Photo of Joseph Roth Rosner

The U.S. Supreme Court on Oct. 16, 2017, announced it had granted the government’s petition for certiorari in United States v. Microsoft and will hear a case this Term that could have lasting implications for how technology companies interact with the U.S government and governments overseas. At issue is a consequential Second Circuit decision from last year that held that warrants issued under the Stored Communications Act (SCA) do not reach emails and other user data stored overseas by a U.S. provider.

While no federal appellate court besides the Second Circuit has squarely addressed the issue, multiple district courts outside the Second Circuit have declined to follow the Second Circuit’s reasoning in similar fact patterns involving other technology giants. The result is that U.S. law enforcement has different authority to access foreign-stored user data depending on where in the United States a warrant application is made. Google, for example, has expended significant resources to develop new tools to determine the geographic location of its users’ data so as to be in accord with the Second Circuit’s approach. Yet the company currently faces a hearing on sanctions for its alleged willful noncompliance with law enforcement requests in the Ninth Circuit based on a district court ruling that parted ways with the Second Circuit.

Continue Reading SCOTUS to Resolve Lower-Court Dispute Over U.S. Warrants Seeking Foreign-Stored User Data

GettyImages-520390753-600pxThe U.S. Department of Justice (DOJ) recently secured a notable victory against Google in a dispute over the enforceability of a U.S. search warrant seeking access to foreign-stored account data.

The April 19 ruling—from Magistrate Judge Beeler in the U.S. District Court for the Northern District of California—is the latest sign that DOJ is continuing to rely on the Stored Communication Act (SCA) to seek overseas account data even after the Department’s high profile defeat in the Second Circuit’s ruling in the Microsoft case.

And the opinion suggests that DOJ’s litigation strategy may be working.

The dispute arose after DOJ obtained a search warrant last year under the SCA directing Google to provide information related to specified Google user accounts. Google withheld some of the requested information and challenged the request. Google explained that it relies on algorithms to move user data around the world automatically to aid in network efficiency. Invoking the Second Circuit’s Microsoft ruling, which rejected DOJ’s efforts to obtain content stored on Microsoft servers in Ireland, Google argued that some of the requested data was stored exclusively overseas and therefore beyond the purview of an SCA warrant. Continue Reading Court Orders Google to Turn Over Foreign-Stored Data

Gradient and transparent effect used.

In a major development for cloud and other data storage providers, and further complicating the legal landscape for the cross-border handling of data, a Federal Magistrate Judge in the Eastern District of Pennsylvania ruled for the Department of Justice and ordered Google, Inc., to comply with two search warrants for foreign-stored user data. The order was issued on February 3, 2017 pursuant to the Stored Communications Act, (SCA), and the reasoning of the Court rested heavily on the court’s statutory analysis of the SCA. The ruling is a marked departure from a recent, high-profile Second Circuit decision holding that Microsoft could refuse to comply with a similar court order for user data stored overseas.

The SCA regulates how service providers like Google and Microsoft who store user data can disclose user information. The Magistrate Judge issued two warrants under the SCA for emails sent from Google users in the United States to recipients in the United States. Google refused to fully comply, invoking Microsoft, and the Government moved to compel. In its briefing, Google argued that the SCA can only reach data stored in the United States and that, because Google constantly shuffles “shards” of incomplete user data between its servers across the world, Google could never know for certain what information is stored domestically and what is stored overseas. Therefore, Google argued, the data sought under the warrants was beyond the reach of the SCA. Continue Reading Google Ordered to Comply with Warrant for Foreign-Stored User Data

Devices_482856241Well over a year after holding a workshop addressing privacy issues associated with cross-device tracking, Federal Trade Commission (FTC) staff have issued a report. The report sets the stage by describing how cross-device tracking works, noting its “benefits and challenges,” and reviewing (and largely commending) current industry self-regulatory efforts.

The report also makes recommendations, which—while building upon the staff’s traditional themes of transparency and choice—do not introduce any materially new suggestions for compliance.

The staff’s recommendations do not have the force of law, but they do indicate the steps that the staff believes a company should take in order to avoid a charge of unfairness or deception under Section 5 of the FTC Act.

A Quick Review of Cross-Device Tracking

As more consumers utilize multiple devices in their daily lives, more and more companies are using new technologies to attempt to ascertain that multiple devices are connected to the same person. This is generally done through the use of either deterministic information (e.g., by recognizing a user through the log-in credentials he or she uses across different devices) or probabilistic information (i.e., by inferring that multiple devices are used by the same person based on information about the devices, such as IP address, location, and activities on the devices).

Continue Reading FTC Report Reinforces the Rules for Cross-Device Tracking