The technology community took aim at a recent federal magistrate’s ruling that ordered Google Inc. to comply with search warrants seeking customer emails stored on servers abroad, calling the decision “an impermissible extraterritorial application of U.S. law.” In rejecting a recent federal appeals court decision in a similar case in favor of Microsoft Corp., U.S. Magistrate Thomas J. Reuter in Philadelphia ruled that transferring emails from a foreign server to the U.S. was not tantamount to a seizure beyond American borders. The technology companies urged the court to reject the “fiction that such a foreign search and seizure is a domestic act….”
In amicus briefs filed last week in support of Google’s appeal of the magistrate’s decision, Amazon.com, Apple Inc., Cisco Systems, Inc., Microsoft and Yahoo! Inc., all embraced a ruling by the U.S. Court of Appeals for the Second Circuit issued just seven months ago – Microsoft v. United States – holding that the government cannot use a warrant issued under the Stored Communications Act or “SCA” to compel an Internet service provider to retrieve email content stored on foreign servers. Last month, the Second Circuit refused to revisit its ruling.
“Rather than relying on established laws and rules,” the technology companies argued, “the magistrate judge … [set] off a chain of events that creates confusion, ignores international law and interests, and makes it more difficult for providers … with subsidiaries that manage and control data outside the U.S. to honor their obligations to customers, the U.S., and the foreign countries in which they operate.”
The technology companies chastised Magistrate Reuter for going well beyond interpretation of the SCA. “The magistrate … erred both in looking to policy considerations and in his ultimate conclusion that there is no invasion of privacy when a service provider is compelled by the government to execute an SCA warrant by seizing and copying private communications in another country – and that the only privacy breach occurs upon later domestic disclosure of the data to the government.”
Magistrate Reuter’s decision is one of two recent cases – the other is from a federal magistrate in Milwaukee – that have rejected the Second Circuit’s ruling in the Microsoft case and ordered Internet service providers to turn over customer email traffic stored on foreign servers. Both decisions involved search warrants issued under the SCA, a 1986 law that created Fourth Amendment-type protections for electronically stored data including a requirement that the government secures a warrant before seizing electronic information.
In the Philadelphia case, the warrants sought the contents of email communication in connection with two separate criminal investigations – both of which involved accountant holders who were U.S. citizens. Google responded to the warrants by producing the content of emails stored on its servers in the U.S. but refused to turn over emails stored outside of the country citing the Microsoft ruling.
Magistrate Rueter concluded that, even though the data was stored abroad, “the invasions of privacy will occur in the United States … when the FBI reviews the copies of the requested data in Pennsylvania.” He reasoned that ordering Google to retrieve data from foreign servers did not amount to a seizure under the Fourth Amendment: “Electronically transferring data from a server in a foreign country to Google’s data center in California does not amount to a ‘seizure’ because there is no meaningful interference with the account holder’s possessory interest in the user data.”
And on February 21, 2017, U.S. Magistrate William E. Duffin in Milwaukee also rebuked the Second Circuit’s Microsoft ruling and held that both Google and Yahoo were required to turn over data within the service providers’ custody and control “regardless of whether that data may be stored on servers in and outside of the United States.” In that case, it wasn’t even clear that any data sought was stored abroad. “[I]t is possible that some of the information sought may be stored on servers outside of the United States,” the magistrate wrote.
Magistrate Duffin called it “immaterial where a service provider chooses to store its customer’s data; what matters is the location of the service provider.” The court further wrote, “If a service provider is subject to the jurisdiction of this court, the court may lawfully order that service provider to disclose, consistent with the SCA, that which it can access and deliver in the United States.”
The reach of the SCA has now been put to the test in three high profile cases with sharply results. The Philadelphia case led Orin Kerr, a law professor at George Washington University, to observe that the recent ruling “shows that the Justice Department is asking judges outside the Second Circuit to reject the Second Circuit’s ruling….” And so far, two magistrates have done just that.
As always, we’ll continue to report on these cases as they make their way through the appellate process.