Opinion
CASE NO. 2:16–mj–02197–DUTY–1
07-13-2017
IN RE SEARCH OF INFORMATION ASSOCIATED WITH ACCOUNTS IDENTIFIED AS [REDACTED]@GMAIL.COM and others Identified in Attachment A that are Stored at Premises Controlled by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94025, Defendants.
ORDER RE GOVERNMENT'S MOTION FOR AN ORDER TO COMPEL IMMEDIATE PRODUCTION OR REQUIRE GOOGLE, INC. TO SHOW CAUSE WHY GOOGLE, INC. SHOULD NOT BE HELD IN CONTEMPT (Dkt. 6)
I. INTRODUCTION
This case presents the issue of whether Google, Inc. ("Google") may refuse to produce information stored on foreign data servers responsive to a warrant issued pursuant to the Stored Communications Act ("SCA"), 18 U.S.C. § 2703.
The Second Circuit, in the only appellate decision to date, ruled that Microsoft was not required to repatriate information stored on a server in Dublin, Ireland, because to do so would be an impermissible extraterritorial application of the SCA. In the Matter of a Warrant to Search a Certain E–Mail Account Controlled and Maintained by Microsoft Corp., 829 F.3d 197, 222 (2d Cir. 2016) (" Microsoft I" ). On whether to grant rehearing, the en banc panel split four to four, denying rehearing en banc and leaving the panel opinion in place. 855 F.3d 53, 55 (2d Cir. 2017) (" Microsoft II"). Every Magistrate Judge decision since Microsoft, however, has either rejected the Microsoft I ruling and agreed with the four dissenting opinions in Microsoft II, and/or distinguished Microsoft I on the facts. These five cases all hold that disclosure of electronic information in the United States retrieved from computers abroad does not constitute an extraterritorial application of the SCA. Four of the five cases involved Google. These cases all reason that, because there is no invasion of privacy until disclosure of the data in the United States, the warrants in dispute are a domestic application of the SCA.
See In the Matter of the Search of Information Associated with [redacted]@ Gmail.com That Is Stored at Premises Controlled by Google, Inc., Case No. 16–mj–757 (GMH) (D.D.C. June 2, 2017) (Dkt. 32, Ex. G); In the Matter of the Search of Content That Is Stored at Premises Controlled by Google, Case No. 16-mc-80263-LB, 2017 WL 1487625 (N.D. Cal. Apr. 25, 2017) ; In the Matter of the Search of Premises Located at [redacted] @yahoo.com, Case No. 6:17–mj–1238 (M.D. Fla. Apr. 7, 2017) (Dkt. 6, Ex. D); In re Information associated with one Yahoo email address/In re: Two email accounts stored at Google, Inc., Case No. 17-M-1234, 2017 WL 706307 (E.D. Wis. Feb. 21, 2017) (Dkt. 6, Ex. C); In re Search Warrant No. 16–960–M–01 to Google, 232 F.Supp.3d 708 (E.D. Pa. 2017).
This Court also agrees with the dissenting opinions in Microsoft II and further agrees that Microsoft I is distinguishable on its facts as to Google. Google, therefore, will be required to comply forthwith with the SCA warrant issued in this case.
II. PROCEDURAL BACKGROUND
On November 3, 2016, this Court, at the request of the Government, issued a search warrant pursuant to 18 U.S.C. § 2703 of the SCA calling for the disclosure of information in 33 gmail accounts in the possession, custody, or control of Google, Inc. (Dkt. 2.) The request was supported by an extensive affidavit from a Government agent establishing probable cause to believe that information regarding an ongoing criminal investigation is contained within the identified gmail accounts. (Dkt. 1.) This Court has jurisdiction of the matter because the alleged criminal activity occurred in this District. This Court has in personam jurisdiction over Google, which Google does not contest. (Dkt. 30, Transcript ("Tr.") at 41.) The warrant makes clear that Google was not asked to search the accounts for content information related to criminal activity. Government personnel will conduct a content search of the account information after an electronic copy of it is produced by Google to the Government.
Google complied with the warrant to the extent information from the subject gmail accounts was stored in the United States but withheld records stored outside the United States based on the Microsoft I ruling. The Government then filed the instant Motion For An Order To Compel Immediate Production ("Motion") on May 1, 2017. (Dkt. 6.) The Court heard oral argument on the Motion on June 21, 2017. (Dkt. 30, 31.)
