Search engine giant Google has been ordered by a US judge to comply with search warrants that seek customer email data stored in servers located outside the US.
US Magistrate Judge Thomas Rueter in Philadelphia ruled that handing over emails from a foreign server to enable FBI agents to conduct reviews locally for domestic fraud investigation purposes did not amount to seizure, reported Reuters.
There is “no meaningful interference” with the account holder’s “possessory interest” in the data sought the probing authorities, the judge said.
Google has confirmed that it will appeal the order, believing that the handing over of the emails will put the privacy of non-US citizens at risk
Google said in a statement: “The magistrate in this case departed from precedent, and we plan to appeal the decision. We will continue to push back on overbroad warrants.”
In court papers, the internet giant said that it did not “necessarily know where particular emails might be stored”, as it sometimes resorts to breaking up of emails to enhance its network’s performance.
Nigel Hawthorn, Skyhigh Networks’ European spokesperson, believes Google should be praised but warns that UK and EU cloud service users must increase the due diligence they conduct around cloud service providers (CSPs). He said:
“It’s always a welcome sight when technology organisations stand firm against courts or agencies in the interest of privacy. Similarly to Microsoft, Google’s decision to appeal the judge’s ruling to hand over the emails of Gmail users stored outside of the US should provide the millions of UK and EU users with confidence that the firm isn’t willing to simply bend to the courts without first checking that their requests are valid. Yet, all users – whether consumer or business – of cloud services must now assume that access to their data will be requested by courts around the world at some point and, therefore, it’s now vital for them to adopt and control their own safety measures.
“For consumers, this can include checking the applications they are using, what security features they have, where the data is stored and where that particular CSP’s headquarters is located. Companies must also improve their cloud service due diligence but can then go one step further by implementing their own technical security features; which, increasingly, means encrypting data before it even reaches the cloud. The tension between the courts and technology is unlikely to ease any time soon, so users must start taking a more proactive role to protect their cloud data.”
The ruling is in contrast to an order delivered by a federal appeals court in a similar case in which Microsoft was involved.
In July last year, a three-judge panel at the 2nd US Circuit Court of Appeals in Manhattan overturned a lower court decision, which ordered Microsoft to hand over a user’s email account stored on its servers in Ireland.
The US Department of Justice (DOJ) wanted to access data stored on the company’s servers in Dublin, Ireland, as part of a probe into a drugs case.
The software giant declined to release the data because the data was stored on servers physically situated outside of the US.
Circuit Court Judge Sarah Carney said: “We think Microsoft has the better of the argument.
“When, in 1986, Congress passed the Stored Communications Act as part of the broader Electronic Communications Privacy Act, its aim was to protect user privacy in the context of new technology that required a user’s interaction with a service provider.”