Can Google refuse to comply with a warrant because they underlying data may be stored outside of the United States?

Don’t Google It: Internet Giant Compelled to Produce User Information

Author: Tracy F. Buffer
Case Citation: In re Search Warrant No. 16-960-M-01, 232 F. Supp. 3d 708 (E.D. Pa. 2017)
Employee/Personnel/Employer Implicated: Google Corporation
eLesson Learned: Companies must comply with warrants issued pursuant to the Stored Communications Act for user information even if that information is stored outside of the United States as long as the conduct relevant to the focus of the Act occurred in the United States.
Tweet This: Google forced to comply with warrant despite its repeated objections

This case out of the United States District Court for the Eastern District of Pennsylvania involved a situation where Google was refusing to fully comply with warrants that the court had issued for the electronic data relating to two account holders. Two separate warrants were issued by the court pursuant to §2703(b) of the Stored Communications Act (“SCA”) for data associated with the accounts of several individuals who were targets of two separate federal investigations. Both warrants directed Google to make copies of all of the data and send them to FBI agents in Pennsylvania. It is important to note that the individuals whose data was requested resided in the United States and the crimes being investigated occurred in the United States. Google subsequently refused to disclose all of the user data that was covered by the warrants, so the government filed a motion to order it to comply with the search warrants. For one of the warrants, the court issued an order to show close as to the basis of Google’s noncompliance. In its response, Google argued, among other things, that it was not required to produce data that was stored outside of the United States. As to the other warrant, the court also ordered Google to show cause as to their nondisclosure. Google responded similarly as it did with the other warrant. The court eventually consolidated the two cases and heard oral arguments. The government expressed the importance of obtaining electronic information of criminal suspects that are living in the United States. Conversely, Google argued that it receives thousands of disclosure requests from all levels of government in regards to criminal matters.

An important aspect of this decision that warrants discussion is the SCA, which among other things, empowers the government to compel a provider to disclose customer information in one of three of the following ways: subpoena, court order, or warrant. Relevant here, the court can issue a warrant for user information when the government has obtained a warrant pursuant to Rule 41 of the Federal Rules of Criminal Procedure. Importantly, Rule 41(b)(5) allows a magistrate judge to issue a warrant for property that is located only within a United States territory, possession or commonwealth, a United States diplomatic or consular mission, or any land owned or leased and used by the United States.

The issue in this case whether the warrants for the electronic records of Google user accounts issued pursuant to the SCA can reach the information if it is stored outside of the United States. The court ultimately held that it can compel Google to produce this information as it did not constitute an unlawful extraterritorial application of the SCA.  The court’s analysis focused on a framework put forth by the Supreme Court in Morrison v. Nat’l Australia Bank Ltd. to evaluate the extraterritorial application of the SCA. The first part of the framework asks whether the statute in question gives a clear indication that it is to be applied extraterritorially; both parties stipulated that this was not the case with the SCA.  The second part of the Morrison framework requires the court to look at the statute’s focus and determine whether a particular case involves a domestic application of the statute; essentially this is asking if the conduct relevant to focus of the statute occurred within the United States. 

The court, responding to this aspect of the framework, engaged in an analysis as to whether the obtaining of the Google data stored abroad would be a seizure or search of the targets’ data in another country. First, the court held that it was not a seizure because there would be no interference with the users’ respective abilities to access their own data. Next, the court held that there was a search, but the search occurred in the United States because the searches of the electronic data by Google will occur in the United States by Google employees who are located within the United States. Therefore, both cases involved a domestic, not an international application of the SCA despite the fact that the transfer may occur abroad. The court, therefore, ordered that Google comply with the warrant request and granted the government’s motion to compel. 

Google erred in refusing to comply with the warrants for the user electronic data. The refusal ultimately led to presumably expensive litigation. Google’s goal was probably to protect user data as much as it could despite the presence of a warrant.  We have seen similar positions from other companies including Apple and Facebook. However, this case shows us that in the course of a criminal investigation, the courts may be unwilling to allow non-disclosure of user electronic information.  That is not to say that companies do not have the right to challenge a warrant, but this decision shows us that just because electronic data may be stored abroad, it does not necessarily mean that it is outside of a warrant’s reach.  Companies will have to comply with warrants issued pursuant to the SCA for user information even if that information is stored outside of the United States as long as the conduct relevant to the focus of the Act occurred in the United States.

Tracy F. Buffer will receive her J.D. from Seton Hall University School of Law in 2018. She received her B.A. from Rutgers University in New Brunswick, New Jersey in 2015.  After graduation from law school, Tracy plans to practice corporate law.

Want to read more articles like this?  Sign up for our post notification newsletter, here.

Comments are closed.

  • Find an eLesson

  • Register for Post Notifications

    Subscribe to receive updates whenever a new eLesson is published.

    Manage Subscriptions
  • Let Us Blog Your Event!

    eLessons Learned is fast becoming the site of choice for employers, employees, judges, lawyers, and journalists who are interested in learning more about these areas without being intimidated by the complexity of the topic. In fact, organizations and event coordinators often feature eLessons Learned as their official eDiscovery blog. Fill out our simple registration form to have eLessons Learned be the official blog of your organization or event.

    Register Now
  • Recent Praise

    The blog takes a clever approach to [e-discovery]. Each post discusses an e-discovery case that involves an e-discovery mishap, generally by a company employee. It discusses the conduct that constituted the mishap and then offers its ‘e-lesson’ — a suggestion on how to learn from the mistake and avoid it happening to you.

    Robert Ambrogi

    Legal Tech Blogger and creator of LawSites

    Although I may have missed some, yours is the first article that I have seen addressing Zubulake II. It is often the lost opinion amongst the others.

    Laura A. Zubulake

    Plaintiff, Zubulake v. UBS Warburg

    Click here to see more.