An Important Court Opinion Holds Lawful Warrants Can Be Used to Obtain Evidence from U.S. Internet Service Providers When those Providers Store Evidence Outside the U.S.

February 6, 2017

On Friday, a United States Magistrate Judge in the Eastern District of Pennsylvania issued an important opinion in a dispute between the United States and Google over whether Google must comply with warrants issued by United States judges.  The matter involved two warrants to search Google accounts belonging to suspected criminals in the United States who communicated with others in the United States.  Google refused to fully comply with the warrants, asserting that it could not be compelled to disclose data unless it knew the data was actually located in the United States.  The Magistrate Judge ordered Google to comply with the search warrants, specifically finding that no seizure occurs outside the United States and that the search occurs in Pennsylvania.

As background:  When the government has probable cause to believe that an e-mail account contains evidence of a crime, it can apply for a search warrant from a federal court.  If a judge finds that the government has shown probable cause, that judge then issues a search warrant to the e-mail provider to produce the data.  The search warrant is then served on an e-mail provider (such as Google or Microsoft), who then must, under law, produce to the government the e-mails that the warrant describes.  The government’s ability to do this is critical to criminal investigations into crimes as varied as fraud, computer hacking, terrorism, murder, kidnapping, organized crime, sexual abuse or exploitation of children, identity theft and more.  

Friday’s opinion involved an investigation of crimes that occurred in the United States, were committed by United States citizens, and were committed against United States victims.  Those crimes were facilitated by e-mails sent inside the United States to recipients also inside the United States.  But Google only partially complied with the search warrants, refusing to produce all of the information in its possession, custody and control.  Google instead limited its production to records that it said it could determine were stored within the United States.    

Google argued that search warrants issued in the United States can only compel Google to produce data stored in the United States.  As Google has explained, Google stores individual data files in multiple data “shards,” each separate shard being stored in separate locations around the world.  Google cannot determine where its separate data shards are stored around the world at any given time.  Google also moves that data around the world using computer algorithms that decide where data is stored at any given moment.  As a consequence, Google’s argument would mean that data that happens to be outside the United States – even data that the government knows about and describes in a search warrant affidavit – is never accessible.  Not with a warrant; not with a treaty request to another country; not with anything.  And even assuming that the location could be determined, the Google algorithm could move it to another country before legal process could reach it.  

Thankfully, the Magistrate Judge rejected that argument.  He rejected any notion that the warrant asked Google to do anything outside the United States: “Google will gather the requested undisclosed data on its computers in California, copy the data in California, and send the data to law enforcement agents in the United States, who will then conduct their searches in the United States.”

The department has also been litigating this issue against Microsoft.  In July 2016, the U.S. Court of Appeals for the Second Circuit, in the “Microsoft Ireland” case, dealt a harmful blow to the ability of U.S. law enforcement to investigate and prosecute serious crime and protect the American public.  The decision broke with almost two decades of settled understanding when it held that a U.S.-based company – in this case, Microsoft – can refuse to comply with a U.S. court-authorized disclosure warrant, issued upon a showing of probable cause, merely because the company chooses to store the electronic data sought by the warrant on its own overseas servers.  Put simply, it allowed U.S.-based service providers to frustrate important criminal and national security investigations, whether purposefully or inadvertently, by adopting a business practice of storing e-mail content outside the United States.

Because of the public safety consequences, the department has litigated the ability to use warrants in accordance with U.S. law.  We asked that the case be reheard by the entire Second Circuit en banc.  Despite these weighty concerns, on Jan. 24, 2017, the Second Circuit issued an important opinion denying our petition for rehearing.  Judge Carney, explaining the Circuit’s decision not to grant review, acknowledged that because of the decision, “U.S. law enforcement will less easily be able to access electronic data that a magistrate judge in the United States has determined is probably connected to criminal activity,” and “my panel colleagues and I readily acknowledge the gravity of this concern,” but believe the governing statute required it.  Judge Raggi, dissenting from the decision not to rehear the case, observed that “On the panel’s reasoning, if on Sept. 10, 2001, the government had been able to show probable cause to believe that Mohamed Atta, Abdul Aziz al Omari, etc., were communicating electronically about an imminent, devastating attack on the United States, and that Microsoft possessed those emails, no federal court could have issued a … warrant compelling Microsoft to disclose those emails if it had stored them overseas, even though its employees would not have had to leave their desks in Redmond, Washington, to retrieve them.”

We recognize the extraordinary importance to public safety that comes from allowing the government, with a warrant lawfully issued by a neutral magistrate judge after a showing of probable cause to believe an e-mail account contains evidence of a crime, to gain access to that account.  Friday’s court opinion is an important step in the department’s ongoing efforts to ensure that Internet service providers uphold their obligations to public safety by complying with lawful warrants. 

Component(s): 

Related blog posts

Updated February 17, 2017