The Right To Be Secure Against Unreasonable Search and Seizure of Overseas Electronic Data?
Originally published in the November 6, 2017 online edition of the Daily Business Review
A U.S. based company receives a warrant from the U.S. government issued under the Stored Communications Act. As part of a criminal investigation, the warrant seeks production of email content. The emails, stored on an overseas database by the company, belong to the company’s customer. Does the company have to comply? Maybe. It depends on who you ask. The Second Circuit thinks not but a district court in the Eastern District of Pennsylvania thinks so.
In 2013, a magistrate judge in New York issued an SCA warrant commanding Microsoft to search and produce the contents of email communications of one of its users-who was under criminal investigation. Microsoft moved to quash the warrant, arguing that the emails were stored overseas and, consequently, unreachable by the warrant. Microsoft eventually took their argument to the U.S. Court of Appeals for the Second Circuit.
In Microsoft v. United States of America, the Second Circuit held that the SCA’s warrant provision does not authorize a U.S. court to issue and enforce an SCA warrant against a United States-based service provider for the contents of its customer’s electronic communications stored on servers located overseas. Specifically, the Second Circuit found that the SCA’s warrant provision does not contemplate extraterritorial application and that ordering Microsoft to produce the contents of electronic information stored overseas would constitute a prohibited extraterritorial application.
In holding that that SCA’s warrant provision does not call for extraterritorial application, the Second Circuit examined the plan meaning of the statue. The court noted that the SCA’s warrant provision is devoid of any mention of extraterritorial application and emphasized precedent calling for a presumption against extraterritoriality. It then dissected the word “warrant” to conclude that a warrant, as an extension of the U.S. Constitution’s Fourth Amendment, has traditionally applied to domestic affairs only. The Second Circuit went on to reject the government’s argument that the mechanism for compulsion of the emails was a hybrid between a warrant and a subpoena. While the Second Circuit commented that subpoenas, as opposed to warrants, under the SCA, may require the production of communications stored overseas, it found that the mechanism for compulsion of the emails at issue was undoubtedly a warrant. The court specified that the SCA, by design, explicitly addresses subpoenas separate from a warrant in delineating different types of stored communications obtainable by the two methods of compulsion.
Next, the Second Circuit held that the seizure of electronic data stored overseas would in fact constitute a prohibited extraterritorial application of the SCA.
Integral to the court’s analysis was the location of both the seizure of the electronic data and invasion of the customer’s privacy. The court reasoned that the gathering of electronic information stored overseas constituted a seizure outside of U.S. territory and that, in effectuating the warrant, Microsoft would have to interact with a data center within the jurisdiction of a foreign sovereign. In the interest of comity, the court noted, it was better practice to comport with the traditional means of obtaining foreign-stored data pursuant to a criminal investigation, through a Mutual Legal Assistance Treaty with the foreign sovereign.
Not long after the Second Circuit’s decision, Google found itself in the hot seat for an identical issue. Like Microsoft, Google refused to produce its users’ electronic data stored overseas in response to an SCA warrant. Relying on the Microsoft decision, Google argued that a warrant issued under the SCA lawfully reaches only data stored within U.S territory. The District Court for the Eastern District of Pennsylvania did not expressly disagree but ordered Google to produce the electronic data nonetheless.
In In re Search Warrant No. 16-960-M-01 to Google, the district court held that the SCA warrant did not invoke extraterritorial application of the statute. In so holding, the district court relied on traditional fourth amendment “search and seizure” analysis. According to the district court, the transfer of electronic data from a server in a foreign country to one in the United States does not constitute a “seizure.” To illustrate the absence of any interference with customers’ possessory interest, the district court likened the transfer of data to photocopying documents or photographing materials. Turning to “search,” the court found that any search conducted by the government occurs in the United States, not abroad, because the government does not actually view the data until it has been transferred to the United States. With respect to comity and the sanctity of foreign state sovereignty, the court noted the difficulty in tracing Google’s overseas electronic data to any particular country given that Google’s cloud technology divides user data among data centers located in different countries and periodically moves data from one location on Google’s network to another.
It is important to note that the courts’ decisions only addressed compulsion of production of overseas electronic data by way of SCA warrant. The SCA also permits the government to obtain the contents of electronic communications–albeit only those communications stored for more than one hundred and eighty days–by way of subpoena or court order. The Second Circuit expressly declined to address the extraterritorial reach of an SCA subpoena and the Pennsylvania District Court was silent on the issue.
Regardless, the decisions illustrate the challenging questions raised by the un-territorial nature of electronic data and how it comports with data privacy rights and sovereignty on the international stage. The U.S. government has appealed the Second Circuit’s decision to the U.S. Supreme Court. Perhaps the Supremes will shed some light.