Apple, Amazon, Microsoft, and Cisco have filed an amicus brief supporting Google in an ongoing case dealing with security and privacy, topics that Apple has been known to advocate in the past (via Business Insider). Most recently, Google's case has led to a court in Pennsylvania requesting the company to comply to an FBI warrant asking for emails residing on foreign servers.
Although it's unclear what resides within the emails in question, in a report last month (via The Register) it was said that a Pennsylvania district court submitted two domestic search warrants -- issued under the Stored Communications Act -- targeted at the suspects in the case and their emails stored overseas. Google was given two orders previously, which it refused to comply with, before the judge in the case ruled that as an American corporation it must abide by the rulings of an American court, no matter where the data in question is being held.
/article-new/2016/02/apple-store-logo-1.jpg?lossy){kind=logo}
The coalition of companies supporting Google now argue that the scope of the SCA doesn't reach into foreign territories, and could lead to Google being forced to violate foreign data privacy laws. The amicus brief cites a case where Microsoft was asked to hand over emails stored on cloud servers in Ireland.
Microsoft eventually won that case when it argued that the SCA does not cover data stored on servers in foreign countries and that the Act itself is "a statute enacted when the internet was still in its infancy" (it dates back to 1986) and subsequently should not be the touchstone of modern, technology-driven privacy cases.
The U.S. Government frequently serves some Amici with warrants issued under the Stored Communications Act (SCA). When the data sought is stored in a U.S. data center, Amici regularly comply with such warrants. The Government, however, also has attempted to use such warrants to force some Amici, without consent of the customer or the foreign country, to seize private emails stored in a foreign country and to turn them over to the Government. But the SCA does not authorize warrants that reach into other countries, and forcing those Amici to execute such searches on the Government’s behalf would place those Amici in the position of being compelled to risk violating foreign data privacy laws
The brief also argues that if Google is forced to hand over the emails, a reverse situation could occur that opens the floodgates for foreign countries to request emails from U.S. citizens that are stored on U.S. servers. At the most extreme, the brief argues that foreign nations could see the data extraction as "an affront to their sovereignty in much the same way that physically conducting law enforcement activity on foreign soil would violate their sovereignty and territorial integrity."
Other than the filing of the amicus brief, Google's case hasn't moved forward in any way since February. When the Pennsylvanian court filed the search warrant forcing Google to hand over the emails, a spokesperson for the company said that Google plans to continue to appeal and "we will continue to push back on over-broad warrants."
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Top Rated Comments
(View all)I'm going to be jumped on for saying this, I know. But...
No need for anyone to jump on you. It's a simple discussion. Some will agree with your position, others will not. I fall into the latter category.If Americans are using the products of an American company to commit criminal activity and intangible "evidence" just happens to be stored outside the country but accessible remotely...
There is no way that if an impartial judge finds there is probable cause that it would be any violation of a person's rights, and or in my opinion, foreign sovereignty, to access that data.
1. If Google does win, companies will start choosing countries in a way they choose countries with beneficial tax law but for foreign access to data laws.
2. This certainly does NOT apply to random government super surveillance however.
1. Central storage of customer data is no longer an option in global business. More and more countries require their citizen's data to be stored within their borders. There's really no advantage from a company standpoint, so why would they start choosing countries? Their options will be do business our way or do business elsewhere.
2. You can't throw that caveat into the equation as a defense. History has proven time and time again that government overreach is a concrete consequence of relinquishing freedoms. If Google loses to the US, a very good case can be made that other countries will start requesting the same types of access on info stored in the US. There's no guarantee their motives will be pure. Hell, there's no guarantee the US' motives will be pure. Again, history suggests it won't be.
Google needs to win this case, just like Microsoft did. If they lose, the next request could be info from Apple's servers, or Facebook's, or... you see where this is going. To look at this one case as if it's an isolated entity unto itself is shortsighted.
edit: [USER=1029434]@Fall Under Cerulean Kites[/USER] has the right solution: Get the warrant in the proper jurisdiction.
The simple solution is to get a warrant in the proper jurisdiction. And this is the game - LEOs want to make things as easy as possible, and have as far a reach as possible. It’s our job to fight this sort of overreach.
A physical presence is a bit different than an electronic one. If the email passed though a US server it would be reasonable for a company to be required to turn over any copies on a US server since they are physically present in the US, regardless of any foreign data protection laws.
There's no argument here. Any info on a US server would already be in the hands of the government via a warranted request through the SCA.The question becomes "Can a US corporation retrieve the requested emails and is it reasonable for a court to force them to so do?" It's clear they can be required to turn over financial records of subsidiaries so there i no blanket prohibition against getting data on foreign soil.
A company's records is not the same as customer records. They fall under different applicable laws. The arguments used for one cannot be applied to the other. As you said, no blankets... in prohibitions nor permissions.The challenge is who has the right to control electronic data such as emails? With varying and conflicting laws around the globe I think this is a case where treaties need to be negotiated to clarify who has control over the data.
This issue has already been solved and procedures already exist for this type of issue. Go through the proper channels to secure a warrant. Sovereign territories have domain over it's citizens.One complication in the Google case is the suspects reside in the US and so the argument is made they are subject to US law and foreign protections do not apply. In addition, if the messages were stored on a US server at any time I could see the argument that at that point any foreign data laws no longer applied since sender had given tacit approval to their export by sending them to a US based entity; or even more broadly had agreed simply by sending them to the US..
This particular issue isn't about the suspect at all. It has nothing to do with a suspect receiving US nor foreign protections. The suspect isn't even germane. As stated earlier, whatever was on a US server the government already has.Bolded: Thankfully, the law doesn't work that way. Businesses have to follow the laws in the country in which they're operating. Being a US company doesn't exempt Google from laws in Brazil, Germany, India, Russia, China, etc. More importantly, US law does not supersede the laws worldwide.