Google has been ordered by a magistrate judge in Philadelphia to turn over emails stored abroad. While we don’t have all the details of the case, it appears to be related to a domestic fraud case.
The emails in question are stored in a foreign country. The case is a domestic case.
Last summer, the Second Circuit Court of Appeals agreed that Microsoft did not have to turn over emails stored in Ireland. The court’s logic was that U.S. law does not apply in foreign countries.
In this case, a magistrate judge (a much lower level court proceeding than an appeals court) said that Google did have to turn over emails stored in a foreign country. The magistrate’s logic is, in my opinion, somewhat convoluted. The judge said that since Google could take those emails stored internationally and electronically copy them to the United States and then hand them over to U.S. authorities in California, the search would occur in the United States and, somehow, would not violate foreign laws.
By this logic, U.S. authorities could demand a U.S. based corporation to violate international law at any time by telling the U.S. company to bring data stored in a foreign country back to the U.S. and give it to U.S. authorities, here.
Google has said that it will appeal this order. If this order stands, U.S. based tech businesses run the risk of being charged with crimes in foreign countries and also run the risk of losing the business of international customers. This is the rock and a hard place that Google (and Microsoft) are stuck between.
Absent an order from a court of competent jurisdiction in a foreign country to turn over data, Google would potentially be in violation of laws such as the EU’s General Data Protection Regulation.
From a user’s standpoint, in many cases the owner of the email would not even be informed of the court order, since the order is often sealed, sometimes forever, sometimes for years.
The only way a user has any control over the situation is if the data is encrypted from end to end AND the provider does not control the encryption keys. Absio Dispatch is an example of an email solution that allows for this; Threema is an example of a messaging application that works this way.
None of the big commercial email applications such as GMail, Yahoo Mail, and Microsoft Office 365 meet these requirements.
For most users, this is a matter of convenience, and they don’t worry about the government reading their mail.
For other users, this is a matter privacy and they don’t want the government poking their nose in their private matters.
The good news is that there are options and if it matters to you you can choose whether you want to do something about it or not. However, if you do want to do something, you need to understand that it will require change for you and your communication buddies.
Information for this post came from the Telegraph.