Apple, Amazon, Microsoft, and Cisco have filed an amicus brief supporting Google in an ongoing case dealing with security and privacy, topics that Apple has been known to advocate in the past (via Business Insider). Most recently, Google's case has led to a court in Pennsylvania requesting the company to comply to an FBI warrant asking for emails residing on foreign servers.
Although it's unclear what resides within the emails in question, in a report last month (via The Register) it was said that a Pennsylvania district court submitted two domestic search warrants -- issued under the Stored Communications Act -- targeted at the suspects in the case and their emails stored overseas. Google was given two orders previously, which it refused to comply with, before the judge in the case ruled that as an American corporation it must abide by the rulings of an American court, no matter where the data in question is being held.
The coalition of companies supporting Google now argue that the scope of the SCA doesn't reach into foreign territories, and could lead to Google being forced to violate foreign data privacy laws. The amicus brief cites a case where Microsoft was asked to hand over emails stored on cloud servers in Ireland.
Microsoft eventually won that case when it argued that the SCA does not cover data stored on servers in foreign countries and that the Act itself is "a statute enacted when the internet was still in its infancy" (it dates back to 1986) and subsequently should not be the touchstone of modern, technology-driven privacy cases.
The U.S. Government frequently serves some Amici with warrants issued under the Stored Communications Act (SCA). When the data sought is stored in a U.S. data center, Amici regularly comply with such warrants. The Government, however, also has attempted to use such warrants to force some Amici, without consent of the customer or the foreign country, to seize private emails stored in a foreign country and to turn them over to the Government. But the SCA does not authorize warrants that reach into other countries, and forcing those Amici to execute such searches on the Government’s behalf would place those Amici in the position of being compelled to risk violating foreign data privacy laws
The brief also argues that if Google is forced to hand over the emails, a reverse situation could occur that opens the floodgates for foreign countries to request emails from U.S. citizens that are stored on U.S. servers. At the most extreme, the brief argues that foreign nations could see the data extraction as "an affront to their sovereignty in much the same way that physically conducting law enforcement activity on foreign soil would violate their sovereignty and territorial integrity."
Other than the filing of the amicus brief, Google's case hasn't moved forward in any way since February. When the Pennsylvanian court filed the search warrant forcing Google to hand over the emails, a spokesperson for the company said that Google plans to continue to appeal and "we will continue to push back on over-broad warrants."
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Top Rated Comments
1. Central storage of customer data is no longer an option in global business. More and more countries require their citizen's data to be stored within their borders. There's really no advantage from a company standpoint, so why would they start choosing countries? Their options will be do business our way or do business elsewhere.
2. You can't throw that caveat into the equation as a defense. History has proven time and time again that government overreach is a concrete consequence of relinquishing freedoms. If Google loses to the US, a very good case can be made that other countries will start requesting the same types of access on info stored in the US. There's no guarantee their motives will be pure. Hell, there's no guarantee the US' motives will be pure. Again, history suggests it won't be.
Google needs to win this case, just like Microsoft did. If they lose, the next request could be info from Apple's servers, or Facebook's, or... you see where this is going. To look at this one case as if it's an isolated entity unto itself is shortsighted.
edit: @Fall Under Cerulean Kites has the right solution: Get the warrant in the proper jurisdiction.
The simple solution is to get a warrant in the proper jurisdiction. And this is the game - LEOs want to make things as easy as possible, and have as far a reach as possible. It’s our job to fight this sort of overreach.
A company's records is not the same as customer records. They fall under different applicable laws. The arguments used for one cannot be applied to the other. As you said, no blankets... in prohibitions nor permissions.
This issue has already been solved and procedures already exist for this type of issue. Go through the proper channels to secure a warrant. Sovereign territories have domain over it's citizens.
This particular issue isn't about the suspect at all. It has nothing to do with a suspect receiving US nor foreign protections. The suspect isn't even germane. As stated earlier, whatever was on a US server the government already has.
Bolded: Thankfully, the law doesn't work that way. Businesses have to follow the laws in the country in which they're operating. Being a US company doesn't exempt Google from laws in Brazil, Germany, India, Russia, China, etc. More importantly, US law does not supersede the laws worldwide.