III. FACTUAL BACKGROUND
Attached to the Government's Motion is a Stipulation of Facts. (Dkt. 6.) The Stipulation states that Google is a United States company with a principal place of business in California. (Stipulation of Facts ("Stip.") ¶ 1.) Google stores user data in various locations in and outside of the United States. (Stip. ¶ 2.) Some user files are broken into parts and different parts of files may be stored in different locations and different countries at the same time. (Stip. ¶ 3.) The Stipulation then provides:
Google operates a state-of-the-art intelligent network that, with respect to some types of data including some of the data at issue in this case, automatically moves data from one location on Google's network to another as frequently as needed to optimize for performance, reliability and other efficiencies. As a result, the country or countries in which specific user data, or components of that data, is located may change. It is possible,
therefore, that the network will change the location of data between the time when the legal process is sought and when it is served. In addition, for certain types of data, including some of the data at issue in this case, Google's tool that queries the network does not report the country in which foreign-stored data is located.
(Stip. ¶ 4 (emphasis added).)
At the hearing, Google provided more information on its operating system. It stated that any transmission of data in a foreign country back to the United States would not occur by human hand but through a direction or command from Google headquarters in Mountain View, California, to servers abroad. (Tr. at 30.) Data is distributed overseas for efficiency and optimization reasons, not because of anything that the account holder did or requested. (Tr. at 31–32.) Indeed, the account holder has no expectation whether the data is abroad or in the United States. (Tr. at 33.) Google's system operates automatically and thus a user cannot use it to put data outside the reach of U.S. law enforcement. (Tr. at 33.) Google's system is not controlled by an individual but by network parameters. (Tr. at 44.) In this respect, Google's system differs significantly from Microsoft's system, in which users enter a country code like Ireland at registration and then Microsoft migrates the data to Ireland to be stored there. (Tr. at 33, 44.)
The data on Google's network is dynamic, often on the move, and could be in the United States before the warrant was executed but not when executed or left after it was executed, and information now overseas could be back in the United States at any time. (Tr. 34–35.) It could move multiple times in the course of a week. (Tr. at 35.) The data, moreover, is being moved around not because of what somebody in Mountain View is doing with a keystroke or at the user's Request but because it is happening automatically. (Tr. 35.) Google's system can move data around automatically because Google's user agreements authorize Google to provide its services in the most efficient way possible. (Tr. 35–36.) Although some countries have passed blocking statutes to prevent production of data stored in their jurisdictions, Google's system moves data around to foreign servers and back to the United States irrespective of those statutes. (Tr. at 36–37.)
In responding to the warrant, a Google employee in Mountain View executed a key stroke to query the network and whatever came up is what Google produced. (Tr. at 38.) Notably, before the Microsoft I ruling, Google queried its global network, foreign and domestic, when producing data in response to SCA warrants. See In Re Search Warrant No. 16–960–M to Google, 232 F.Supp.3d 708, 713–14 (E.D. Pa. 2017). Based on the Microsoft I ruling, however, Google rewrote its algorithms or instructions to limit its search to data centers in the United States. (Tr. at 39.) Google discloses to the Government what it finds in the United States at the time its personnel conduct their search. (Tr. at 40.)
When responding to legal process, Google only collects and produces data through Google personnel located in the United States. (See Stip. ¶ 5.) Google readily admits that if Google is not required to produce data held by Google outside the United States, neither the United States Government nor any foreign government is able to obtain the data. (See Tr. 43 ("It can create a situation in which no government anywhere can get the data"); Tr. 44 ("There is data that neither the U.S. government nor any government can obtain on Google's network").) IV. APPLICABLE FEDERAL LAW
A. The Stored Communications Act ("SCA")
The SCA was passed as part of the Electronic Communications Privacy Act of 1986, Pub. L. No. 99–508, 100 Stat. 1848 (1986). 18 U.S.C. § 2701, entitled "Unlawful access to stored communications," makes it a criminal offense to access stored electronic communications without authorization. § 2701(a) and (b). Notably, this provision does not apply to conduct by the provider of electronic communications services or by the user, nor does it apply to compelled disclosures under § 2703. § 2701(c). Section 2702, entitled "Voluntary disclosure of customer communications or record," prohibits an electronic communications provider from disclosing the contents of stored data with specified exceptions.
