The new case involves two routine Stored Communications Act warrants served on Google for the contents of emails. Google responded with the emails that it knows were stored inside the United States, but it refused to turn over emails that could be outside the United States. Because Google breaks up its emails and the network might distribute them anywhere in the world, Google can’t know where many emails are located and declined to produce them under the Second Circuit’s Microsoft case.
The government moved to compel Google to produce all of the emails within the scope of the warrant. Magistrate Judge Thomas J. Rueter ruled that Google has to comply with the warrant in full because “the conduct relevant to the SCA’s focus will occur in the United States” even for the data that is retrieved from outside the United States:
That is, the invasions of privacy will occur in the United States; the searches of the electronic data disclosed by Google pursuant to the warrants will occur in the United States when the FBI reviews the copies of the requested data in Pennsylvania. These cases, therefore, involve a permissible domestic application of the SCA, even if other conduct (the electronic transfer of data) occurs abroad.
The court reasoned that when a network provider is ordered to retrieve information from abroad, that copying of information abroad and sending back to the United States does not count as a Fourth Amendment “search” or “seizure” outside the United States:
This court agrees with the Second Circuit’s reliance upon Fourth Amendment principles, but respectfully disagrees with the Second Circuit’s analysis regarding the location of the seizure and the invasion of privacy. The crux of the issue before the court is as follows: assuming the focus of the Act is on privacy concerns, where do the invasions of privacy take place? To make that determination, the court must analyze where the seizures, if any, occur and where the searches of user data take place. This requires the court to examine relevant Fourth Amendment precedent.
According to the court, there was no seizure abroad:
Electronically transferring data from a server in a foreign country to Google’s data center in California does not amount to a “seizure” because there is no meaningful interference with the account holder’s possessory interest in the user data. Indeed, according to the Stipulation entered into by Google and the Government, Google regularly transfers user data from one data center to another without the customer’s knowledge. Such transfers do not interfere with the customer’s access or possessory interest in the user data. Even if the transfer interferes with the account owner’s control over his information, this interference is de minimis and temporary. See Jacobsen, 466 U.S. at 125-26 (holding that permanent destruction of small portion of property for testing a de minimis intrusion on possessory interest); United States v. Hoang, 486 F.3d 1156, 1162 (9th Cir. 2007) (“[N]o seizure occurs if a package is detained in a manner that does not significantly interfere with its timely delivery in the normal course of business.”), cert. denied, 552 U.S. 1144 (2008).
Further, there was no search abroad:
When Google produces the electronic data in accordance with the search warrants and the Government views it, the actual invasion of the account holders’ privacy- the searches – will occur in the United States. Even though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States.
Because the search and seizure occurred in the United States, not abroad, the relevant privacy invasion was domestic and a domestic warrant could order it.
The court also argued that this outcome was needed to avoid absurd results. Because Google does not know where the emails are located, and yet Google has configured its network in a way that emails can only be accessed from California, applying the Second Circuit’s reasoning would lead to the absurd result that the information would be completely immune from legal process. The court presents that as a ground to distinguish the Microsoft case on its facts, see Footnote 17, but I think it’s more fair to say it’s a reason the court rejects the Second Circuit’s reasoning:
[I]f the court were to adopt Google’s interpretation of the Microsoft decision and apply such a rationale to the case at bar, it would be impossible for the Government to obtain the sought-after user data through existing MLAT channels. In contrast, under this court’s interpretation, Google will gather the requested undisclosed data on its computers in California, copy the data in California, and send the data to law enforcement agents in the United States, who will then conduct their searches in the United States.
Here are two thoughts on the new decision.
1) Although I think the Second Circuit’s opinion is deeply flawed — the more I think of it, the more I think my argument in this post has to be correct — I don’t think the reasoning of this decision works. The issue in this case is statutory, not constitutional. Even if you accept the (wrong) framing of the issue as being whether the SCA applies outside the United States, the answer has to come from what Congress focused on, not where the constitutional privacy interest may or may not be.
Where you place the Fourth Amendment search or seizure strikes me as irrelevant to the extraterritorial focus of the statute. Remember, when the SCA was enacted in 1986, there was good reason to think emails weren’t covered by the Fourth Amendment at all. That was part of the reason the SCA was enacted. The SCA created Fourth Amendment-like rights by statute because it wasn’t clear if the Fourth Amendment applied. If that thinking was right, then there was no constitutional privacy “focus” in the SCA at all. It was all a statutory right, not a constitutional one. I don’t think it works to conduct a Fourth Amendment analysis 31 years later and then to say that, based on the Fourth Amendment inquiry today, the real interest Congress was regulating is deemed to be domestic so the statute applies. This is about what Congress did in 1986, not how the Fourth Amendment should be interpreted in 2017.
2) Even accepting the court’s framing, I don’t think it’s right that no seizure occurred abroad. As I see it, copying Fourth Amendment-protected files seizes them under the Fourth Amendment “when copying occurs without human observation and interrupts the stream of possession or transmission” (Orin S. Kerr, Fourth Amendment Seizures of Computer Data, 119 Yale L.J. 700, 700 (2010)). That test is satisfied here when the information was copied. The court suggests that bringing a file back to the United States is not a seizure because Google moves data around all the time and “this interference is de minimis and temporary.” I don’t think that works. Google is a private company not regulated by the Fourth Amendment, so whether it moves around data is irrelevant. And I don’t see what is “de minimis and temporary” about the government ordering Google to make a copy of your email pursuant to a court order. It certainly may be a reasonable seizure, but I think it’s still a Fourth Amendment seizure.
Stay tuned, as always.
Oh, and full disclosure: In the past, I have done some legal work for Google. And way back when, I did even more legal work for the United States. Obviously I have no involvement in this litigation, and I am writing entirely in my personal capacity.