As technology progresses and the world becomes even more interconnected, the scope of the Stored Communications Act (“SCA” or “Act”) has become a topic of much interest in the federal courts. One question courts have grappled with lately is whether law enforcement may subpoena data stored on foreign servers under the Act. A recent ruling by Magistrate Judge Rueter of the Eastern District of Pennsylvania in In re Search Warrant No. 16-960-M-01 to Google (“Google ruling”) may give the government all the incentive it needs to continue taking a broad reading of its powers under the Act.
As background, when the SCA was passed in 1986, it empowered the government to compel service providers to disclose customer information via subpoena, court order or warrant. Recently, search warrants for data issued pursuant to the Act have become a crucial tool in government investigations, whereas technology companies have been pushing back on such data requests, which they believe are overly broad.
Faced with this situation, Judge Rueter ordered Google to comply with search warrants to produce emails stored abroad. This was particularly interesting because it contradicted a ruling issued by the Second Circuit just seven months ago, where the court held that the government could not enforce a search warrant for user data on Microsoft servers in Ireland because the focus of the Act is user privacy, which would be invaded when the user data is seized in a foreign country.
Judge Rueter saw things differently, stating that the “two warrants executed upon Google . . . do not constitute extraterritorial application of the SCA.” He held that the court “must analyze where the seizures, if any, occur and where the searches of user data take place.” He ruled that warrants issued to Google pursuant to the Act were legal because invasion of privacy would not take place outside of the United States, but would take place within the United States once the government began reviewing the data. Focusing on the Supreme Court’s Fourth Amendment jurisprudence, Judge Rueter reasoned that transferring data to California from an overseas server “does not amount to a ‘seizure’ because there is no meaningful interference with an account holder’s possessory interest in the user data.” He noted that, in fact, “Google regularly transfers user data from one data center to another without the customers’ knowledge.” As for searches, the judge held that because the warrants required Google to turn over the data to FBI agents in the U.S., the search would occur in the United States. Accordingly, he held:
“[T]he invasions of privacy will occur in the United States; the searches of the electronic data disclosed by Google pursuant to the warrants will occur in the United States when the FBI reviews the copies of the requested data in Pennsylvania. These cases, therefore, involve a permissible application the SCA, even if other conduct (the electronic transfer of data) occurs abroad.”
The Google ruling gives the government an incentive to press on with broadening its power under the Act. With contradictory rulings in this area, it will be interesting to see how other circuits will handle issues on this topic.