washington_banner

    Google, but Not Microsoft, Must Turn Over Foreign E-mails

    Feb 08, 2017

    A U.S. judge ordered Google to turn over customer e-mails stored outside the United States, even though a federal appeals court ruled in a similar case that Microsoft Corp. did not have to turn over user e-mails stored in Ireland.

    U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled last week that transferring e-mails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure, Reuters reported.

    The judge said there was "no meaningful interference" with the account holder's "possessory interest" in the data sought.

    "Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States," Rueter wrote.

    Google said it will appeal the decision. "The magistrate in this case departed from precedent. We will continue to push back on overbroad warrants," Google said in a statement.

    The ruling came less than two weeks after the 2nd U.S. Circuit Court of Appeals in New York denied a U.S. government petition for a re-hearing of its July 2016 ruling that Microsoft could not be forced to turn over e-mails stored on a server in Dublin, Ireland. U.S. investigators sought the e-mails in a narcotics case.

    The 2016 decision stemmed from a December 2013 warrant ordering Microsoft to turn over the contents of an e-mail account used by an alleged drug trafficker. Microsoft provided account information that was stored on U.S. soil, but it said the e-mail content stored on servers in Ireland was off limits.

    While they were divided on the decision, the entire panel of justices in the Microsoft case agreed that Congress needs to update the 1986 Store Communications Act (SCA), which was at the heart of the case, to better balance privacy, crime fighting, and national security.

    Judge Susan Carney concurred with the majority opinion, saying that Congress did not intend for the law to apply “extraterritorially,” or outside U.S. borders, and she rejected the government’s argument that the data should be considered domestic because it could be accessed by Microsoft.

    “Mundane as it may seem, even data subject to lightning recall has been stored somewhere, and the undisputed record here showed that the ‘somewhere’ in this case is a data center firmly located on Irish soil,” she wrote in her opinion.

    Judge Dennis Jacob dissented, saying that the United States was not reaching beyond its borders when the information it sought was easily accessible in a Microsoft computer terminal in Redmond, Wash.

    “The panel majority’s opinion has created a roadmap for even an unsophisticated person to use email to facilitate criminal activity while avoiding detection by law enforcement,” Judge Jose Cabranes wrote in his dissent, arguing that the panel’s decision could thwart law enforcement efforts as well as efforts to protect the United States and its allies.

    Activists said the case could have far-reaching implications. For example, Jennifer Granick of the Stanford Centre for Internet and Society said that, in her view, Microsoft’s win could result in future cases being decided in countries with less privacy protections. It also may push more companies to “localize” data in places where authorities can’t access it.

    But Greg Nojeim of the Center for Democracy and Technology said a ruling in favor of the U.S. government would have been worse, perhaps even resulting in “chaos and a privacy disaster.”

    According to Nojeim, if the court had ruled in favor of the government, tech firms “would have been subject to conflicting obligations to an even greater extent than is the case today, and users’ communications privacy could become, over time, subject to the whims of not just the U.S. government, but also other countries seeking their data.”

    Relying on the Microsoft decision, Google said it believed it had complied with the warrants it received by turning over data it knew was stored in the United States. But with the decision against Google, things have gotten a lot more confusing for U.S. tech firms that store customer data overseas.

    Sources:
    SCMP.com
    Reuters.com

    The Washington Policy Brief is an online advisory that contains brief summaries of recent legislative and regulatory issues that may affect the records and information management profession. Further information about the issue is accessed by clicking on the link provided at the end of each summary.

     

    Want to sign up to receive an e-mail version of the Washington Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

     

     

    © 2017, ARMA International