Google’s Data Handling Practices Force Company To Turn Over Foreigner’s Data

By Lucian Armasu
published

Recently, a court said that Google must hand over the data of a number of its non-American users that was stored overseas. The company moved to quash the order, arguing that because the data was stored abroad, it doesn’t have to comply with U.S. data requests. However, magistrate judge Laurel Beeler rejected Google’s objections.

U.S. Warrants For Foreigners’ Data

Earlier this year, U.S. magistrate judge Thomas Rueter in Philadelphia ruled that Google should give the FBI access to some foreign emails. The judge also said that the request didn’t constitute a “seizure” of the data when the data was simply transferred from abroad to the U.S., and any privacy infringement would occur at the time of disclosure. The warrant pertained to a domestic fraud probe.

Last year, Microsoft won a an appeal in a similar case in a federal court, and Google tried to argue that this precedent should apply in its case, too. In both cases, the government used the Stored Communications Act, which is part of the Electronic Communications Protection Act (ECPA).

The ECPA hasn’t been updated since 1986 and has been described as outdated. The U.S. House has unanimously voted to reform the ECPA over the past year, but so far it has been unsuccessful, as the Senate has kept refusing to put it up for a vote.

Google’s Data Handling At Fault

Unlike Microsoft, which tends to keep users’ data near the location the user lives, Google seems to frequently transfer foreigners’ emails and other data to U.S. servers. Google said it does this to increase network performance (although it's not clear why the data wouldn’t be closer to the user then), but it’s more likely it also does this to aggregate and then mine the data for advertising purposes.

The judge argued that because Google can access the data in the U.S., then so can the U.S. government:

"The service provider – Google – is in the district and is subject to the court's jurisdiction; the warrant is directed to it in the only place where it can access and deliver the information that the government seeks," wrote judge Beeler."Unlike Microsoft, where storage of information was tethered to a user's reported location, there is no storage decision here. The process of distributing information is automatic, via an algorithm, and in aid of network efficiency,” she added.

Right now it looks like Google lost this battle because of its data handling policies. This win for the FBI will likely encourage the agency to increase the number of data requests to Google, as well as to other companies that tend to bring foreigners’ data to the country.

The solution to offering foreigners more privacy against the U.S. government’s increasing reach seems simple, albeit potentially more expensive: doing what Microsoft did and keeping foreigners’ digital content in data centers outside of the United States. Considering Microsoft won its own case because of this strategy, that solution should also work for other companies.

Users who don’t want to wait on Google or other companies to do this should also consider using competing services that do offer that sort of privacy or are located only outside of the United States.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
12 Comments Comment from the forums
  • rantoc
    And the reason why the US tech companies will start to crumble, started by their own government actions no less!
    Reply
  • randomizer
    Google should move its HQ overseas. Then it can ignore requests from foreign courts.
    Reply
  • nitrium
    19595460 said:
    Google should move its HQ overseas. Then it can ignore requests from foreign courts.
    Good thinking!. Maybe the Moon would be best. That way they can more completely harvest everyone's user data/browsing habits without any judicial jurisdiction or oversight whatsoever and then sell said data to corporations/governments unmolested! Win for Google. Win for multinational corporations! Win for governments! Win for us... oh wait.
    Reply
  • CKKwan
    Where does Google wants to move to this time? It moved to HK when China requested for Data
    Reply
  • randomizer
    19596273 said:
    Good thinking!. Maybe the Moon would be best. That way they can more completely harvest everyone's user data/browsing habits without any judicial jurisdiction or oversight whatsoever and then sell said data to corporations/governments unmolested! Win for Google. Win for multinational corporations! Win for governments! Win for us... oh wait.

    The situation we're in right now is already a win for the US government. That is why I suggested that Google should move overseas (specifically to a country that values privacy), where it is no longer at the beck and call of US three letter agencies and "judicial oversight."
    Reply
  • irish_adam
    19596273 said:
    19595460 said:
    Google should move its HQ overseas. Then it can ignore requests from foreign courts.
    Good thinking!. Maybe the Moon would be best. That way they can more completely harvest everyone's user data/browsing habits without any judicial jurisdiction or oversight whatsoever and then sell said data to corporations/governments unmolested! Win for Google. Win for multinational corporations! Win for governments! Win for us... oh wait.

