Recent events have focused attention again on the ability of the Department of Justice and other government agencies to obtain documents located abroad. Much depends on the details of a client’s corporate structure, business practices, and, in part, the method of electronic document storage in use. The longstanding rule in the Second Circuit has been that where the recipient of a grand jury subpoena is within the court’s personal jurisdiction, responsive materials within the subpoena recipient’s “possession, custody, or control” must be produced regardless of where they are kept. In re Grand Jury Subpoena to Marc Rich & Co., A.G., 707 F.2d 663, 667 (2d Cir. 1983). The rule is one of control, not location. This black letter rule can turn somewhat gray in certain circumstances.
It is not unusual for the DOJ to serve subpoenas on corporate entities present in the United States that are not precisely the same entity which “owns” the documents sought—which may be a parent company, a subsidiary, or an affiliate with no U.S. presence. Rule 17 provides for service of document subpoenas on foreign corporate witnesses solely to the extent the foreign corporation has sufficient ties to the United States to confer domestic jurisdiction, and even then service is only permissible in this country. See In re Seaed Case, 832 F.2d 1268, 1272 (D.C. Cir. 1987).
The question is whether the domestic affiliate has sufficient control of responsive overseas documents to render them subject to production in the United States. Importantly, “[a]lthough parent corporations have been required to produce documents held by their subsidiaries, the converse is not [always] true; a subsidiary is generally not required to produce documents held by the parent corporation.” 9 Moore’s Federal Practice 3d, § 45.10[b][i]; see also In re Subpoena to Huawei Technologies Co., 720 F. Supp. 2d 969, 977 (N.D. Ill. 2010).
Although in some circumstances courts have found “control” by one company over documents held (1) by a subsidiary, (2) by a parent, or (3) by a sister corporation (see SEC v. Credit Bancorp, Ltd., 194 F.R.D. 469, 471-72 (S.D.N.Y. 2000) (collecting cases)), each of those outcomes is far from automatic. Some courts have held that a subsidiary in the United States must be a “mere department” of the foreign parent corporation to reach up to the parent to obtain documents. Linde v. Arab Bank, 262 F.R.D. 136, 142 (E.D.N.Y. 2009). Some decisions stress common ownership, while other courts have rejected the argument that common ownership suffices. See Allojet PLC v. Vantage Associates, 2005 WL 612848, at * 8 (S.D.N.Y. 2005). It has been held that the parent had no control over documents held by a “wholly owned subsidiary,” even where “six out of the seven directors” of the subsidiary were executive officers of the parent. In re Vivendi Universal Sec. Litig., 2009 WL 8588405, *3-5 (S.D.N.Y. 2009). As one can see, this can be a thorny fact-bound inquiry requiring careful thought. In even a close case, the argument might provide leverage to negotiate a substantially narrowed voluntary response to a subpoena.
DOJ prosecutors must obtain written approval from Main Justice before issuing any subpoenas to persons or entities in the United States for records located abroad. U.S. Attorney’s Manual, Criminal Resource Manual, CRM 27. Id. This is so in part because producing documents located in a foreign country can—and often does—violate that country’s confidentiality, data privacy, state secrets, or banking laws. The attitude of prosecutors presented with these concerns by counsel for an affected client varies, but on occasion it can be summarized as “tough luck.” As the Second Circuit has pithily summarized this Catch-22, “the operation of foreign law does not deprive an American court of the power to order a party subject to its jurisdiction to produce evidence even though the act of production may violate that law.” Linde v. Arab Bank, PLC, 706 F.3d 92, 109 (2d Cir. 2013). In such instances, courts will conduct a balancing of interests to determine whether to order compliance or excuse it. More often than not the outcome is in DOJ’s favor. In one seminal decision, Judge Denny Chin ordered the production of documents held in an unnamed country where production was “prohibited not just by local law, but by specific opinions rendered by high legal officials of the foreign country,” asserting government secrets and executive privilege and invoking the specter of three years’ imprisonment regarding the instant subpoena. In re Grand Jury Subpoena, 218 F. Supp. 2d 544 (S.D.N.Y. 2002). Notwithstanding this settled law, most prosecutors will at least be amenable to entertaining suggestions as to how to narrow the scope of the subpoena or otherwise consider alternatives that may prove palatable to the foreign regulators (or at least lessen the company’s exposure).
