Recently, a court said that Google must hand over the data of a number of its non-American users that was stored overseas. The company moved to quash the order, arguing that because the data was stored abroad, it doesn’t have to comply with U.S. data requests. However, magistrate judge Laurel Beeler rejected Google’s objections.
U.S. Warrants For Foreigners’ Data
Earlier this year, U.S. magistrate judge Thomas Rueter in Philadelphia ruled that Google should give the FBI access to some foreign emails. The judge also said that the request didn’t constitute a “seizure” of the data when the data was simply transferred from abroad to the U.S., and any privacy infringement would occur at the time of disclosure. The warrant pertained to a domestic fraud probe.
Last year, Microsoft won a an appeal in a similar case in a federal court, and Google tried to argue that this precedent should apply in its case, too. In both cases, the government used the Stored Communications Act, which is part of the Electronic Communications Protection Act (ECPA).
The ECPA hasn’t been updated since 1986 and has been described as outdated. The U.S. House has unanimously voted to reform the ECPA over the past year, but so far it has been unsuccessful, as the Senate has kept refusing to put it up for a vote.
Google’s Data Handling At Fault
Unlike Microsoft, which tends to keep users’ data near the location the user lives, Google seems to frequently transfer foreigners’ emails and other data to U.S. servers. Google said it does this to increase network performance (although it's not clear why the data wouldn’t be closer to the user then), but it’s more likely it also does this to aggregate and then mine the data for advertising purposes.
The judge argued that because Google can access the data in the U.S., then so can the U.S. government:
"The service provider – Google – is in the district and is subject to the court's jurisdiction; the warrant is directed to it in the only place where it can access and deliver the information that the government seeks," wrote judge Beeler."Unlike Microsoft, where storage of information was tethered to a user's reported location, there is no storage decision here. The process of distributing information is automatic, via an algorithm, and in aid of network efficiency,” she added.
Right now it looks like Google lost this battle because of its data handling policies. This win for the FBI will likely encourage the agency to increase the number of data requests to Google, as well as to other companies that tend to bring foreigners’ data to the country.
The solution to offering foreigners more privacy against the U.S. government’s increasing reach seems simple, albeit potentially more expensive: doing what Microsoft did and keeping foreigners’ digital content in data centers outside of the United States. Considering Microsoft won its own case because of this strategy, that solution should also work for other companies.
Users who don’t want to wait on Google or other companies to do this should also consider using competing services that do offer that sort of privacy or are located only outside of the United States.