Photo of John P. Carlin

The U.S. Supreme Court on Oct. 16, 2017, announced it had granted the government’s petition for certiorari in United States v. Microsoft and will hear a case this Term that could have lasting implications for how technology companies interact with the U.S government and governments overseas. At issue is a consequential Second Circuit decision from last year that held that warrants issued under the Stored Communications Act (SCA) do not reach emails and other user data stored overseas by a U.S. provider.

While no federal appellate court besides the Second Circuit has squarely addressed the issue, multiple district courts outside the Second Circuit have declined to follow the Second Circuit’s reasoning in similar fact patterns involving other technology giants. The result is that U.S. law enforcement has different authority to access foreign-stored user data depending on where in the United States a warrant application is made. Google, for example, has expended significant resources to develop new tools to determine the geographic location of its users’ data so as to be in accord with the Second Circuit’s approach. Yet the company currently faces a hearing on sanctions for its alleged willful noncompliance with law enforcement requests in the Ninth Circuit based on a district court ruling that parted ways with the Second Circuit.

Continue Reading SCOTUS to Resolve Lower-Court Dispute Over U.S. Warrants Seeking Foreign-Stored User Data

Computer laptop with ransomware malware virus key icon on red display background. Vector illustration technology data privacy and security concept.

The global WannaCry ransomware attack should be a wake up call for all companies about the threat ransomware poses. While WannaCry was one of the first highly publicized attacks in which ransomware was weaponized and used against numerous companies at once, there will undoubtedly be future attacks.  Companies can take proactive steps to reduce their chances of being hit by the next ransomware attack, and our team is working with companies around the world to help them be more resilient in light of these evolving threats.

Here are some key steps you can take to help your company protect itself from the next attack:

  1. Make sure software patches are routinely applied.
  2. If possible, only use supported operating systems and other software.
  3. Utilize antimalware and antivirus software tools and services.
  4. Back up your critical data.
  5. Train your employees on how to spot phishing emails.
  6. Create a cross-functional incident response plan.
  7. Practice responding to a ransomware attack in a table top exercise to be able to hit the ground running when this type of event occurs.
  8. Establish or enhance relationships with law enforcement and other critical partners.

In addition, we’ve compiled several resources to help you prepare for and respond to a ransomware incident:

GettyImages-520390753-600pxThe U.S. Department of Justice (DOJ) recently secured a notable victory against Google in a dispute over the enforceability of a U.S. search warrant seeking access to foreign-stored account data.

The April 19 ruling—from Magistrate Judge Beeler in the U.S. District Court for the Northern District of California—is the latest sign that DOJ is continuing to rely on the Stored Communication Act (SCA) to seek overseas account data even after the Department’s high profile defeat in the Second Circuit’s ruling in the Microsoft case.

And the opinion suggests that DOJ’s litigation strategy may be working.

The dispute arose after DOJ obtained a search warrant last year under the SCA directing Google to provide information related to specified Google user accounts. Google withheld some of the requested information and challenged the request. Google explained that it relies on algorithms to move user data around the world automatically to aid in network efficiency. Invoking the Second Circuit’s Microsoft ruling, which rejected DOJ’s efforts to obtain content stored on Microsoft servers in Ireland, Google argued that some of the requested data was stored exclusively overseas and therefore beyond the purview of an SCA warrant. Continue Reading Court Orders Google to Turn Over Foreign-Stored Data

Gradient and transparent effect used.

In a major development for cloud and other data storage providers, and further complicating the legal landscape for the cross-border handling of data, a Federal Magistrate Judge in the Eastern District of Pennsylvania ruled for the Department of Justice and ordered Google, Inc., to comply with two search warrants for foreign-stored user data. The order was issued on February 3, 2017 pursuant to the Stored Communications Act, (SCA), and the reasoning of the Court rested heavily on the court’s statutory analysis of the SCA. The ruling is a marked departure from a recent, high-profile Second Circuit decision holding that Microsoft could refuse to comply with a similar court order for user data stored overseas.

The SCA regulates how service providers like Google and Microsoft who store user data can disclose user information. The Magistrate Judge issued two warrants under the SCA for emails sent from Google users in the United States to recipients in the United States. Google refused to fully comply, invoking Microsoft, and the Government moved to compel. In its briefing, Google argued that the SCA can only reach data stored in the United States and that, because Google constantly shuffles “shards” of incomplete user data between its servers across the world, Google could never know for certain what information is stored domestically and what is stored overseas. Therefore, Google argued, the data sought under the warrants was beyond the reach of the SCA. Continue Reading Google Ordered to Comply with Warrant for Foreign-Stored User Data