After six years of wrangling, the US Department of Justice and Google have reached an agreement to resolve a dispute over the ad giant’s inability to turn over records requested in a warrant. The problem? That data was lost before the case could be settled.
Homeland Security obtained the search warrant in 2016 for an investigation into the cryptocurrency trading platform BTC-e, which the DoJ seized the following year. The US has a law called the Stored Communications Act (SCA), which direct companies on what information to hand over in response to a warrant or subpoena.
Shortly after Google was served with the paperwork, a separate court decision involving Microsoft tied the US government’s hands: it was established that companies facing SCA warrants only had to cough up data stored on American soil. At that time, the Justice Department said, Google was using optimization algorithms that moved data around its software-defined network. As such, Google claimed it didn’t know what was stored where or which it was required to turn over.
As a result, Google only turned over piecemeal information to the DoJ, which didn’t make Uncle Sam happy, despite Google’s claims it developed methods during the dispute to better determine where data was stored and what it was legally required to provide.
Google applied to have itself found in civil contempt, just like Microsoft did in its case, so that it could lodge an appeal against the warrant. Before the issue could wind its way through courts, Congress intervened by passing the CLOUD Act, which shut the whole argument down by saying that US companies were required to turn over data stored outside the US in response to an SCA warrant. Google co-signed a joint letter [PDF] praising the act’s passage as it clarified the matter.
While the arguing carried on, the data that the government was trying to collect from Google was deleted by a user and couldn’t be retrieved.
Insufficient tools for retrieving requested data and simple human error “allowed the user’s deletion of information after service of the warrant, resulting in Google being unable to produce data that had been in its possession and was responsive to the warrant at the time the Warrant was executed on Google,” according to the Dept of Justice’s settlement agreement [PDF] with Google.
Calling the settlement the “first of its kind,” the DoJ said Google must ensure it responds to subpoenas and warrants in a timely and complete manner, and it must keep a third-party independent compliance professional on retainer to ensure the mega-corp is playing ball as applicable and necessary.
“This agreement demonstrates the department’s resolve in ensuring that technology companies, such as Google, provide prompt and complete responses to legal processes to ensure public safety and bring offenders to justice,” said Assistant Attorney General Kenneth Polite.
Google will also be required to periodically report the status of its legal compliance program and enact other changes, though the DoJ noted the search giant had already spent more than $90 million implementing changes like those requested in the agreement over the past six years anyway.
The deal also does nothing to extend the types of data the government is allowed to request, and Google won’t be limited in its ability to challenge future subpoenas or warrants. A Google spokesperson told The Register the Silicon Valley outfit wasn’t ceding ground to the government in terms of what data it would willingly provide.
“Google has a long track record of protecting our users’ privacy, including pushing back against over-broad government demands for user data, and this agreement in no way changes our ability or our commitment to continue doing so,” the spokesperson said.
For those concerned this will open up a flood of data to the US government, the DoJ said not to worry, either: “Google will maintain its lawful protections of user data, and the agreement does not provide the United States access to Google user data.” ®