Overbroad Searches and Seizures

• Author: Mark Mermel Stein, Sharon Frase, Alison Epperson
• Pages: 49-54

Published in Litigation, Volume 48, Number 1, Fall 2021. © 2021 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be

copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. 49

Overbroad Searches

and Seizures

Google Customer Data Stored

Outside of Gmail

MARK MERMELSTEIN, SHARON FRASE, AND ALISON EPPERSON

Mark Mermelstein is with Holmes, Taylor, Athey, Cowan & Jones LLP; Sharon Frase is with Boersch & Illovsky LLP;

Alison Epperson is with Orrick, Herrington, & Sutcliffe LLP.

It used to start with a knock on the door. Agents would appear at

a target’s home or office, warrant in hand, to search through clos-

ets, desk drawers, and filing cabinets for papers and handwrit-

ten notes. But today, even seizing and searching a target’s home

computer, which has the effect of putting the target on notice

that he or she is in the crosshairs, have become less of a priority.

Instead, investigators access brontobytes of emails, photos,

text messages, voicemails, calendar appointments, and other pri-

vate data files stored in the electronic clouds that Apple, Amazon,

Google, and others like them maintain.

As more companies use free email services like Gmail for their

corporate email and free products like Google Drive and Google

Sheets for online collaboration among their corporate employees,

their trade secrets and other proprietary corporate data will end

up in the hands of law enforcement.

Yesterday’s battle over law enforcement’s ability to seize

electronically stored information (ESI) controlled by a third

party was whether a federal search warrant under the Stored

Communications Act, 18 U.S.C. § 2703, compelled a company

to produce email stored on a server outside the United States.

Congress mooted that battle by passing the CLOUD Act, codifying

new language in section 2703 that clarifies that federal warrants

for ESI compel the production of data stored outside the U.S.

A Staggering Amount of Information

Today’s battle stems from the practices of companies like Google

that, in addition to email and storage services, also provide a

myriad of other cloud products to consumers, which result in

significant other personal data being in Google’s possession. To

complicate matters, customers access those cloud services by

subscribing with the use of a unique ID and a password that is

typically, although not exclusively, the user’s email address.

While the user may consciously choose to store certain files

or types of data with these services, that is not always the case.

There may be a treasure trove of data automatically generated

by these services via applications on mobile devices and com-

puters. Examples include the GPS locator feature on iPhoto, a

Google user’s search history, or an Amazon customer’s online

shopping preferences.

Taken together, data from these apps can contain most of a

person’s entire electronic footprint—from restaurants visited to

freeways driven, from photos snapped to voice messages logged.

That’s a staggering amount of information available for use against

either the subscriber or someone else whom the data incriminates,

whether that person was in the crosshairs before the search or not.

See United States v. Ganias, 824 F.3d 199, 217 (2d Cir. 2016)