Extra-Territoriality of Government Email Searches Heats Up in Court

In July 2016, Microsoft won a victory in the Second Circuit in quashing a warrant issued under the Stored Communications Act to produce the contents of a customer’s e‐ mail account stored on a server located outside the United States.  The court held that seizure of information from Microsoft’s servers in Ireland  was prohibited since the Stored Communications Act was not intended to have extraterritorial effect.

The Justice Department was highly critical of the Second Circuit opinion and was said to be considering legislative relief.

Major US-based providers like Google and Yahoo! store a customer’s email content across an ever-changing mix of facilities around the world. To the extent content is stored abroad by the provider at the moment the warrant is served, the Opinion has now placed it beyond the reach of a Section 2703 warrant, even when the account owner resides in the United States and the crime under investigation is entirely domestic.

Last week, a federal judge in the Eastern District of Pennsylvania, however, has rejected the Microsoft precedent in a case involving the retrieval of communications for a U.S. citizen that happens to be stored overseas.  The court found that no extraterritorial seizure takes place since a seizure requires “some meaningful interference with an individual’s possessory interests in that property,” which does not occur in this case.  The court noted

Even though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States.

The court concluded that,

the conduct relevant to the SCA’s focus will occur in the United States. That is, the invasions of privacy will occur in the United States; the searches of the electronic data disclosed by Google pursuant to the warrants will occur in the United States when the FBI reviews the copies of the requested data in Pennsylvania. These cases, therefore, involve a permissible domestic application of the SCA, even if other conduct (the electronic transfer of data) occurs abroad