Similar Case
Federal Magistrate Orders Google to Turn Over Foreign Email
The Second Circuit Court of Appeals is at Thurgood Marshall U.S. Courthouse in New York. Photo: NYU FC (via CC)

A federal magistrate has ordered Google to turn over emails stored on servers outside the U.S., a ruling that is at odds with a recent federal appeals court decision favoring Microsoft.

See Also: The Ultimate PIA and DPIA Handbook for Privacy Professionals

Google resisted two search warrants issued in August 2016 that sought electronic data from several accounts related to investigations of fraud and theft of trade secrets.

Google told Reuters that "the magistrate in this case departed from precedent, and we plan to appeal the decision. We will continue to push back on overbroad warrants."

Aging Law at Issue

The warrants were issued under section 2703 of the Stored Communications Act, which outlines legal protections afforded to electronic data and how the U.S. government can access it.

Passed by Congress in 1985, the SCA was written long before companies ran complex data centers that whisk information around the world. It remains in contention whether the SCA can be used to obtain data that is stored overseas or if that is an extraterritorial application of U.S. law.

Although the individuals who were the targets of the warrants lived in the U.S., Google argued it didn't have to turn over the emails because they were stored overseas. The company did turn over material related to the accounts that was stored in country.

In fact, Google wasn't exactly sure where some of the account information resided. The company's systems divide up user data, and, for performance reasons, it may end up in several of its data centers anywhere in the world. The data is also further parsed into shards, according to a court document published by The Washington Post

The U.S. government argued that data then becomes a moving target. The government has legal assistance treaties with some countries for obtaining data. Those processes are slow, however, and may not keep up with how data is moved around.

Microsoft's Case

Google's situation is slightly different than Microsoft's. With Microsoft, the emails sought by the government were stored in Ireland. But the company - along with many others in the tech industry - opposed the application of the SCA to foreign-stored data.

In July 2016, the U.S. Second Circuit Court of Appeals found that the warrant would not apply to data stored outside the U.S. Although Microsoft could access the emails from the U.S., the court rejected the assertion that the ease of access overcame the territorial issues.

In late January, the same court denied rehearing the case in a 4-4 decision. The U.S. government could still petition the Supreme Court (see Microsoft Prevails in Case Involving Stored Emails).

The Fourth Amendment

When Congress crafted the SCA, it sought to extend Fourth Amendment privacy protections against unlawful search and seizure to electronic data. In Google's case, Magistrate Thomas J. Rueter rejected that the warrants served to Google violated those tenets.

Although the Google data is overseas, it could be accessed by the FBI from within the U.S. That makes the action a domestic application of the SCA and a fair search, the magistrate writes.

"Even though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States," Rueter writes.

Rueter also rejected the notion that accessing the data amounts to a seizure. "Electronically transferring data from a server in a foreign country to Google's data center in California does not amount to a 'seizure' because there is no meaningful interference with the account holder's possessory interest in the user data," he writes.

Orin Kerr, a research professor at The George Washington University Law School, writes in The Washington Post that the courts in both cases may not be addressing key legal questions. Nonetheless, the government continues to push for its view.

"Although the new decision is only a single opinion by a single magistrate judge, the decision shows that the Justice Department is asking judges outside the Second Circuit to reject the Second Circuit's ruling - and that at least one judge has agreed," Kerr writes.


About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.