Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

In re Search Warrant No. 16-960-M-1 to Google

United States District Court, E.D. Pennsylvania

August 17, 2017



          Juan R. Sánchez, J.

         Google Inc. seeks review of United States Magistrate Judge Thomas J. Rueter's February 3, 2017, Order granting the government's motions to compel Google to fully comply with two warrants issued pursuant to § 2703 of the Stored Communications Act (SCA), 18 U.S.C. §§ 2701-2712. The warrants require Google to disclose to the Federal Bureau of Investigation electronic communications and other records and information associated with four Google accounts belonging to United States citizens in connection with two domestic wire fraud investigations. Google objects to the Order insofar as it requires Google to produce data the company has elected to store on servers located outside of the United States, asserting that enforcing the warrants as to such data would constitute an unlawful extraterritorial application of the SCA, as the Second Circuit Court of Appeals held in In re a Warrant to Search a Certain EMail Account Controlled & Maintained by Microsoft Corp., 829 F.3d 197 (2d Cir. 2016) [hereinafter Microsoft], reh'g en banc denied, 855 F.3d 53 (2d Cir. 2017) [hereinafter Microsoft Reh'g]. Although Google and each of the account holders in question are based in the United States, Google contends it is the physical location of the data to be retrieved-which Google, not the account holder, controls, and which Google can change at any time for its own business purposes-that determines whether the statute is being applied extraterritorially. Because this Court agrees with the government that it is the location of the provider and where it will disclose the data that matter in the extraterritoriality analysis, and because Google can retrieve and produce the outstanding data only in the United States, the Court agrees with the Magistrate Judge's conclusion that fully enforcing the warrants as to the accounts in question constitutes a permissible domestic application of the SCA. The Order granting the government's motions to compel will therefore be affirmed.


         Google is a United States-based technology company that offers a variety of different online and communications services, including email. See Stip. ¶ 1. Although Google's corporate headquarters are located in California, the company stores user data in a number of different locations both within and outside of the United States. Id. ¶¶ 1-2. Google operates a “state-of-the-art intelligent network” that automatically moves some types of data, including some of the data at issue in this case, from one network location to another “as frequently as needed to optimize for performance, reliability and other efficiencies.” Id. ¶ 4. In addition, for some types of data-for example, a Word document attached to an email-the network breaks individual user files into component parts, or “shards, ” and stores the shards in different network locations in different countries at the same time.[1] Id. ¶ 3, Tr. 4. As a result, at any given point in time, data for a particular Google user may be stored not only outside of the country in which the user is located, but in multiple different countries, and the location of the user's data may change at any time based on the needs of the network. See Stip. ¶¶ 3-4. Thus, for example, the network may change the location of data between the time a warrant is sought and the time it is served on Google. See Id. ¶ 4.

         In August 2016, Judge Rueter issued the first of the two warrants in question in this case. The warrant directs Google to provide the FBI with copies of communications and certain other categories of information associated with three Google accounts “stored at premises controlled by Google, ” and then authorizes the government to seize certain material from the information received. The government sought the warrant as part of an ongoing wire fraud investigation, whose target is both a citizen and resident of the United States, and all three Google accounts to which the warrant pertains belong to citizens and residents of the United States. The victim of the fraud under investigation is likewise located in the United States. In issuing the warrant, Judge Rueter found the government had demonstrated there was probable cause to believe that evidence of the fraud exists in the Google accounts.

         Later the same month, United States Magistrate Judge M. Faith Angell issued the second warrant in question, requiring Google to produce to the FBI communications and other records and information associated with a single Google account belonging to the domestic target of a separate wire fraud investigation with a United States-based victim. Like the earlier warrant, this later warrant directs Google to provide the government with copies of certain categories of information associated with the account “located on [Google's] e mail servers” and authorizes the government to seize from Google's production certain files, documents, and communications. In issuing the warrant, Judge Angell found the government had shown there was probable cause to believe the target's Google account contains evidence of the fraud.