    Your understanding of the situation and of Google would be funny if so many people didnt also hold this view. Google NEVER sells your data and why the hell would they? Its taken them years and countless billions to build up their vast amounts of data, selling it would hugely undermine their company. They also fight tooth and nail against governments requesting your user data just as most tech companies do. Actually do some research and get a better understanding of what you talk about before you start posting nonsense.
    Reply
  • alextheblue
    19595174 said:
    And the reason why the US tech companies will start to crumble, started by their own government actions no less!
    Not every US tech company is vulnerable to this. Did you read the article? Microsoft successfully beat the DOJ in a similar case. Why? They keep customer data in local datacenters across much of the world. If you're in England, your data isn't stored in the US, it's in England. Microsoft has spent a fortune setting up an extensive network of large datacenters all over the world specifically to protect customer data from outside governments. Now, that doesn't mean that your country's government can't legally request data, but the US DOJ can not force MS to turn over foreign data without going through the proper channels AND receiving authorization from your government.

    Google... well... they never gave much of a damn about this issue until right about... now.

    19597689 said:
    Your understanding of the situation and of Google would be funny if so many people didnt also hold this view. Google NEVER sells your data and why the hell would they? Its taken them years and countless billions to build up their vast amounts of data, selling it would hugely undermine their company. They also fight tooth and nail against governments requesting your user data just as most tech companies do. Actually do some research and get a better understanding of what you talk about before you start posting nonsense.
    Google doesn't just stockpile user data they've mined over the years and save it in a big dark vault and never use it. Where exactly do you think Google gets all their billions? They give everything away for "free", doesn't that strike you as odd that they're so flush with cash? They are an advertising firm, and they DO sell your data and analytics, but it's mostly indirectly. I'm not talking about selling access to your Google drive, since that's probably what you envisioned. I'm talking about monetizing the information they skim from your digital actions (including skimming your email inbox). Look at their revenue. The vast majority (like 90%) is ad revenue... from following you around online and throwing highly tailored, targeted ads at you. The more data they have on you, the better they (and their partners) can target you and the more revenue they make off you and your information. Meanwhile MS primarily makes money off software and services. Starting to make sense, or have they brainwashed you too much? Their do no evil policy was deleted many years ago.

    They also do NOT fight nearly as hard as some other firms. Nor do they take adequate precautions to protect their users. Remember how they only started encrypting internal Google cloud traffic after it was leaked that the NSA was tapping into their internal traffic via shared facilities? Slipped your mind, I suppose. Microsoft was (and is) more careful about how they handle their customer's data... they won their fight against the DOJ. Google was sloppy and uncaring, so they're boned. Sorry. Read the article above, and do some reading on MS vs the DOJ:

    http://www.reuters.com/article/us-microsoft-usa-warrant-idUSKCN0ZU1RJ

    By the way, it was Irish data the DOJ sought to compel MS to turn over. MS made sure the data on the Dublin servers stayed in Ireland. The only way the DOJ is going to get anywhere with MS-stored Irish data is if they go through proper channels and get the UK to hand it over. If that was a Gmail account, the data would have been in US DOJ hands before you could say "Hey Google". Anyway I felt that was pretty funny given your username.
    Reply
  • irish_adam
    I am aware that they USE your information to make them money, my point was that they do not in any way directly sell it. To do so would undermine their business model. They are the ones that use your data to target specific ads at you, that information is not past on to the advertisers though. At most your data will be represented in a statistic, no personal information ever makes its way out of google to another private company. That was the point i was making.

    As for shared facilities with the NSA lulwat? This was a few years ago so i actually had to fact check this a little bit and as far as i can tell no one knows at what locations the NSA and GCHQ were stealing the information along the fiber networks Google and Yahoo. These were links between data centres, that no one should have access to. What the NSA did was unbelievable at the time and completely illegal, neither Google or Yahoo can be blamed for that. They fixed it as soon as they became aware, what else could they have done? hind sight is 20/20 but how many companies do you think encrypt internal data over a hard line?

