D.D.C.: SCA allows SW for Google email stored overseas

Google’s storing information overseas doesn’t make it immune to a court order in the U.S., disagreeing with the Second Circuit’s Microsoft I decision. In re Search of Information Associated with [Redacted]@gmail.com that is Stored at Premises Controlled by Google, Inc., 2017 U.S. Dist. LEXIS 130153 (D.D.C. July 31, 2017):

The explication of these errors proceeds by explaining, first, why the SCA warrant was simply a domestic execution of the court’s statutorily authorized enforcement jurisdiction over a service provider, which may be compelled to retrieve electronic information targeted by the warrant, regardless of where the information is “located;” second, why an SCA warrant is unlike a traditional “search warrant” and thus does not carry with it the “traditional, domestic connotations” of an ordinary search warrant, see Microsoft I, 829 F.3d at 213; third, why, if applicable, the extraterritoriality analysis of Morrison and RJR Nabisco puts the correct “focus” of the SCA warrant provision on “disclosure”; and fourth, why, regardless of whether the “focus” of the SCA provision is “privacy,” “disclosure,” or both, the “conduct relevant to that focus” is Google’s “disclosure” of the user communications, which takes place wholly inside the United States and is a domestic application of the statute. Finally, this section concludes with discussion of the serious policy implications of the Microsoft panel’s decision, which, while not dispositive, highlight its legal defects

. . .

3. The SCA Warrant At Issue is a Domestic Application of the SCA

Notwithstanding the fact that the SCA warrant in this case was executed domestically and does not implicate extraterritorial concerns at all, Google nonetheless argues—echoing the position taken by the Microsoft panel—that the SCA warrant is an extraterritorial application of the SCA. Even assuming the presumption against extraterritorial application of statutes were implicated in this case—and it is not—the presumption would not bar the order in this case compelling Google to comply fully with the SCA warrant.

. . .

4. The Troubling Consequences of Microsoft

Although not dispositive, the problematic repercussions of Google’s and the Microsoft panel’s interpretation of the SCA deserve comment. Under the guise of protecting privacy, Google’s position undermines it, while at the same time impairing the government’s ability to investigate and prosecute criminal activity. In particular, two key consequences stand out.

First, under the construction of the SCA adopted by the Microsoft panel and urged by Google, certain electronic communications held by providers would be impossible to obtain, thereby threatening time-sensitive criminal investigations. Under § 2703, the contents of an electronic communication that has been in electronic storage for less than 181 days may only be obtained with a warrant. 18 U.S.C. § 2703(a). While the government is generally able to use Mutual Legal Assistance Treaties (“MLATs”) to obtain evidence located abroad, this process would likely be useless in seeking electronic communications held by service providers like Google. Google’s dynamic network architecture “automatically moves data from one location on Google’s network to another as frequently as needed to optimize for performance, reliability, and other efficiencies,” Stip. ¶ 4, such that the network may “change the location of data between the time when the legal process is sought and when it is served,” id. By the time the MLAT process had begun, any electronic communications targeted in an SCA warrant could have moved to a completely different country, making the effort to obtain this evidence a global game of whack-a-mole. Likewise, by virtue of the nature of Google’s network, “[s]ome user files may also be broken into component parts, and different parts of a single file may be stored in different locations (and, accordingly, different countries) at the same time.” Id. ¶ 3. Even if Google could determine where each of the different “shards” of information were located for a given customer’s electronic communications, the government would be forced to seek legal process in multiple foreign jurisdictions. Most significantly, however, the MLAT process would be useless because, as Google states, the only personnel with the authority to access user communications are located in the United States. Id. ¶ 5; see, e.g., In re Search Warrant No. 16-960-M-01 to Google, 232 F.Supp. 3d 708, 2017 WL 471564, at *14 (“[I]t would be impossible for the Government to obtain the sought-after user data” stored by Google “through existing MLAT channels”). In other words, even if MLAT partners wished to help, the necessary assistance must come from U.S. based personnel.

Second, the Microsoft decision may incentivize states to pass data localization laws to restrict their nationals from locating customer data abroad. If U.S. law does not permit U.S. law enforcement to obtain customer information stored on servers abroad, other countries may enact laws restricting where this information can be stored. Already, one major technology company is opening a data center in China to comply with the Chinese data localization law. See Paul Mozur, Daisuke Wakabayashi, and Nick Wingfield, Apple Opening Data Center in China to Comply with Cybersecurity Law, N.Y. Times, July 12, 2017. If Microsoft became the national policy, other countries may follow this path of requiring localization of data for access to electronic communications otherwise put out of law enforcement’s reach, with concomitant adverse effects on network flexibility and privacy, especially since foreign surveillance laws may afford less privacy protection than U.S. law.

* * *

The Supreme Court has instructed that the lower courts may not engage in “judicial-speculation-made-law—divining what Congress would have wanted if it had thought of the situation before the court.” Morrison, 561 U.S. at 261. The role of the courts is “to give the statute the effect its language suggests, however modest that may be; not to extend it to admirable purposes it might be used to achieve.” Id. at 270. This admonition, however, does not mean that the courts are forbidden from emphasizing the policy outcomes of an erroneous decision and exposing the flaws in a party’s reasoning. As stated above, Google’s argument is premised on a notion that its position best aligns with the “privacy focus” of the SCA. It does nothing of the sort. This case is not about Google protecting customer privacy. In this case, the government complied with the probable cause standard, the most stringent form of privacy protection afforded by the Fourth Amendment, following scrutiny by a neutral magistrate. As stated by Judge Lynch in his concurrence, “[t]o uphold the warrant here would not undermine basic values of privacy as defined in the Fourth Amendment and in the libertarian traditions of this country.” Microsoft I, 829 F.3d at 222 (Lynch, J., concurring).

This case is actually about whether courts can compel evidence stored by service providers on servers located abroad. The Microsoft panel’s decision, and the position urged by Google, runs directly counter to well-established law that courts can do so and for good reasons. At the same time, the Microsoft decision does little to protect customer privacy and succeeds only in pouring molasses on the ability of the government to conduct lawful criminal investigations to protect the public.


For the foregoing reasons, the Magistrate Judge’s Order is AFFIRMED, as consistent with this Memorandum Opinion. The United States Attorney’s Office is directed, by August 4, 2017, to review this Memorandum Opinion and advise the Court whether any portions should be redacted prior to filing on the public docket.

This entry was posted in E-mail. Bookmark the permalink.

Comments are closed.