A U.S. judge has ordered Google to hand over emails stored outside the country in order to comply with an FBI search warrant.The warrant in question pertains to a domestic fraud probe.
The ruling is notablebecause it goes against an appeals court judgement last year recently upheld pertaining to Microsoft customer data held in servers outside the US. In that instance a federal court ruled the company did not have to hand over data stored on its servers in Ireland to the US government, declining to disregard the presumption against extraterritoriality, as the judge put it.
Howeverin the Google case, U.S. Magistrate Judge Thomas Rueter ruled on Friday that the act of transferring emails from a foreign server did not qualify as a seizure. According toReuters,the judgeruledthere isno meaningful interference with the account holders possessory interest, going on to assert that any privacy infringementoccurs at the time of disclosure in the United States, rather than when the data itself is transferred.
Googles legal team had sought to use the Microsoft rulingas precedent to challenge the warrants scope. The company hadturned over data that was stored in the US only. In a statement it saidit will be appealing the judgement. The magistrate in this case departed from precedent, and we plan to appeal the decision.We will continue to push back on overbroad warrants, it said.
Both cases involve warrants issued under a 1986 federal law called the Stored Communications Act, which as you can imagine, given itsdate-stamp has long been described as awoefully outdated piece of legislation vs thetechnology it is now being used to regulate.
The judge inthe recentMicrosoft appeals case wrote that the Act is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose.
The Department of Justice certainly appearsintent on applying pressure on Congress via multiple cases in the courts pressing the question of where the line should be drawn onextraterritoriality applications to access stored data.
And with the confusion of conflicting legal judgements being issued in circuit courts, there will be growingpressure for clarity either byCongress revising thelegislation, or by cases being pushed to the Supreme Court for a definitiveruling.
For privacy advocates this data access tug-of-war remains one to watch. Not least given thatanyconcretemoves to expand the scope of domestic warrants outside the US could undermine international treaties byconflicting with data protectionlaws elsewhere. While, on the flip side, any legal clarity limiting the jurisdiction of search warrants to data stored domestically couldpush US legislators towards data localization rules.
In one related development latelast year, Congress approved a controversialSupreme Court rule changeexpanding FBI search powers by enabling a judge to sign off a warrant for searches outside their own district which could in theory be used to issue remote access warrants for the FBI tohack devices that are physically located out of their jurisdiction or even overseas.
Critics argued a procedural change was being used to push through hugely expanded powers for state agents.
Edward Snowden (@Snowden) December 1, 2016