In re Search Warrant No. 16-960-M-01 to Google
232 F. Supp. 3d 708
E.D. Pa.2017Background
- In August 2016 magistrate judges issued two SCA warrants (18 U.S.C. § 2703) directing Google to disclose account data for U.S.-resident targets; Google produced data it confirmed was stored on U.S. servers but withheld other responsive data.
- The withheld data may be stored, wholly or in component “shards,” on Google servers outside the United States and Google’s architecture can move data across data centers dynamically.
- Government moved to compel production; Google relied on the Second Circuit’s Microsoft decision to argue SCA warrants do not reach data stored abroad and also raised particularity and nondisclosure-order challenges.
- The court consolidated the matters for argument, assumed arguendo that the SCA’s warrant provisions focus on privacy, and addressed whether compelling Google to produce the requested data would be an unlawful extraterritorial application of the SCA.
- The court concluded that copying and disclosure by Google (accessed by U.S.-based Google personnel and later reviewed by FBI in the U.S.) do not constitute a seizure/search abroad and thus enforcement of the warrants is a domestic application of the SCA; it granted the Government’s motions to compel.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether SCA warrants may compel disclosure of user data stored abroad | Gov’t: enforcement is domestic because the privacy invasion occurs where the Government views the data in the U.S.; warrants are valid and necessary given cloud architecture and MLAT limits | Google: Microsoft controls — SCA warrants do not reach data stored outside U.S.; production limited to data confirmed in U.S. | Court: Held domestic — copying by Google and subsequent review by FBI in U.S. means the relevant privacy invasion occurs in the U.S.; compelled production ordered |
| Whether the act of transferring or copying data from foreign servers is a Fourth Amendment "seizure" | Gov’t: copying/transferring by provider to U.S. for review is not a seizure that triggers extraterritorial bar | Google: retrieval from foreign data center is the locus of seizure/privacy invasion | Court: Not a seizure — copying/transfer is de minimis/non-possessory; actual search occurs when reviewed in U.S. |
| Whether Microsoft (Second Circuit) is binding here | Gov’t: Microsoft is wrong and not binding in this district; facts differ because Google’s cloud is dynamic and data location uncertain | Google: Microsoft controls, so production beyond confirmed-U.S. data would be extraterritorial | Court: Declined to follow Microsoft on step-two analysis; distinguished factual posture and adopted domestic-application view |
| Comity/MLAT concerns and practical consequences | Gov’t: MLAT process is too slow or infeasible given cloud dynamics; courts should not foreclose domestic warrants that produce data via U.S.-based access | Google: Compelling production threatens foreign sovereignty and comity | Court: Acknowledged comity concerns but found them speculative here given inability to identify a foreign locus and the fact searches will be conducted in U.S. |
Key Cases Cited
- In re Warrant to Search a Certain E-mail Account Controlled & Maintained by Microsoft Corp., 829 F.3d 197 (2d Cir. 2016) (holding SCA warrant could not compel production of emails stored in Ireland and applying presumption against extraterritoriality)
- Morrison v. National Australia Bank Ltd., 561 U.S. 247 (2010) (articulating presumption against extraterritoriality and two-step inquiry)
- RJR Nabisco, Inc. v. European Cmty., 136 S. Ct. 2090 (2016) (clarifying Morrison step-two focus test: ask where conduct relevant to statute’s focus occurred)
- United States v. Jacobsen, 466 U.S. 109 (1984) (distinguishing Fourth Amendment searches and seizures and defining meaningful interference with possessory interests)
- Arizona v. Hicks, 480 U.S. 321 (1987) (holding mere recording of serial numbers did not constitute a Fourth Amendment seizure)
- In re Google Inc. Cookie Placement Consumer Privacy Litig., 806 F.3d 125 (3d Cir. 2015) (discussing Congress’s purpose in enacting the SCA to address privacy of stored electronic communications)