Google has been ordered to hand its users’ emails over to FBI agents with search warrants, even if those communications are stored on servers outside of the United States. The decision, by Philadelphia district Judge Thomas Rueter, has implications for privacy laws in the United States, running counter to a similar case last year involving Microsoft.
In that case, heard in July, a New York appeals court ruled that Microsoft did not have to hand over emails sought in an FBI narcotics case because they were kept on a server in Dublin, Ireland. But in the more recent Google case, Judge Rueter said that obtaining emails from overseas servers did not qualify as seizure because there was no “meaningful interference” with the user’s “possessory interest” in the information.
“Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States,” Rueter said. Google had argued that it had already complied with search warrants, providing emails stored inside the United States to FBI agents, but noted that it sometimes split emails into parts to boost network performance. That fact means that it stores information on servers around the globe, and isn’t always sure where specific emails are kept.
Google said it plans to fight against the ruling. “The magistrate in this case departed from precedent, and we plan to appeal the decision,” the company said in a statement. “We will continue to push back on overbroad warrants.”
The warrants in both the Google and Microsoft cases were issued under the 1986 Stored Communications Act — a law many in the tech industry see as archaic and increasingly irrelevant to modern data storage. Judge Susan L. Carney, who presided over the Microsoft case last July, noted as much in writing. “We recognize at the same time that in many ways the [Act] has been left behind by technology,” she wrote last year. “It is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose.”
It had appeared that Carney’s decision would form new precedent for cases like this, especially after the same appeals court decided against reviewing the decision in January of this year. But Judge Rueter’s new ruling suggests that may not be the case, coming as a blow to tech companies and privacy advocates alike.