         Both warrants were directed to Google at its headquarters in California, and Google's responses to the warrants were handled by the company's Legal Investigations Support team in California. See Stip. ¶ 6; Tr. 32. Support team members are the only Google personnel authorized to access the content of user communications in order to produce such materials in response to legal process, and all support team members are located in the United States. See Stip. ¶ 5. In response to each warrant, Google searched for and retrieved from its network all responsive information stored at locations in the United States, a process that involves sending a series of queries from Google's headquarters in California to the company's data centers, directing the servers in those data centers to identify, isolate, and retrieve responsive material for Google to produce to the government. See Tr. 6-7, 30-31. All of the Google personnel involved in this process are located in California. See Id. at 32. While Google produced to the government all of the responsive information it confirmed was stored in the United States, it did not produce data not known to be located in the United States. See Stip. ¶¶ 7-8. Rather, Google withheld such data based on the Microsoft decision in which the Second Circuit held “the SCA does not authorize a U.S. court to issue and enforce an SCA warrant against a United States-based service provider for the contents of a customer's electronic communications stored on servers located outside the United States.” 829 F.3d at 222.[2]

         The government thereafter moved to compel Google to fully comply with each warrant, and the matters were consolidated for argument and disposition. On February 3, 2017, Judge Rueter issued a Memorandum of Decision and Order concluding that requiring Google to fully comply with the warrants did not constitute an extraterritorial application of the SCA and granting the government's motions to compel. Google objects to this Order, taking issue with the Magistrate Judge's extraterritoriality analysis. Following briefing of the issue by the parties and amici, [3] this Court held oral argument in this matter on April 18, 2017.


         The warrants in question were issued pursuant to the SCA, and it is the reach of the SCA's warrant provision that is at issue in this case; hence, the Court's analysis starts with the statute itself. Enacted as part of the Electronic Communications Privacy Act of 1986 (ECPA), the SCA grew out of congressional concern about the lack of privacy protection under existing federal law for electronic communications in the control of third party computer operators.[5] As the Third Circuit previously observed, the SCA “was born from congressional recognition that neither existing federal statutes nor the Fourth Amendment protected against potential intrusions on individual privacy arising from illicit access to ‘stored communications in remote computing operations and large data banks that stored e-mails.'” In re Google Inc. Cookie Placement Consumer Privacy Litig., 806 F.3d 125, 145 (3d Cir. 2015) (quoting Garcia v. City of Laredo, 702 F.3d 788, 791 (5th Cir. 2012)). The SCA addressed this problem by creating “a set of Fourth Amendment-like privacy protections by statute” for electronic communications held by two types of network service providers: providers of “electronic communication service” and providers of “remote computing service.”[6] See Orin S. Kerr, A User's Guide to the Stored Communications Act, and a Legislator's Guide to Amending It, 72 Geo. Wash.L.Rev. 1208, 1212-14 (2004); see also Sams v. Yahoo! Inc., 713 F.3d 1175, 1179 (9th Cir. 2013).

         The SCA's main substantive provisions appear in the first three sections of the Act. Section 2701 prohibits unauthorized access to “a facility through which an electronic communication service is provided, ” making it unlawful to “intentionally access[] without authorization” or to “intentionally exceed an authorization to access” such a facility and thereby to “obtain[], alter[], or prevent[] authorized access to a wire or electronic communication while it is in electronic storage in such system, ” and providing criminal penalties for a violation. 18 U.S.C. § 2701(a).[7] This prohibition against unauthorized access does not apply, however, “with respect to conduct authorized . . . by the person or entity providing a wire or electronic communications service.” Id. § 2701(c)(1). Section 2701 thus does not prohibit a service provider from accessing communications stored on its own system. See Fraser v. Nationwide Mut. Ins. Co., 352 F.3d 107, 115 (3d Cir. 2004) (interpreting “§ 2701(c) literally to except from [§ 2701(a)'s] protection all searches by communications service providers”); In re Yahoo Mail Litig., 7 F.Supp.3d 1016, 1026-27 (N.D. Cal. 2014) (“The SCA grants immunity to 18 U.S.C. § 2701(a) claims to electronic communication service providers . . . for accessing content on their own servers.”).

