Last year in August, a US judge had issued Google search warrants directing the company to provide the FBI with the customer emails stored outside of the United States. The government sought this information as part of an ongoing wire fraud investigation. Google has since been fighting this warrant, using Microsoft as an example of how the government cannot force the search giant to hand over customer data stored offshore. [The 2nd US Circuit Court of Appeals in New York had said in a ruling that Microsoft cannot be forced to turn over a user's email stored on a server in Dublin in a 2013 case.]
But Google seems to be stuck in a legal limbo. The company had appealed when the FBI had first served a search warrant ordering Google to hand over overseas emails belonging to suspects in a criminal investigation. Google argues that a domestic search warrant could not apply to data stored in a foreign country.
Then in February, US Magistrate Judge Thomas Rueter in Philadelphia ruled that transferring emails from a foreign server that the FBI could review locally as part of a domestic fraud probe did not qualify as a seizure.
“We plan to appeal the decision,” Google had said at time. “We will continue to push back on over-broad warrants.”
Turns out Google isn't going to be Microsoft-lucky
Now the US District Judge of the District Court for the Eastern District of Pennsylvania, Juan R Sanchez, has ruled that Google has to comply with the FBI's search warrants saying that the Court agrees with the Magistrate Judge's conclusion (emphasis is ours).
Because this Court agrees with the government that it is the location of the provider and where it will disclose the data that matter in the exterritoriality analysis, and because Google can retrieve and produce the outstanding data only in the United States, the Court agrees with the Magistrate Judge's conclusion that fully enforcing the warrants as to the accounts in question constitutes a permissible domestic application of the SCA. The order granting the government's motions to compel will therefore be affirmed.
SCA mentioned in the above excerpt is the Stored Communications Act, enacted in 1986, which the tech industry believes is too old to be applied now. Earlier in March, when Apple, Microsoft, Amazon, and Cisco had filed an amicus brief in support of Google’s decision to resist FBI warrants demanding user emails, they had also urged that the Act should be reviewed by the Congress.
"The Congress that drafted the SCA could barely have imagined the notion of storing emails halfway across the globe. That is why companies, commentators, and privacy advocates alike have long called for the SCA to be updated in light of the realities of 21st century technology. The question here, however, is the scope of the SCA as it now stands, not as Congress might eventually revise it."
The amicus brief filed by the tech giants had argued that "when a warrant seeks email content from a foreign data center, that invasion of privacy occurs outside the United States - in the place where the customers’ private communications are stored, and where they are accessed, and copied for the benefit of law enforcement, without the customer’s consent."
Judge: Google employees can provide all data "without ever leaving their desks in the US" - means this is a domestic process
Since everyone has been using Microsoft's case as a precedent, Judge Sanchez argues that "Microsoft court's analysis has been rejected by every magistrate judge and district court that has considered the issue to date."
The court essentially wants Google to stop bringing Microsoft in the conversation. And also trashes Google's argument of accessing data stored offshore by saying that since the data "will be accessed by Google personnel in the United States, and are produced by such personnel in the United States," it "reinforces the conclusion that the only conduct involved in the search and retrieval process occurs domestically."
While these queries may be run on servers in Google's foreign data centers, it is difficult to see how this amount to conduct by Google at the location of the data center, given that the United States-based employees direct the search and retrieval process remotely, without involvement by any personnel located abroad. [...] concluding "[t]he entire process of compliance [with an SCA warrant] takes place domestically" because corporate employees in the United States can review and provide the relevant materials to the government "without ever leaving their desks in the United States") [...] suggesting the legal point of access of stored communications is better understood as "the location from which the service provider electronically gains access to the targeted data" rather than "the physical location of the datacenter").
While Google had earlier vowed to fight against over-broad warrants, it isn't clear what the next steps will be for the search giant.
- We have reached out to Google and will update this space when we receive any comments.