Section 2703, entitled "Required disclosure of customer communications or records," governs how the Government may compel disclosure of customer data. Under § 2703(c)(2) the Government may obtain non-content customer and transactional information by an administrative subpoena, which requires no judicial review. Under § 2703(c)(2) and (d), other non-content records may be obtained by court order, which may be issued based on "specific and articulable facts showing ... reasonable grounds to believe that the contents or records ... are relevant and material to an ongoing criminal investigation."
Under § 2703(a), (b)(A), and (c)(A), the Government may require disclosure of the contents of electronic communications "only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure ... by a court of competent jurisdiction." The SCA defines a court of competent jurisdiction as a United States district court (including a magistrate judge) that has jurisdiction over an offense being investigated. § 2711(3). Section 2703(g) does not require the presence of an officer for service or execution of a SCA warrant.
B. The Morrison / RJR Analysis
Google contends that application of the SCA warrant to recover information stored abroad would be an impermissible extraterritorial application of the statute. The United States Supreme Court in Morrison v. National Australia Bank Ltd., 561 U.S. 247, 130 S.Ct. 2869, 177 L.Ed.2d 535 (2010), articulated a presumption against extraterritorial application of federal statutes, unless a contrary intent appears. Id. at 255, 130 S.Ct. 2869. If the statute is not extraterritorial, then a separate inquiry is required to determine whether the conduct in question involves a domestic application of the statute, which is ascertained by considering the focus of congressional concern. Id. at 266, 130 S.Ct. 2869. In RJR Nabisco, Inc. v. European Community, ––– U.S. ––––, 136 S.Ct. 2090, 195 L.Ed.2d 476 (2016), the Court clarified its two step framework for analyzing extraterritoriality issues:
At the first step, we ask whether the presumption against extraterritoriality has been rebutted—that is, whether the statute gives a clear, affirmative indication that it applies extraterritorially. We must ask this question regardless of whether the statute in question regulates conduct, affords relief, or merely confers jurisdiction. If the statute is not extraterritorial, then at the second step we determine whether the case involves a domestic application of the statute, and we do this by looking to the statute's "focus." If the conduct relevant to the statute's focus occurred in the United States, then the case involves a permissible domestic application even if other conduct occurred abroad; but if the
conduct relevant to the focus occurred in a foreign country, then the case involves an impermissible extraterritorial application regardless of any other conduct that occurred in U.S. territory.
Id. at 2101 (emphasis added).
C. The Microsoft Rulings
The Microsoft case began with a ruling by a Magistrate Judge in the Southern District of New York. In the Matter of a Warrant to Search a Certain E–Mail Account Controlled and Maintained by Microsoft Corp., 15 F.Supp.3d 466 (S.D.N.Y. 2014). Magistrate Judge James C. Francis issued an SCA warrant for disclosure of information from an email account. Id. at 468. When Microsoft learned that the information sought by the warrant was stored on a computer in Dublin, Ireland, it moved to quash the subpoena as to that information. Id. at 467–68. The information had come to be stored in Ireland because the customer at registration entered the country code for Ireland. Id. at 467. Microsoft migrated the content information to Ireland, deleting it from servers in the United States. Id. Denying the motion to quash, Judge Francis reasoned that an SCA warrant is a hybrid warrant, part search warrant and part subpoena. Id. at 471. He noted that no agent enters Microsoft's premises to search its servers and seize the email account, id., and no exposure of the information to human observation occurs until the information is reviewed in the United States and, thus, there is no extraterritorial search. Id. at 472. He held that Microsoft must produce all information in its custody, just like a subpoena would require. Id. On review, District Judge Preska affirmed Judge Francis' Order and held Microsoft in contempt. Microsoft I, 829 F.3d at 200–01.
The Second Circuit reversed, determining at the first step of the Morrison / RJR analysis that the SCA warrant provisions do not contemplate or permit extraterritorial application as the Government conceded. Id. at 210–11. In reaching this conclusion, the Second Circuit panel treated an SCA warrant like a traditional warrant under Federal Rules of Criminal Procedure Rule 41, which always has been applied domestically, and not like a subpoena. Id. at 212–16. Thus, it held that an SCA warrant "protects privacy in a distinctly territorial way." Id. at 212. At step two of the Morrison / RJR analysis, the panel concluded that the focus of the SCA is the privacy of stored communications, not disclosure as argued by the Government. Id. at 216–20. The court then found that, because the content subject to the warrant is located in Dublin and would be seized there, the conduct relevant to the focus of the statute would be an unlawful extraterritorial application of the statute. Id. at 220. The court held that "the invasion of the customer's privacy takes place under the SCA where the customer's protected content is accessed—here, where it is seized by Microsoft, acting as an agent of the government." Id.
