Google has been ordered to hand over a bunch of e-mails to the FBI in association with a domestic fraud case. While that in itself wouldn’t be so odd, the fact that these e-mails are stored outside the United States is what makes the situation out of the ordinary.
Last year, a case saw Microsoft go to the courts to appeal against a similar judgment. In that case though, an appeals court ruled that the company was not required to hand over data that was not stored on the US soil. The data in question was stored in Ireland — a location preferred by corporate entities to create data centers because of its flexible rules and tax amenities.
So yes, Google could have been expecting a similar decision. And indeed, its legal team attempted to use the Microsoft ruling in order to sway the decision in their favor and challenge FBI’s warrant. However, U.S. Judge Thomas Rueter ruled that the act of bringing emails back from a foreign server was not liable to be qualified a seizure. As per Reuters, the Judge said:
this was because there was “no meaningful interference” with the account holder’s “possessory interest” in the data sought.
So basically, the judge ruled that any privacy infringement if it occurred, took place at the time of disclosure in the United States — and not when the data was actually transfered from abroad.
Interestingly, both the cases have been decided using a 1986 federal law called the Stored Communications Act. The law has often been called outdated and ancient and people have spoken about the need to replace it with something more suited to the present times. Indeed, the federal judge who ruled in Microsoft’s favor also spoke out about the need to make some big changes to the rule stating that it was:
overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose.
The law also brings international treaties into question considering that other countries — Ireland for example — could have different rules regarding the data stored on their soil. However, not allowing US agencies to access the data could also prompt lawmakers to force corporations to store data on the US soil.
So yes, a lot of factors need to be taken into account while drafting a new law — if it gets drafted! — that can take all the involved variables into account and satisfy federal agencies while also protecting user privacy an international treaties.
Sounds tough. Meanwhile, Google has reiterated its commitment to challenge the decision:
The magistrate in this case departed from precedent, and we plan to appeal the decision. We will continue to push back on overbroad warrants.