This case sheds light on where and when U.S. citizens have a reasonable expectation of privacy with regard to their emails.
Google has found a way to be exceptional again, but perhaps not in the way it wants. On Friday, United States Magistrate Judge Thomas Rueter ruled that Google would have to surrender emails stored outside the U.S. to comply with an FBI search warrant. This marks a sharp departure from a court ruling in a similar case that involved Microsoft, in which it was determined that the company could not be forced to give authorities access to emails stored on a server in Dublin, Ireland, that were wanted in connection with a narcotics case.
However, in this new case, Rueter of the U.S. District Court for the Eastern District of Pennsylvania determined that giving the emails to the FBI would not be deemed a seizure. Rather, there would be “no meaningful interference” with the account holder’s (which is to say Google’s) “possessory interest” in the data in question.
“Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States,” Rueter noted.
This ruling, however, may not stand, particularly as it goes against the precedent set seven months ago in the Microsoft case. That decision was largely applauded by tech companies, privacy groups, and both the American Civil Liberties Union and U.S. Chamber of Commerce.
Google has already noted that it will appeal the decision, releasing a statement reading, “The magistrate in this case departed from precedent, and we plan to appeal the decision. We will continue to push back on overbroad warrants.”
Since the ruling, some other giants of the technology industry have jumped into the fray in Google’s defense, as Business Insider reports. Apple, Microsoft, Amazon, and Cisco filed an amicus brief that contends that it is up to Congress and not the courts to decide whether or not the U.S. Stored Communications Act (SCA) applies only to data stored on servers located in the U.S. The brief also cited as precedent Microsoft’s win in a similar case in January 2017.
The brief states, “When a warrant seeks email content from a foreign data center, that invasion of privacy occurs outside the United States — in the place where the customers’ private communications are stored, and where they are accessed, and copied for the benefit of law enforcement, without the customer’s consent.” According to the companies, forcing companies to grab data that’s stored outside the U.S. could “invite” the same from other governments regarding data stored in the U.S.
Regarding how those foreign governments perceive the action, they wrote, “Our sister nations clearly view U.S. warrants directing service providers to access, copy, and transmit to the United States data stored on servers located within their territory as an extraterritorial act on the part of the U.S. government.”
It seems that these sorts of cases will arise more and more frequently, and as such, the laws that apply to this area may need to be reconsidered. Both the Microsoft and Google cases invoke a 1986 federal law known as the Stored Communications Act. But given that the act is now more than 30 years old, it may be in need of a refresh.
Updated on 03-14-2017 by Mark Coppock: Added information on amicus brief filed by other technology companies on Google’s behalf.