Compliance Management, Privacy

Judges disfavor Microsoft Ireland decision in two cases pitting Google against DOJ

A pair of federal judges have separately issued rulings or statements in the last two weeks that struck a blow against Google in its attempt to block the U.S. Department of Justice from accessing customer data stored overseas.

In both instances, the judges appeared to put little stock in the 2016 "Microsoft Ireland" decision, in which the Second Circuit Court of Appeals ruled that federal subpoena served under the Stored Communications Act do not apply to searches for data stored overseas by service providers.

In the more recent case, U.S. District Judge Richard Seeborg of the Northern District of California reportedly stated on Thursday that he was leaning toward affirming a magistrate judge's order in April that Google must provide the DOJ with data stored outside the U.S. in a case that involves the U.S. Attorney's Office Gang Strike Force Unit and the DOJ's Computer Crime and Intellectual Property Section.

According to a report in the law journal The Recorder, Seeborg noted in Thursday's San Francisco hearing that because Google can gain access to the overseas files via its headquarters in Mountain View, "The response to the warrant is occurring in the United States." Seeborg reportedly also said that the Microsoft Ireland decision was a highly controversial one that was very close to being reviewed in an en banc hearing, and that the dissenting judges who argued that the previous ruling undermines public safety "have the better argument."

Ten days earlier, on July 31, Judge Beryl Howell of the U.S. District Court in Washington DC upheld a magistrate judge's previous ruling that Google must provide data to the DOJ in a different case, asserting that a warrant served under the Stored Communications Act that seeks electronic records stored overseas by a U.S.-based service provider "does not amount to an extraterritorial application of the SCA..."

In her ruling, Howell opined that the Second Circuit court "erred" in its Microsoft Ireland decision, noting that "every other court to consider the issue, including this Court's Magistrate Judge, has resolved this question differently and rejected the holding of Microsoft." To back up this point, Howell even referenced the Northern California magistrate judge's decision in the San Francisco-based Google case that Seeborg currently presides over.

"Basic notions of enforcement jurisdiction combined with the plain language of the statute confirm that a court with jurisdiction over the offense being investigated, or in the same district where the service provider or the information being sought is located... may issue an SCA warrant to compel a U.S.-based service provider to retrieve user information stored on the provider's servers located abroad, provided the government has sufficiently supported its application with probable cause," Howell ruled.

In June 2017, the U.S. filed a petition for the U.S. Supreme Court to consider the Microsoft Ireland ruling.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.