Network Security, Vulnerability Management

Privacy alert: FBI pressing Google to hand over U.S. customer data stashed on foreign servers

Google is being pressured to hand over data to the FBI that is has stored on a foreign server, according to a Monday report on ZDNet.

The order on Friday from U.S. Judge Thomas Rueter, in Philadelphia, requests that Google comply with FBI search warrants necessitating the retrieval of customer data stashed on servers overseas.

The FBI desires the emails for its investigations into a domestic fraud court case. The judge claimed that the transfer of email files from servers located abroad to U.S. soil inferred "no meaningful interference" with the suspects' "possessory interest." Rather, the judge said the files are needed so they could be examined by FBI agents locally. The move did not qualify as a seizure, he said.

"Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States," Judge Rueter stated in his statement.

However, privacy advocates are riled, and have precedence for their argument that the transfer is an invasion of privacy. On July 14 of last year, Microsoft triumphed in court in a similar case, when authorities sought customer data held on servers stored overseas. It took a few years of legal haggles, but the Redmond, Washington-based tech giant won its argument, which led to sighs of relief from a number of tech and media companies, privacy activists and such privacy advocate groups as the American Civil Liberties Union and U.S. Chamber of Commerce. Cheers were muffled in October, however, when the Department of Justice (DoJ) sought to reopen the case, but the proceedings were shut down at the beginning of the new year.

The statute in question in both cases is the Stored Communications Act, which places some boundaries on the extent of the disclosure of wire and electronic stored information managed by internet service providers (ISPs), but which many argue is an outdated law.

The two judges involved in the separate cases are coming down on opposite sides of the ruling: In New York, the judge involved in Microsoft's case ruled that the "act was not designed to apply outside of the U.S." Meanwhile, the judge in the Google case appears to be leaning the other way. The Mountain View, California-based search giant released a statement over the weekend asserting that the magistrate in its case had "departed from precedent," and promised to appeal the decision.

"We will continue to push back on overbroad warrants," Google added.

Requests by federal authorities to obtain data stored overseas is a recurring issue which is going to be increasingly important, Tim Toohey, a partner at Greenberg Glusker (in Los Angeles) and head of its cybersecurity practice, told SC Media on Monday. The process causes issues, particularly for American-based companies that are storing information/data overseas. 

"European countries want data regulation and data under control," he explains. "We have a real culture clash between the privacy-oriented point of view, particularly in the EU and the U.S. which has very broad scope of discovery rules for both civil and criminal issues."

These sorts of conflicts are only going to increase as the U.S. goes its own direction on these matters, Toohey said. That's largely owing to the fact that EU member nations have a very different approach to privacy than do American companies, such as Google, Microsoft and others, which are increasingly storing data in the EU. "In some instances of civil discovery or criminal investigations, this could set up a collision course between commercial interests and the broad scope of U.S. discovery,” Toohey said.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.