eDiscovery Daily Blog

Google Goes 0 For 2 in its Request for Review of SCA Warrant Cases: eDiscovery Case Law

As Tom O’Connor and I discussed last week in our ACEDS webinar Key eDiscovery Case Law Review for First Half of 2017 (here’s a link if you missed it), Google was ordered earlier this year to produce foreign stored emails by judges in California and Pennsylvania in response to government warrants.  Last month, Google’s request for review on the two cases (and interpretation of Section 2703 of the Stored Communications Act of 1986) didn’t change the results.

With regard to In re Search Warrant No. 16-960-M-1 to Google; In re Search Warrant No. 16-1061-M to Google, MJ Nos. 16-960, 16-1061 (E.D. Pa. Aug. 17, 2017), Pennsylvania District Judge Juan R. Sànchez considered Pennsylvania Magistrate Judge Thomas J. Rueter’s February ruling which ordered Google to comply with a search warrant to produce foreign-stored emails, disagreeing with the Second Circuit’s ruling in the Microsoft Ireland warrant case, where Microsoft was not ordered to provide access to emails in that ruling.  In considering Google’s request to review Judge Rueter’s order, Judge Sànchez stated:

“The issue in this case is whether enforcing the SCA warrants in question to require Google to produce communications and other subscriber data stored on servers located outside the United States constitutes an extraterritorial application of the statute. In analyzing this issue, the Court starts with the presumption against extraterritoriality, “a longstanding principle of American law ‘that legislation of Congress, unless a contrary intent appears, is meant to apply only within the territorial jurisdiction of the United States.’””

With that in mind, Judge Sànchez, in upholding the Magistrate Court decision, ruled that “Even if the steps taken by a provider to search for, access, and retrieve subscriber communications for eventual disclosure to the government were conduct relevant to § 2703’s focus, this Court has considerable difficulty with Google’s assertion that, where the communications in question are stored in foreign data centers, the ‘vast majority’ of this conduct occurs outside of the United States…By Google’s own account, the search and retrieval process consists of a series of queries initiated by Google personnel in the United States to which servers in the targeted data centers respond….While these queries may be run on servers in Google’s foreign data centers, it is difficult to see how this amounts to conduct by Google at the location of the data center, given that the United States-based employees direct the search and retrieval process remotely, without involvement by any personnel located abroad…That the subscriber’s communications are accessed only by—and can be accessed only by—Google personnel in the United States, and are produced by such personnel in the United States, reinforces the conclusion that the only conduct involved in the search and retrieval process occurs domestically.”

With regard to In the Matter of the Search of Content Stored at Premises Controlled by Google Inc. and as Further Described in Attachment A, No. 16-mc-80263-RS (N.D. Cal. Aug. 14, 2017), Google moved for de novo review of California Magistrate Judge Laurel Beeler ‘s determination “the disclosure is a domestic application of the SCA.”  California District Judge Richard Seeborg, in considering the same issues, ruled:

“As to the question of whether Google is undertaking essential aspects of compliance with section 2703 outside the United States, the answer is no. As a factual matter, the information sought by the government is easily and lawfully accessed in the United States, and disclosure of that content would likewise take place in the United States. Indeed, only personnel in Google’s Legal Investigations Support team are authorized to access the content of communications in order to produce it in response to legal process and all such Google personnel are located in the United States…Accordingly, the conduct relevant to the SCA’s focus occurs in the United States.”

I’m sure we haven’t heard the last of either of these cases yet, just like it appears we haven’t heard the last of the Microsoft Ireland warrant case yet either.

So, what do you think?  Should the location of the data or the location of the searches for the data determine whether it is subject to foreign data privacy considerations? Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion links courtesy of eDiscovery Assistant.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

print