FBI pressing Google to hand over US customer data stashed on foreign servers

News by Greg Masters

Google is being pressured to hand over data to the FBI that is has stored on a foreign server. It is pushing back.

Google is being pressured to hand over data to the FBI that is has stored on a foreign server, according to a Monday report on ZDNet.

The order on Friday from US Judge Thomas Rueter, in Philadelphia, requests that Google comply with FBI search warrants necessitating the retrieval of customer data stashed on servers overseas.

The FBI desires the emails for its investigations into a domestic fraud court case. The judge claimed that the transfer of email files from servers located abroad to US soil inferred "no meaningful interference" with the suspects' "possessory interest." Rather, the judge said the files are needed so they could be examined by FBI agents locally. The move did not qualify as a seizure, he said.

"Though the retrieval of the electronic data by Google from its multiple data centres abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States," Judge Rueter stated in his statement.

However, privacy advocates are riled, and have precedence for their argument that the transfer is an invasion of privacy. On 14 July of last year, Microsoft triumphed in court in a similar case, when authorities sought customer data held on servers stored overseas. It took a few years of legal haggles, but the Redmond, Washington-based tech giant won its argument, which led to sighs of relief from a number of tech and media companies, privacy activists and such privacy advocate groups as the American Civil Liberties Union and US Chamber of Commerce. Cheers were muffled in October, however, when the Department of Justice (DoJ) sought to reopen the case, but the proceedings were shut down at the beginning of the new year.

The statute in question in both cases is the Stored Communications Act, which places some boundaries on the extent of the disclosure of wire and electronic stored information managed by internet service providers (ISPs), but which many argue is an outdated law.

The two judges involved in the separate cases are coming down on opposite sides of the ruling: In New York, the judge involved in Microsoft's case ruled that the "act was not designed to apply outside of the US". Meanwhile, the judge in the Google case appears to be leaning the other way. The Mountain View, California-based search giant released a statement over the weekend asserting that the magistrate in its case had "departed from precedent," and promised to appeal the decision.

"We will continue to push back on overbroad warrants," Google added.

Requests by federal authorities to obtain data stored overseas is a recurring issue which is going to be increasingly important, Tim Toohey, a partner at Greenberg Glusker (in Los Angeles) and head of its cyber-security practice, told SC Media on Monday. The process causes issues, particularly for American-based companies that are storing information/data overseas. 

"European countries want data regulation and data under control," he explains. "We have a real culture clash between the privacy-oriented point of view, particularly in the EU and the US which has very broad scope of discovery rules for both civil and criminal issues."

These sorts of conflicts are only going to increase as the US goes its own direction on these matters, Toohey said. That's largely owing to the fact that EU member nations have a very different approach to privacy than do American companies, such as Google, Microsoft and others, which are increasingly storing data in the EU. "In some instances of civil discovery or criminal investigations, this could set up a collision course between commercial interests and the broad scope of US discovery,” Toohey said.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop