A Philadelphia-based Judge has ordered Google to hand over emails stored in a non-US data centre to the FBI, despite an Appeals Court in New York striking down a similar case for Microsoft.
The Department of Justice has found it difficult to battle Microsoft in the courts, however it has seemingly found more joy against Google, though the ruling will face an appeal over the coming weeks. US Magistrate Judge Thomas Rueter has decided that while the emails are currently being stored in a non-US data centre, as the whole saga occurred within US borders, the physical location of the data is irrelevant.
“Each account holder resides in the United States, the crimes they are suspected of committing occurred solely in the United States, and the electronic data at issue was exchanged between persons located in the United States,” the Department of Justice argued, which has seemingly hit a chord with Judge Rueter.
In the Microsoft case, the team successfully argued the influence of US intelligence agencies should stop at the border, irrelevant as to whether Microsoft is a US business or not. The Department of Justice believes Microsoft assets should fall under the jurisdiction of US legislation, irrelevant of the location of said assets. In this case, Microsoft successfully argued the Department of Justice should have petitioned the Irish Government for access to the emails, as the data was located in an Irish data centre.
Google has used this ruling to impose its own authority on the saga. The warrants presented to Google by the FBI are related to a narcotics investigation, compelling the tech giant to hand over a number of emails. Google responded by handing over all data which was physically residing in US data centres, but refused that which was held internationally. Where Microsoft managed to convince the judicial officials of the limitations of the US government, Google has not been as successful.
“In contrast to the decision in Microsoft, this court holds that the disclosure by Google of the electronic data relevant to the warrants at issue here constitutes neither a ‘seizure’ nor a ‘search’ of the targets’ data in a foreign country,” Judge Rueter said in the Memorandum of Decision.
“This court agrees with the Second Circuit’s reliance upon Fourth Amendment principles, but respectfully disagrees with the Second Circuit’s analysis regarding the location of the seizure and the invasion of privacy. The crux of the issue before the court is as follows: assuming the focus of the Act is on privacy concerns, where do the invasions of privacy take place?”
In other words, Judge Rueter agrees the cases will impact precedent surrounding the fourth amendment (right of protection against unreasonable searches and seizures), but disagrees with the interpretation of how the fourth amendment should be applied. This ruling and the case shows more than anything else the confusion on how the law should be applied and interpreted in the modern era. As with a lot of scenarios in the digital society, these cases are first of a kind with very little (in fact, almost zero) precedent to lean upon. Google disagrees however.
“The magistrate in this case departed from precedent, and we plan to appeal the decision. We will continue to push back on overbroad warrants,” a Google spokesperson said in an email to Telecoms.com.
In both cases, another critical question is being asked; why is the government and its intelligence agencies using legislation written in 1980s (Electronic Communications Privacy Act of 1986)? The world and technology has moved on considerably in the last 30 years, therefore any legislation written in the 80s should be considered redundant and damaging to the implementation of both technology and the legal actions governing it.
The saga itself is playing out in front of a larger privacy backdrop, with European governments and agencies watching very closely. The battle between the technology companies and the US government over the length of intelligence agencies reach will have direct implications on transatlantic data transmission, as the mechanisms to facilitate these data transfers partially dictate how much access intelligence agencies have to the data of European citizens.
In theory, Safe Harbour and its successor EU-US Privacy Shield maintain the European data privacy rights of European citizens, irrelevant as to where the data resides, and who’s data centre it resides in. As data protection and privacy rights are regarded as more stringent in the European Union than the US, there has been concerns the movement of data into US borders or into an asset owned by a US company, would infringe the rights of European citizens.
The now-defunct Safe Harbour and EU-US Privacy Shield were supposed to maintain these rights, though Safe Harbour was struck down by the European Court of Justice, and several industry influencers have commented EU-US Privacy Shield is not robust enough to maintain European principles. A Microsoft ruling beating back the reach of the US government was an encouraging sign for privacy advocates, though Google’s chronicle will reignite concerns.
The conflict, contradiction and lack of consolidation in the US hardly encourages confidence in the country’s ability to command the connected economy, especially as a time where a new President could see the rules changed all over again.
Many of the cases and appeals we are seeing currently are first of a kind and will go some way to setting future precedent in the digital economy. Setting such precedents in a time of turmoil, confusion and regulatory uncertainty has the potential to create some pretty damaging ripples. Time and time again, the same question is being asked, yet the answer is not clear.
Why are the warrants in these cases being based on legislation written in the 80s and 90s? The slow pace of bureaucracy could have a significant negative impact of relationships and the development of technology.
What will be the most significant potential roadblock for artificial intelligence?
Total Voters: 40