Rehearing en banc was denied by a 4–4 vote, leaving Microsoft I in place. Microsoft II 855 F.3d 53 (2d Cir. 2017) (" Microsoft II"). All four dissenting judges wrote opinions and concurred in each other's opinions. The Jacobs dissent argued that no extraterritorial reach is necessary to require delivery in the United States of the information sought by the SCA warrant, which is easily accessible in the United States by a Microsoft employee sitting at a computer terminal. Id. at 61.
The Cabranes dissent criticized Microsoft I because it ignored the facts that Microsoft lawfully had possession of the emails, Microsoft had access to the emails in the United States, and Microsoft's disclosure to the Government would take place in the United States. Microsoft II, 855 F.3d at 63. Judge Cabranes argued that, even if the focus of the SCA is privacy, the conduct relevant to that focus is "a provider's disclosure or nondisclosure of emails to third parties, not a provider's access to a customer's data." Id. at 66. Judge Cabranes further argued that the Microsoft I panel majority failed to explain adequately why the customer's privacy is violated where the content is accessed. Id. at 67. He explained that only § 2701 of the SCA specifically limits access to customer data, which is "the only plausible textual basis for the panel majority's bizarre holding" that invasion of a customer's privacy takes place where the customer's content is accessed. Id. at 67. Section 2701, however, gives the provider standing authority to access a customer's data. Id. Section 2701(c) expressly exempts conduct by the provider from the prohibition on authorized access in § 2701(c). Sections 2702 and 2703, moreover, regulate disclosures by a provider. Id. at 67–68. It is only when a provider divulges content to a third party that it puts a party's privacy at risk. Id. at 68. Judge Cabranes concluded that Microsoft did not need a warrant to take possession of the emails stored in Ireland or to move them to the United States; it already had possession of and access to the emails at its office in Redmond, Washington. Id. Only their disclosure to the Government in the United States required a warrant. Id.
Judge Cabranes complained that Microsoft I has resulted in other internet service providers adopting restrictive policies for responding to Government SCA warrants. Id. at 64. In particular, he singled out Google for now disclosing only those portions of a customer's account stored in the United States at the moment the warrant is served. Id. Judge Cabranes found Google's policy troubling because the only Google employees who can access the entirety of a customer's account are located in the United States (and thus beyond reach of a search from abroad), which has the result that the Government will never be able to obtain information on servers stored abroad through the Mutual Legal Assistance Treaty ("MLAT") process. Id.
--------
The Raggi dissent began by asserting that § 2703 warrants, unlike traditional warrants which are directed at places, require a provider to disclose content and are executed with respect to persons. Id. at 70. The presumption against extraterritoriality "expects the person to be present in the United States" and if so execution of the warrant is a domestic application of U.S. law without regard to where the person must retrieve the materials ordered disclosed. Id. Judge Raggi took issue with the Microsoft I holding that an SCA warrant "protects privacy in a distinctly territorial way," asserting that warrants do not apply extraterritorially because of concerns of sovereignty, not customer privacy. Id. at 71. Warrants protect privacy through the Fourth Amendment requirement that they issue only upon probable cause. Id. Judge Raggi disagreed with Microsoft I's holding that a person subject to an SCA warrant for information already in that person's possession is seizing anything as an agent of the Government. Id. at 72. He faulted Microsoft I for relying on cases where the items sought were not already in the actor's possession; by contrast, Microsoft did not need any warrant, approval of Irish authorities, or even approval of its subscriber to transfer data stored in Ireland. Id. at 72. Microsoft did not execute the warrant—federal authorities did, and there was no seizure. Id. The only territorial event needing a warrant was disclosure of information already lawfully in Microsoft's possession in the United States. Id. No warrant was needed for Microsoft to access stored data in Dublin. Id. Judge Raggi, finally, disagreed with the panel majority opinion that privacy is the focus of § 2703 and that subscriber privacy would be invaded in Ireland. Id. at 73. Microsoft is entitled to access customer communications and to move them at will; such actions disclose nothing to the Government about the content of such communications. Id.
