Google Must Turn Over Data Stored Abroad Sought Under U.S. Warrant

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

Alphabet Inc.'s Google has lost a bid to overturn a magistrate judge’s order forcing the company to turn over Gmail data stored abroad in response to a federal warrant ( In re Google Inc. , N.D. Cal., No. 16-mc-08263, review denied 8/14/17 ).

Companies that store data on servers located outside the U.S. increasingly face the prospect that a government warrant seeking access will be upheld if the company is able to access and move the data from within the U.S. Companies should assess their privacy policies and promises in that context, privacy attorneys told Bloomberg BNA.

Judge Richard Seeborg of the U.S. District Court for the Northern District of California Aug. 14 upheld a magistrate judge’s order denying Google’s motion to quash the warrant. Google must turn over all content that is “accessible, searchable, and retrievable from the” U.S. pursuant to the lawful warrant under the Stored Communications Act (SCA), Seeborg said. The SCA warrant, served on U.S.-based Google, was a “domestic application of the statute” because the data is “easily and lawfully” accessed and disclosed in the U.S., he said. Also, the “conduct relevant” to the warrant occurred in the U.S., he said.

The SCA, which is part of the Electronic Communications Privacy Act, prohibits unauthorized access to electronic communications held in a storage facility. Law enforcement agencies must get a warrant to access such data if it is less than 180 days old.

Google fought to quash the warrant and overturn the magistrate judge’s opinion because it believed that the SCA warrant was applied beyond U.S. borders in violation of the statute and turning over the data would flout user privacy interests.

There is a “growing consensus” among courts in SCA cases “that the location of the data being requested is less important than the location of the cloud provider or the location where the retrieval of data will take place,” Timothy Newman, privacy and cybersecurity associate at Haynes & Boone LLP in Dallas, told Bloomberg BNA Aug. 15.

The court upheld the warrant here in part because Google’s Legal Investigation Support team is the only group “authorized to access user data for production in response to legal process, and the entire team is located in the” U.S., Newman said. The “growing trend” of courts accepting SCA warrants in rulings in favor of the government and against cloud service providers when data is stored abroad should motivate companies to “consider the impact of these orders on their storage and retrieval practice, their privacy policies, and their customer agreements,” Newman said.

Google didn’t immediately respond to Bloomberg BNA’s email request for comment.

Growing Trend

The U.S. Court of Appeals for the Second Circuit’s ruling in Microsoft v. United States that Microsoft need not turn over emails stored in Ireland to law enforcement because the SCA warrant didn’t reach data stored in overseas data centers isn’t being followed by district courts. The U.S. Department of Justice June 23 asked the U.S. Supreme Court to review the Microsoft decision. The justices haven’t issued a decision on the request.

Warren Stramiello, counsel and chief information security office at Gallo LLP in San Rafael, Calif., told Bloomberg BNA Aug. 15 that the latest Google case is “another beat in the almost uninterrupted drumroll of cases that reject or limit” the Second Circuit’s Microsoft decision. Courts have shown that “physical borders matter less” than whether the warrant “target has possession, custody, or control over the data,” he said.

Craig A. Newman, partner at Patterson Belknap Webb & Tyler LLP, told Bloomberg BNA Aug. 15 that SCA cases are “getting more fragmented and dependent on the storage technology used by the service provider.” Recent district court cases have offered “strong rebukes” to the Microsoft ruling, he said.

Network Efficiency

Google’s decision to store data based on network efficiency rather than where a user is located “certainly played a part in the decision,” Stramiello said.

Seeborg reached this decision in part because Google moves data around from one location to another automatically for business optimization purposes. Under Google’s interpretation of the statute, U.S. warrant authority would be “arbitrarily confined based on where the data is located pursuant to an algorithm, not any territorially meaningful storage decision,” he said.

Google’s algorithmic-based storage may be the reason why the case differs from the Second Circuit’s Microsoft case, Stramiello said. In Microsoft, the Redmond-Wash.-based software giant stored consumer data based on where a user is located, he said. Google’s lack of a “territorial tether was important” to the court, “as was Google’s transferring of data across international borders to optimize its own storage network,” he said.

Timothy Newman said that courts are having “an easier time enforcing these warrants when the location of the data is determined by an algorithm and not based on user-specified location.”

Perkins Coie represented Google. The Justice Department represented the government.

To contact the reporter on this story: Daniel R. Stoller in Washington at

To contact the editor responsible for this story: Donald Aplin at

For More Information

The court's opinion is available at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security