Just two weeks ago, a United States Magistrate Judge for the Eastern District of Pennsylvania handed down a decision compelling Google to produce electronic data, even though the data had been stored on servers in foreign countries. Magistrate Judge Thomas J. Reuter determined that requiring Google to retrieve information stored on foreign servers does not constitute a “search” or a “seizure” outside the United States.
The decision essentially rests on the basis that it is not a seizure of foreign data, as all Google needs to do is copy the information, and transfer it to the United States. Then, once it is received in the United States, it can be lawfully seized as information within the United States jurisdiction. Thus, Magistrate Judge Reuter concluded the privacy invasion at issue occurred in the United States, the warrant would lawfully cover the requested information, and the United State courts could order the data’s disclosure.
The United States government initially asked for these emails when they filed for a search warrant pursuant to §2703(b) of the Stored Communications Act—18 U.S.C. §2703—to get the “data associated with three Google accounts held by an individual who reside[s] in the United States.” The initial search warrant was granted, and Google partially complied with the requirements set out in the warrant. However, Google did not disclose all of the data in question on the grounds that the data was stored outside the United States, and that the search warrant was over broad. The United States then sought the compulsion of disclosure of the data by Google, primarily because the individual at question resided within the United States. The Eastern District of Pennsylvania agreed, and issued the order compelling disclosure.
In coming to this decision, the court relied heavily on the fact that the individuals whose information would be disclosed were United States residents, and the data that was requested was exchanged within the United States. The court based its decision on the fact that the crimes at issue were committed within the United States as well.
This decision has come as a surprise to the law community, as just last year the Second Circuit in Microsoft Corporation v. United States, determined that “§ 2703 of the Stored Communications Act does not authorize courts to issue and enforce against U.S.-based service providers warrants for the seizure of customer e-mail content that is stored exclusively on foreign servers.”
In the Microsoft case, the Second Circuit held that the Stored Communications Act did not contemplate extraterritorial application, and that interpreting the term “warrant” to include extraterritorial application would go against the Supreme Court’s decision in Morrison v. National Australian Bank Ltd., 561 U.S. 247 (2010), emphasizing a presumption against extraterritoriality. In other words, the Second Circuit had determined that the United States could not compel private organizations, such as Google or Microsoft, to release information that was stored on foreign servers based primarily on a jurisdictional basis.
While the Eastern District of Pennsylvania is not within the Second Circuit’s jurisdiction, it does show that this area of law could be another area of potential circuit splits, and it indicates that there is a huge divide within the legal community as to what information the United States can compel when the information may not be stored within the jurisdictional boundaries of the United States. The Fourth Amendment has long been an area of muddiness within the courts, and with an open spot on the current Supreme Court bench, it doesn’t seem as though this area will get much clearer soon. However, this is something many courts, and possibly even the Supreme Court, are going to have to be prepared to address as technology continues to develop, and the world becomes a more interconnected place.