The Droney dissent argued that, in determining whether a statute applies domestically or extraterritorially, a court must read the statute provision by provision, not as a whole, citing RJR, 136 S.Ct. at 2103. Id. at 75. Judge Droney read § 2703 to mean that the location of the provider is relevant to whether the SCA applies domestically or not. Id. at 76. Microsoft is located in the United States and disclosure will occur here. Id. That Microsoft has chosen to store data abroad, based on its own business considerations and not for reasons of customer privacy, has no bearing on the issue. Id.
D. Subsequent Magistrate Judge Decisions
There have been five Magistrate Judge decisions since Microsoft I, four of them involving Google. All ruled for the Government.
A Northern District of California Magistrate Judge found persuasive the views of the four dissenting judges in Microsoft II. In the Matter of the Search of Content That Is Stored at Premises Controlled by Google, 2017 WL 1487625, at *4 (N.D. Cal. Apr. 25, 2017). Magistrate Judge Laurel Beeler held that a SCA warrant differs from a Rule 41(b) warrant because the Government does not search a place or seize evidence. Id. It seeks disclosure by the provider of information in its possession. Id. The service provider is in the district and subject to the court's jurisdiction, and the warrant is directed to it in the only place where it can access and deliver the information the Government seeks. Id. Judge Beeler, moreover, distinguished Microsoft I on the facts, noting that, unlike Microsoft I where storage of information is tethered to a user's location, there is no storage decision with Google. Id. The process of distributing information is automatic by algorithm in aid of network efficiency. Id. The disclosure is a domestic application of the SCA.
In the Eastern District of Pennsylvania, Magistrate Judge Thomas J. Rueter reasoned that, even if the focus of § 2703 is privacy, transferring data from a foreign country to Google's data center in California does not interfere with a user's access or possessory interest in his electronic information and, thus, is not a seizure in a foreign country. In re Search Warrant No. 16–960–M–01 to Google, 232 F.Supp.3d 708, 719–21 (E.D. Pa. 2017). The court also found that the actual invasion of the account holders' privacy—the searches—will occur in the United States. Id. at *11. Thus, the SCA warrants are a domestic application of the statute executed on Google. Id. at *11. The court also observed that the fluid nature of Google's cloud technology makes it uncertain whether a foreign state's sovereignty or which foreign state's sovereignty is implicated, thereby lessening any international comity concerns. Id. at *12.
In the District of Columbia, Magistrate Judge G. Michael Harvey also found the reasoning of the four dissenters in Microsoft II persuasive and concluded that the SCA warrants executed on Google were a domestic application of the statute. In the Matter of the Search of Information Associated With [Redacted]@Gmail.com That Is Stored at Premises Controlled by Google. Inc., Case No. 16–mj–757 (GMH) (D.D.C. June 2, 2017) (Dkt. 32, Ex. 6 at 2). The court found that the focus of § 2703 is disclosure, not privacy. Id. at 17. The court also adopted Judge Cabranes' position that only § 2701 addresses access. Id. at 17, 18. The court held that Google is not seizing data as it already is entitled to access the user's data in accordance with its user agreement and § 2701(c). Id. at 20. Google users have no capacity to control the storage location of their data because users agree when signing up to allow Google to access and transfer their data at will. Id. at 5. Google, moreover, undermines its position by its insistence that it does not act as an agent of the Government. Id. at 21. The data sought by the warrant is already in Google's possession, custody, and control, and it did not need any authorization to access it. Id. at 21–22.
In the Eastern District of Wisconsin, in a case involving both Google and Yahoo, Magistrate Judge William E. Duffin determined that what matters in the execution of a SCA warrant compelling disclosure by a service provider is the location of the service provider. In re Information associated with one Yahoo email address that is stored at premises controlled by Yahoo/In re: Two email accounts stored at Google, Inc., 2017 WL 706307, at *3 (E.D. Wis. Feb. 21, 2017). If the service provider is within reach of the court, it can be ordered to disclose user data in the service provider's custody and control, regardless of where it is located. Id.
In the Middle District of Florida, in a case involving Yahoo, Magistrate Judge Thomas B. Smith held that the focus of § 2703 is compelled disclosure and thus an SCA warrant seeking user data from a provider in its jurisdiction is a domestic application of the state. In the Matter of the Search of Premises Located at [redacted]@yahoo.com, etc., Case No. 6:17–mj–1238 (M.D. Fla. Apr. 7, 2017) (Dkt. 6, Ex. D at 4). The court held that in personam jurisdiction gave the court the power to compel disclosure of Google user data. Id. Any privacy concern is resolved through the requirement of a showing of probable cause before the warrant is issued. Id.
