As companies and individuals move away from storing information on their own computers into the cloud, concerns about the privacy of personal data in the hands of third party providers are steadily increasing. Recently, the U.S. District Court for the Southern District of New York held that an internet service provider (ISP) can be compelled to produce personal information located outside of the U.S. for purposes of a criminal investigation. If adopted by other courts, this decision would broaden the power of law enforcement agencies to obtain information stored on third-party servers, both domestically and abroad. It also raises significant questions about the constitutional limits on the U.S. government's ability to collect information from ISPs.