         Whereas § 2701(a) prohibits unauthorized access to stored communications by third parties, §§ 2702 and 2703 govern disclosure of such communications by providers of electronic communication service or remote computing service. Section 2702 prohibits providers from “knowingly divulg[ing]” the contents of stored communications and other subscriber records and information, except as specifically permitted therein, including “as otherwise authorized in section 2703.” Id. § 2702(a), (c)(1). And § 2703 sets forth the conditions under which the government may require providers to disclose the contents of stored communications and other subscriber records and information, notwithstanding the general prohibition on disclosure in § 2702. Id. § 2703(a)-(c).

         Section 2703 establishes three main forms of legal process by which the government may require a provider to disclose subscriber information in its possession: (1) “a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures), ” id. § 2703(a), (b)(1)(A), (c)(1)(A); (2) a “court order for disclosure” (or a “§ 2703(d) order”) issued based on an offer by the government of “specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation, ” id. § 2703(d); and (3) “an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena, ” id. § 2703(b)(1)(B)(i), (c)(2). The particular form of legal process the government must obtain depends on the type of information it seeks, with more intrusive disclosures requiring a higher showing by the government. To require a provider to disclose the contents of wire or electronic communications, the government must obtain a warrant, unless prior notice is provided to the affected subscriber.[8] Id. § 2703(a), (b)(1)(A). If notice is provided, the government may require a provider to disclose the contents of communications (other than those in storage with a provider of electronic communication service for 180 days or less) by obtaining a § 2703(d) order or a subpoena. Id. § 2703(b)(1)(B). Lesser forms of process are required for non-content information. The government may require a provider to disclose non-content records and other information pertaining to a subscriber by obtaining a § 2703(d) order, [9] id. § 2703(c)(1)(B), and may require disclosure of certain basic subscriber information and transactional records by way of a subpoena, id. § 2703(c)(2), though for either type of information, the government may also elect to proceed by warrant.

         The issue in this case is whether enforcing the SCA warrants in question to require Google to produce communications and other subscriber data stored on servers located outside the United States constitutes an extraterritorial application of the statute. In analyzing this issue, the Court starts with the presumption against extraterritoriality, “a longstanding principle of American law ‘that legislation of Congress, unless a contrary intent appears, is meant to apply only within the territorial jurisdiction of the United Sates.'” EEOC v. Arabian Am. Oil Co., 499 U.S. 244, 248 (1991) (quoting Foley Bros., Inc. v. Filardo, 336 U.S. 281, 285 (1949)). Under this presumption, unless a statute reflects “clearly expressed congressional intent” that it is to apply extraterritorially, it will be “construed to have only domestic application.” RJR Nabisco, Inc. v. European Cmty., 136 S.Ct. 2090, 2100 (2016). Although the presumption serves in part “to avoid the international discord that can result when U.S. law is applied to conduct in foreign countries, ” it also “reflects the more prosaic ‘commonsense notion that Congress generally legislates with domestic concerns in mind.'” Id. (quoting Smith v. United States, 507 U.S. 197, 204 n.5 (1993)). The presumption thus applies “regardless of whether there is a risk of conflict between the American statute and a foreign law.” Id. (quoting Morrison v. Nat'l Austl. Bank Ltd., 561 U.S. 247, 255 (2010)).

         The Supreme Court has developed a “two-step framework for analyzing extraterritoriality issues.” Id. at 2101. First, the court must determine “whether the presumption against extraterritoriality has been rebutted-that is, whether the statute gives a clear, affirmative indication that it applies extraterritorially.” Id. If so, then the statute applies extraterritorially, subject only to “the limits Congress has (or has not) imposed on [its] foreign application.” Id. If the presumption has not been rebutted, then the statute is not extraterritorial, and the court must determine, at the second step of the analysis, “whether the case involves a domestic application of the statute, ” id., or, put differently, “whether the domestic contacts [of the case] are sufficient to avoid triggering the presumption [against extraterritoriality] at all, ” Microsoft, 829 F.3d at 216 (quoting Mastafa v. Chevron Corp., 770 F.3d 170, 182 (2d Cir. 2014)). In making this determination, the court must discern the statute's “focus” and identify where the conduct relevant to that focus occurred. “If the conduct relevant to the statute's focus occurred in the United States, then the case involves a ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.