There seems to be confusion around what this specific decision is for.
This is not about foreign emails stored in foreign servers by Google. This is about US emails that Google decided to store outside the US. Why do that? I'm guessing Google has developed technologies like Spanner [1] that distribute data on a global scale, to help with capacity, disaster recovery etc. Even for data generated in the US and accessed in the US by US persons.
So if you have a US person's emails shipped outside the US by Google for no other reason other than Google's convenience, do US warrants still apply to the foreign-stored data? It's not a simple question.
The Microsoft Ireland case doesn't seem relevant as the person in that case was a non US person. Or, to be more specific, the Ireland datacenter that MSFT was running was meant for non US email accounts.
Overall, the US law seems to offer sufficient protection to non-US person with data stored outside the US. This specific decision is not about that.
No, I don't believe this is correct. The source of the emails seems to never be brought up. The discussion in the decision is pretty readable.
Essentially the argument seems to be because Google transfers data from country to country in normal operations, the data currently stored outside of the US is somehow different than the data Microsoft was permanently storing in Ireland. As a result, Google could just transfer the data back to the US and then the search is just a normal domestic search with a warrant:
> Under the facts before this court, the conduct relevant to the SCA's focus will occur in the United States. That is, the invasions of privacy will occur in the United States; the searches of the electronic data disclosed by Google pursuant to the warrants will occur in the United States when the FBI reviews the copies of the requested data in Pennsylvania.
Seems like the judge's argument would apply to any user of a service with multiple data centers that regularly replicate (or transfer) data between them.
You're right with respect to the point about the source of the emails.
> Seems like the judge's argument would apply to any user of a service with multiple data centers that regularly replicate (or transfer) data between them.
I find this decision even more onerous than that, which is disturbing on a number of levels, specifically, this excerpt from the conclusion:
under this court's interpretation, Google will gather the
requested undisclosed data on its computers in California,
copy the data in California, and send the data to law
enforcement agents in the United States, who will then conduct
their searches in the United States.
An important note is that this is not simply because the data in question is sharded (and therefore cannot be guaranteed to be wholly present in some single sovereign's jurisdiction - this conclusion is considered ancillary to the SCA warrant extraterritoriality question).
This is not about foreign emails stored in foreign servers by Google. This is about US emails that Google decided to store outside the US. Why do that? I'm guessing Google has developed technologies like Spanner [1] that distribute data on a global scale, to help with capacity, disaster recovery etc. Even for data generated in the US and accessed in the US by US persons.
So if you have a US person's emails shipped outside the US by Google for no other reason other than Google's convenience, do US warrants still apply to the foreign-stored data? It's not a simple question.
The Microsoft Ireland case doesn't seem relevant as the person in that case was a non US person. Or, to be more specific, the Ireland datacenter that MSFT was running was meant for non US email accounts.
Overall, the US law seems to offer sufficient protection to non-US person with data stored outside the US. This specific decision is not about that.
If I am missing something please let me know.
[1] https://en.wikipedia.org/wiki/Spanner_(database)