What about a corporate client with no presence in the United States? Until recently, one could be confident that such a client’s documents were beyond the easy reach of DOJ; certainly, DOJ would be unable to obtain documents by issuing a grand jury subpoena. Historically, that left only the cumbersome and time-consuming Mutual Legal Assistance Treaty (MLAT) or letters rogatory process, which can take years to complete. The advent of cloud computing technology added another wrinkle. A foreign company that stores its business records in the “cloud,” even on a cloud server physically located outside of the United States, has put its records within the grasp of DOJ and other U.S. prosecutors—provided the cloud services are with a U.S.-based Internet service provider. This issue has been all over the news ever since the 2014 Microsoft decision, and the Supreme Court’s resolution of that case was one of the most hotly-anticipated matters on this year’s docket. The Second Circuit had held that a U.S. court lacks the authority to issue and enforce a warrant against a U.S.-based service provider for the contents of a customer’s electronic communications stored on servers located outside the United States. That court opined that a warrant issued pursuant to the Stored Communications Act (SCA) was not intended to apply extraterritorially.
The SCA establishes a sort of hybrid procedure for accessing a customer’s emails. The government must meet the standard of probable cause (like that for a “regular” search warrant). That SCA warrant is then served on the service provider like a subpoena, and the service provider discloses the results to the government. Microsoft argued that the “control” test for subpoenas did not apply and that the SCA “warrant” could not authorize an extra-territorial search of a foreign server. On April 17 (following the oral argument but before any decision), the court tossed out the case as moot following the enactment of the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act). That statute removes any ambiguity and provides that service providers subject to the jurisdiction of the United States must comply with such a warrant “regardless of whether [the data] is located within or outside the United States.”
What about a client with no U.S. presence and no cloud server? There, we can say with confidence that DOJ would have no easy way to access those documents. That raises the question of what outside counsel could inadvertently do to unintentionally bring those documents within the reach of the DOJ. Somewhat surprisingly, bringing those documents into the United States for review by outside counsel could end up giving them to DOJ on a silver platter.
Unintended DOJ discovery can arise when documents come to the United States for review and possible production in a litigation. DOJ has in the past subpoenaed the company’s U.S. law firm to get such documents. As the Ninth Circuit explained in a leading case, “[b]y a chance of litigation, the documents have been moved from outside the grasp of the grand jury to within its grasp … No authority forbids the government from closing its grip on what lies within the jurisdiction of the grand jury.” In re Grand Jury Subpoenas (White & Case), 627 F.3d 1143, 1144 (9th Cir. 2010). DOJ subpoenaing outside counsel is a rare event, but it does happen. Depending on risk profile and other issues, it can be prudent for document review to be conducted in the foreign country where the documents are located. An intermediate (and less costly) alternative is for U.S. counsel to review the documents remotely while the counsel are in the United States but the documents remain on a foreign server, with the review platform configured to prevent downloading or printing.
In representing clients with documents located abroad, careful thought must be given to how to respond to subpoenas or other government requests for documents and how to review and process documents in the face of potential DOJ or other government investigations. In addition to employing a careful analysis of which documents are in the “control” of which entities, a review of the relevant country’s laws may be necessary to assist the client in weighing the risks of production, helping to negotiate a narrower request, or litigating the issue in court. Also, in particular for non-U.S. clients with no U.S. presence and no U.S. cloud server, counsel should undertake necessary precautions to ensure that the counsel’s review of documents does not trigger additional exposure by virtue of having moved the documents within the reach of the U.S. authorities.
John M. Hillebrecht is US co-chair of the white-collar, corporate crime, and investigations practice group at DLA Piper LLP (US). Jessica A. Masella is a partner in the group. Both are former Assistant United States Attorneys in the Southern District of New York.