The Court understands that all five of the above Magistrate Judge rulings are under review by a District Judge.
V. ANALYSIS
A. Morrison / RJR and Microsoft I
As to the first step of the Morrison / RJR analysis, all the decisions above agree, and the Government concedes, that the SCA is not extraterritorial. The dispositive issue is whether application of the SCA warrant to compel Google to disclose information in 33 user gmail accounts in Google's possession, custody, and control now stored on its foreign servers is a domestic application of the statute. The Court concludes that it is.
Under the second step of the Morrison / RJR analysis, the Court must determine whether the conduct relevant to the focus of the statute occurred in the United States; if so, the case involves a permissible domestic application of the statute, even if other conduct occurred abroad. RJR, 136 S.Ct. at 2101. The Court disagrees with the Microsoft I ruling that the focus of the SCA, at least as to § 2703, is the privacy of stored communications. See 829 F.3d at 216–20. The Court also disagrees with the Second Circuit's critical holding that "the invasion of the customer's privacy takes place under the SCA where the customer's content is accessed—here, where it is seized by Microsoft, acting as an agent of the Government." Id. at 220. The Court further disagrees with the Microsoft I ruling that an SCA warrant is like a traditional warrant.
As Judge Cabranes observes, the Second Circuit's critical holding on access is not rooted in or supported by the text of the SCA. Microsoft II, 855 F.3d at 66–67. Only § 2701 directly addresses access. Sections 2702 and 2703 concern disclosure and barely mention the word "access." Plainly, the SCA's focus is both access and disclosure. The mistake in Microsoft I was recognizing only one focus. RJR makes clear that a court must read the statute provision by provision, not as a whole. 136 S.Ct. at 2103. Section 2701's focus may be privacy, but the focus of §§ 2702 and 2703 is disclosure.
The text of the SCA, moreover, does not support the assertion that an invasion of the customer's privacy occurs where Microsoft accessed it. Section 2701's access restrictions do not apply to Microsoft. Section 2701(c)(1) expressly excepts providers from the prohibitions on access in 2701(a). Microsoft's user agreement also provides Microsoft with access. There can be no invasion of privacy by someone already fully authorized to access the content of user data. What matters is that there will be no disclosure of user data to a third party like the Government when the user's content is accessed by Microsoft from the United States. There is no invasion of privacy until it is disclosed to the Government in the United States. No warrant is necessary except for the disclosure of the information to the Government here in the United States.
Necessarily, there was no "seizure" of data because Microsoft already had possession, custody, and control. It already had lawful access to the data. It was not in someone else's possession. Nor was it the case that Microsoft was acting as the agent of the Government. The same principles apply here to Google. The data is in Google's possession, custody, and control. Moreover, Google affirmatively denies that it is an agent of the Government. (Tr. at 42.) Microsoft and Google are simply custodians of information who are compelled to disclose it in the United States in response to an SCA warrant.
The Court rejects Google's argument that an SCA warrant means an order to search places and things with associated territorial restrictions as if an SCA warrant is like a Rule 41(b) warrant. Section 2703 does not require a Rule 41(b) warrant. As part of the Patriot Act in 2001, Congress altered the previous language of § 2703 from "a warrant issued under the Federal Rules of Criminal Procedure" to a warrant "using the procedures described in the Federal Rules of Criminal Procedure." P.L. 107–56, § 220, October 26, 2001, 115 Stat. 291. Rule 41(d), (e) and (f) describes procedures for obtaining, issuing and executing and returning a warrant. Had Congress wanted to require a traditional warrant, it could have required a 41(b) warrant but did not do so. An SCA warrant is not directed at a place but to a person. This Court has in personam jurisdiction over that person (entity) who can be compelled to disclose information in his (its) possession, custody, or control and which that person (entity) has authority to access from here in the United States. As other courts have concluded, as did the concurring opinion in Microsoft I, 829 F.3d at 226–28, an SCA warrant is not a traditional warrant and is not even described as a search warrant.
