The un-territoriality of data.

• Author: Daskal, Jennifer
• Position: II. Data Is Difference through Conclusion, with footnotes, p. 365-398

2. DATA IS DIFFERENT

   Territorial-based distinctions--whatever their purpose--depend, at their core, on the ability to distinguish between the relevant "here" and "there" and a determination that the "here" and "there" matter. Data, and the manner in which it is accessed and controlled, is undercutting both of these foundational assumptions. This Part explores how data differs from its tangible counterparts and why these differences matter. It focuses in particular on data's mobility, divisibility, location independence, intermingling, and third-party control.

   1. Data's Mobility

      Physical objects moving from place to place are constrained by the ordinary laws of physics and by generally observable and conscious choices about how to move from Point A to Point B. For example, a person traveling from Washington, D.C., to Philadelphia will generally take the most direct route by traversing across Maryland and Delaware. If the traveler detours to France, it is likely the result of a planned decision. The same is true for data's closest tangible counterpart: mail. It is highly unlikely that the United States Postal Service would send a letter through Paris on the way from Washington, D.C. to Philadelphia absent some significant snafu. Similarly, when one stores tangible property in a safe-deposit box or locked storage unit, it has a known, observable, and fixed location. Absent a theft or seizure of property, it will stay there until the owner decides to move it elsewhere.

      Data's mobility--in particular its speed and unpredictability--challenges our understanding of both what it means to transit from place to place and what it means to "store" our property. When two Americans located in the United States send an e-mail, the underlying zeroes and ones generally transit domestic cables. But they also, with some nonnegligible frequency, exit our borders before returning to show up on the recipient's computer screen. (150) When one Google chats with a friend in Philadelphia or uses FaceTime with a spouse on a business trip in California, the data may travel through France without the parties knowing that this is the case. Similarly, when data is stored in the cloud, it does not reside in a single fixed, observable location akin to a safe-deposit box. It may be moved around for technical processing or server maintenance reasons. It could also be copied or divided up into component parts and stored in multiple places--some territorially and some extraterritorially. (151) At any given moment, the user may have no idea-and no ability to know--where his or her data is being stored or moved, or the path by which it is transiting.

      These distinctions between tangible property and data matter for at least two reasons. First, they highlight the potential arbitrariness of data location as determinative of the rules that apply. Whereas the location of one's own person and tangible property is subject to generally understood rules and limitations on the way physical property moves through space, data can move from Point A to Point B in circuitous and arbitrary ways, all at breakneck speed. This is precisely the government's point in the Microsoft case when it warns against the "arbitrary outcomes" that would result if government access to data depended on where a provider chose to hold data at any given point in time. (152) And while the government fails to make the point, the same argument can be made with respect to privacy protections that turn on data location.

      Second, the path that data travels is often determined without the knowledge, choice, or even input of the data user. (153) This matters for purposes of both notice and consent. It is widely understood that when one travels to, or retains property in, a foreign jurisdiction, one is subject to that sovereign nation's laws. Individuals and entities are required to conform their behavior accordingly or accept the consequences. But if an individual sends an e-mail to a friend in Philadelphia that happens to transit through another nation, that individual is not consciously choosing to bind himself to any particular foreign government's laws. Nor is the user consciously choosing to relinquish protections guaranteed by the Fourth Amendment or statutory protections governing the search and seizure of property in the United States simply because the data happens to transit outside the United States. Similarly, when one stores data in the cloud, one often has little control or even knowledge about the places where it is being held; these are decisions that are instead generally entrusted to computer algorithms. The user thus lacks knowledge and choice as to the rules that apply. (154)

   2. Data's Divisibility and Data Partitioning

      Data stored in the cloud is often copied and held in more than one location. This protects against server malfunctions and ensures that a user can continue to access his or her data from a back-up location. Some storage locations might be territorial and some might be extraterritorial. (155) This is akin to making multiple copies of one's documents and storing those copies in multiple jurisdictions. This practice, therefore, is not unique to data. But the ease and speed by which data can be copied and moved has led to an exponential increase in multisite--and possibly multination--storage.

      Data partitioning--under which a single database is divided into multiple parts so as to increase the manageability and efficiency of use--adds another layer of complexity. (156) The various components of a partitioned database may be held in multiple locations. In certain instances, so-called "relational databases" are only comprehensible if pulled up using the appropriate application. A health care provider, for example, may be able to pull up a patient's medical records in his or her office. But the component pieces--the patient's name, biographical information, and drug history--might be distributed and stored in different locations; without the appropriate software, the relevant information could not be assembled in a usable form. (157)

      Data divisibility and data partitioning thus highlight the potential arbitrariness and complications of making data location determinative of the rules that apply. Can the government evade Fourth Amendment protections that apply to a non-U.S. person's data stored within the United States by instead searching or seizing a back-up copy stored extraterritorially? Can (or more importantly, should) the United States demand that U.S.-based ISPs retain copies of their customers' data within the territorial jurisdiction of the United States so as to avoid the kinds of issues being raised by the Microsoft case? In a relational database, is the relevant location the place from which the data is accessed and reassembled in a usable form, or the locations where each of the component parts is stored? Under the analogous rule for tangible property, the location of each component part would control. But this would require a territoriality determination--and possibly the application of different rules--for the acquisition of the various fragments of a sought-after account or database. As these questions suggest, data location is both highly manipulable and, in some cases, difficult to define. The manipulability and indeterminacy of data thus undercut the normative significance and stability of data location, raising important questions as to the primacy of data location in determining the rules that apply.

   3. Location Independence

      1. Disconnect Between Location of Access and Location of Data

         One of the biggest changes wrought by modern technology is the possible disconnect between the location of the government actor performing the search or seizure and the location of the property being searched or seized. With the rise of modern technology, an agent conducting a search or seizure no longer need be physically located in the same place as the target of the search or seizure. (158) This Section begins by analyzing how courts and the executive branch have addressed this location independence between government agents and their targets in the context of guns and drones. It then explores how data's unique features affect the analysis.

         In two recent cases, U.S. border control agents located on U.S. soil shot and killed noncitizens on the Mexican side of the border. (159) In both cases, the parents of the deceased children brought (among other claims) Fourth Amendment excessive force claims. In Hernandez v. United States, the Fifth Circuit (sitting en banc) dismissed the Fourth Amendment claim on the basis that the decedent was a noncitizen located outside the United States. (160) In contrast, in Rodriguez v. Swartz, the Arizona district court allowed the Fourth Amendment claim to proceed given, among other things, the decedent's proximity to and familial connections with the United States. (161) Notably, even though the two courts split on the outcome, they adopted the same territoriality analysis. Both courts concluded that the relevant seizure took place in Mexico, where the decedents were killed, rather than the United States, where the agents who fired the shots were located. In both cases, territoriality rested on the location of the target, not the location of the agent. Because the targets in both cases were located abroad, both cases were presumed to involve extraterritorial seizures. (162)

         The use of drones provides another example of the potential disconnect between government agents and their targets. Drone operators sitting in Langley, Virginia, or at any one of a number of military bases, can remotely pilot a drone and drop a bomb halfway around the world in, say, Yemen, Somalia, or Iraq. Yet virtually every legal and policy analysis of drone strikes assumes, consistent with the border shooting cases, that territoriality is determined by the location of the target. Thus, targeted killings constitute extraterritorial actions (i.e...