U.S.-based Internet, email, and online storage providers can be forced to hand over overseas data, if so requested by a U.S. government search warrant, a federal judge has ruled.
The move puts the U.S. further in conflict with foreign laws, particularly European data protection and privacy law, which aim to protect data from being taken outside the 28 member state's jurisdiction.
It's long been known that U.S. authorities can legally, under its own legal system, acquire data from outside the United States. But the ruling by U.S. Magistrate Judge James Francis in New York has now further entrenched existing opinions shared by U.S. Dept. of Homeland Security and the Justice Dept. into the judicial system.
In remarks, Francis said Internet providers, like Google, Microsoft, and others, would have to hand over the data because the "burden on the [U.S.] government" to work with other nations would be "seriously impeded."
These so-called "mutual legal assistance" requests made between two nation states allow governments to seek foreign assistance in acquiring data for domestic intelligence or law enforcement purposes.
But Francis cited one expert, claiming this process "generally remains slow and laborious, as it requires the cooperation of two governments and one of those governments may not prioritize the case as highly as the other."
"This language is significant, because it equates 'where the property is located' with the location of the ISP, not the location of any server."
— Judge James Francis
He said that this may apply to "traditional" search warrants, but not those seeking online stored content, which falls under the Stored Communications Act.
"Even when applied to information that is stored in servers abroad, an [U.S. Stored Communications Act] Warrant does not violate the presumption against extraterritorial application of American law," Francis wrote in his ruling on Friday.
The case itself addressed a search warrant issued to Microsoft for a customer's data stored in Dublin, Ireland — a datacenter dedicated for European citizen data.
Microsoft complied with the search warrant "to the extent of producing the non-content information stored on servers" in the U.S., but filed a motion seeking to quash the warrant asking for overseas data.
It remains unclear which U.S. law enforcement or intelligence agency requested the data, however.
Microsoft told the Reuters news agency that it challenged the warrant because the U.S. government should not be allowed to extraterritorially search the content of emails held outside the country.
Verizon's chief lawyer Randall Milch made similar remarks in a blog post in February. He said that the company's view is "simple," adding: "The U.S. government cannot compel us to produce our customers' data stored in datacenters outside the U.S., and, if it attempts to do so, we would challenge that attempt in court."
However, legal experts, lawyers, and academics, were quick to rebuff Milch's claims, with one international legal expert calling his comments "misleading."
Verizon spokesperson Ed McFadden said at the time Verizon would "let the report stand on its own," and did not comment further.
ZDNet reached out to Verizon for renewed comment but did not immediately hear back. We will update the story if we hear back.