B. Google
This Motion in regard to Google presents an even stronger case for the Government than was presented in the Microsoft I case. In Microsoft I, the user entered a country code on registration, Microsoft migrated the user's data to the country code selected by the user, and the data stayed in the country selected, Ireland. Here, Google distributes a user's data in pieces across its system automatically, not because of any action on the part of the account holder. (Tr. 31–33.) The data is frequently on the move, from the United States to foreign countries and back again, without regard to any foreign country's blocking statutes to control data while it is in a particular country. (Tr. at 36–37.) There is no one country stable locus like in Microsoft's system. Google moves user data around its system at will pursuant to its authority under § 2701(c)(1) and its user agreement. The user does not know where its data is stored, cannot express any preference as to location and cannot use Google's system to put it outside the reach of U.S. law enforcement. (Tr. at 33.) The user has no expectation whether the data is stored in the United States or abroad. (Tr. at 33.) Google's system is not controlled by the user but by network parameters or efficiency, i.e., Google's own business decisions. (Tr. at 31–32.) Google, in other words, has complete control over user data and its location. It cannot be denied that Google already has authority to access user data or that it has complete possession, custody, and control over it, with complete discretion over data storage.
These facts undermine Google's contention that responding to an SCA warrant for data stored overseas would be an extraterritorial application of the statute. Google states that, to do as the Government requests, it would have to: (1) write a query to search data centers located in the countries outside the United States, (2) execute a query to search foreign data centers for files and components, (3) "seize" the responsive files and file components, (4) assemble the file components into files, (5) retrieve those communications from foreign data centers, (6) transfer them to the United States; and (7) disclose them to the Government. (Google Oppos., at 12:18–13:3.) All of these steps, however, occur domestically at Google's headquarters in Mountain View, California. They are carried out by Google personnel here in the United States. No human hand in a foreign country is involved. No one goes to a foreign country to retrieve data. All of the actions Google described are within its authority under § 2701(c)(1) and its user agreement. There is no "seizure" of data, as if from someone else in a location it does not control. Google has complete discretion to move data around the globe and does so on a regular basis, irrespective of foreign blocking statutes. It cannot seize data already within its possession, custody, and control. The warrant only asks Google to do what it is already authorized to do. Google's first six steps involve no invasion of a data user's privacy. The only invasion of privacy occurs when Google discloses the data to the Government here in the United States. RJR provides, "If the conduct relevant to the statute's focus occurred in the United States, then the case involves a permissible domestic application even if other conduct occurred abroad." 136 S.Ct. at 2101 (emphasis added). Here, Google's conduct in regard to the focus of the statute, i.e., disclosure, would occur in the United States. The transmission of data from foreign servers in response to a command executed in the United States, which involves no invasion of privacy and no search, constitutes "other conduct occurring abroad." Indeed, Google's disregard of foreign blocking statutes and frequent movement of data from country to country (and back to the United States) render irrelevant international comity and sovereignty concerns that underlie the domestic application of traditional search warrants. Thus, application of the SCA warrant to Google on the facts established here is a domestic application of the statute.
Google, moreover, omits reference to all of its conduct relevant to the statute's focus. Before the Microsoft I ruling, Google routinely responded to SCA warrants by querying its global network, foreign and domestic. Had Google responded in like fashion here, we would not need to even discuss the first six steps Google has described. We would focus only on the last step of domestic production of the data to the Government here in the United States. Based on the Microsoft I ruling, however, Google rewrote its algorithms to query only data centers in the United States. Why did Google act so precipitously? Google, which has excellent lawyers, had to know that Microsoft I was not a final ruling yet and hardly would be the last word on the issue. Google has to know Microsoft I is not binding outside the Second Circuit. Google certainly knows it has authority to access user data pursuant to § 2701(c)(1) and its user agreement. Google, moreover, is immunized from any liability for complying with the warrant under § 2703(e). Nonetheless, Google deliberately created an impasse that thwarts law enforcement efforts to prevent and/or punish illegal activity, presumably to encourage Congress to amend the statute. Google's voluntary alteration of its algorithms to disable itself from engaging in conduct here in the United States, which it has the authority to do under § 2701(c)(1) and its user agreement, was both premature and unwarranted.
VI. ORDER
For all the foregoing reasons, IT IS HEREBY ORDERED that the Government's motion be GRANTED. Google shall comply forthwith with the SCA warrant issued in this case by immediately disclosing the content records and data called for in the warrant that are within Google's possession, custody, or control, whether they are located in the United States or in other countries.