In a potentially huge blow against privacy rights, in the case of In re Search Warrant No. 16-960-M-01 to Google, a US Magistrate in Philadelphia has ruled that forcing Google to turn over e-mails stored outside of the United States, in order for the FBI to review them as part of a domestic fraud investigation, does not count as seizure. In his ruling, Judge Thomas Reuter stated that,“Google regularly transfers user data from one data center to another without the customer’s knowledge,” adding, “Such transfers do not interfere with the customer’s access or possessory interest in the user data. Even if the transfer interferes with the account owner’s control over his information, this interference is de minimis and temporary.”
Judge Reuter’s ruling breaks a precedent that was set by the US Second Court of Appeals on January 24th, 2017, where that court ruled in a split decision to uphold a lower court’s ruling from July 16th, 2016, that Microsoft could not be forced to turn over e-mails stored on a foreign server. In that case, Microsoft successfully challenged a warrant issued by a New York judge, which requested e-mails Microsoft was storing in Ireland, which the Department of Justice was seeking for a drug case involving a Silk Road admin. Google said in court documents that it occasionally splits up e-mails into pieces to improve network performance, and that they did not necessarily know where specific e-mails are stored. Based on the ruling in the Microsoft case, Google felt that they had complied with the warrant they had received, by turning over e-mails that they knew were stored in the United States. Google pointed out the ruling in the Microsoft case, but Judge Reuter responded that Google stores it’s data overseas in a way that makes it impossible for law enforcement in the United States to ask for and receive legal assistance from a foreign state.
It is not known if Judge Reuter’s ruling means that turning over the e-mails would only become a violation of privacy if the information is disclosed in court. Judge Reuter said in his opinion that, “When Google produces the electronic data in accordance with the search warrants and the Government views it, the actual invasion of the account holders’ privacy- the searches – will occur in the United States. Even though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States.” If the ruling by Judge Reuter stands, it could put the US in violation of international treaties. The warrants in both the Microsoft case and the Google case were issued under the Stored Communications Act of 1986, an act which many view as outdated. “We recognize at the same time that in many ways the [Stored Communications Act of 1986] has been left behind by technology. It is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose,” Judge Susan Carney wrote in her opinion on the Microsoft case.
Privacy activists remain hopeful that Judge Reuter’s ruling will be overturned on appeal. A statement issued by Google in response to Judge Reuter’s ruling said that, “The magistrate in this case departed from precedent, and we plan to appeal the decision. We will continue to push back on overbroad warrants.” Google receives around 25,000 requests from US law enforcement annually for user data.