    They may have lost in this case but to say they are uncaring is ridiculous, if they did not care they would not have even bothered to fight the warrant in the first place. Sloppy? perhaps but I think its more do with the fact they want to keep a more unified network, the laws governing all of this are stupidly out of date and hopefully soon they will be updated. Have to build massive data centres to store local information in every country you operate in is stupid and you cant blame google for not wanting to do that especially as reform has been promised.

    we can all cherry pick data to make one company look bad

    http://www.nytimes.com/2006/03/15/technology/us-limits-demands-on-google.html

    Google taking the US government to court and greatly reducing the amount of data being handed over when microsoft, yahoo and AOL all complied with the subpoena without a fight.

    https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data

    or when Microsoft created a backdoor for the NSA to bypass their encryption so they could read all your messages. So yeah the DOJ may not be able to access emails in Ireland but the NSA sure as hell can.

    Its in every tech companies best interests to fight against the governments attempts to access everyones data, they have all had victories and losses.
    Reply
  • alextheblue
    19600085 said:
    I am aware that they USE your information to make them money, my point was that they do not in any way directly sell it.

    What the NSA did was unbelievable at the time and completely illegal, neither Google or Yahoo can be blamed for that. They fixed it as soon as they became aware, what else could they have done? hind sight is 20/20 but how many companies do you think encrypt internal data over a hard line?

    They may have lost in this case but to say they are uncaring is ridiculous
    1) They primarily sell indirect access to the data. When you look at Google's product stack, keep in mind the real product is you (your data), and they're making money by selling the product. Anything else is ancillary. If it makes you feel better just say that they track everything you do on your Android (and all Google-enabled software, sites, services) and they monetize this data. They also have a large analytics platform whereby companies let Google handle their data mining and share that data with them.

    2) Google and Yahoo both have some blame to bear. They left their "car doors" unlocked 24/7 because they drive from fenced facility to fenced facility. Brilliant. What about stops on the way, or facilities that aren't Google-only? Doors unlocked. Too much hassle to lock and unlock them all day. It's not like they didn't know the NSA existed... the only companies I'm aware of that got caught with their pants down in this manner were Alphabet and Yahoo. But yes, they can play the victim quite effectively.

    3) They care from a high level. Everyone can say "Yeah I care about X" but if they don't actually change what they're doing to address it, what does it matter? Obviously they either didn't care enough, or they care about money more. It's too expensive to care that much. They saw what MS was doing this whole time, they saw how that fight played out. But because it's too costly to go that route, they just crossed their fingers and hoped it wouldn't bite them. But if it did, again they just play the victim.

    My favorite part is how Google's most loyal two-legged piggy banks defend them so vigorously. We don't have true AI but here's a company whose self-aware product defends it!

    Oh and Microsoft does their fair share of shenanigans. But they've been more open about it overall, and have been getting better about this lately. For example when you fresh install / first boot / upgrade to Creator's Update, there's a LOT more privacy toggles shown to the user up front. You've got more control over that out-of-the-box than you have on Android even after digging around. Plus because it's an open platform, you can install software that completely terminates all telemetry, and logging, even the most useful and benign kinds. At the end of the day I'd much rather pay for Office 365 than have Google Docs skim my documents for keywords. Nothing is free.
    Reply
  • cats_Paw
    This is not a good sign.
    Its been a while since Governments were trying to gain control over the internet to increase "anti-terrorism" protection.
    Curious how it is always used to fight tax evasion and fraud instead.

    My problem is, that in order to do this (search for criminals who dont pay their taxes), they are spending Tax money. Then, we use the tax money that they seize to put those criminals into jail.
    Meanwhile, that money is not going back into the system meaning production is decreased.
    In the end, the cost is always higher than the money sized and thats when governments try to go for full blown socialism (because at that point its too late) and after it fails (usually with some war/totalitarianism in between) we get back to normal capitalism.

    I hope I am wrong.
    Reply