Do You Have Any Legal Right To Privacy For Information Stored Online?

from the there's-a-legal-fight-brewing dept

A year and a half ago, we had an interesting discussion here about whether or not the Fourth Amendment and your right to privacy extended to information you stored online via any sort of "cloud" service. The arguments basically fell into two camps, with some citing the "third party doctrine," which basically says that once you gave up info to a third party, you no longer have any right to expect it to be kept private. This argument came from a lawsuit (Smith v. Maryland) that basically said phone numbers you dialed were not "secret" because you were supplying them to the phone company. Of course, the other side of that argument is that it's ridiculous to extend this concept to online storage, noting that the Supreme Court had recognized in the Katz case (about wiretapping public pay phones) that the Fourth Amendment applies to "people, not places."

It looks like this debate is kicking off again, with a discussion on over whether or not the Fourth Amendment covers information stored in "the cloud." It tackles some of the same ground that we covered a while back, but points to a recent law review paper on this topic (pdf) by David A. Couillard.

The paper does a good job separating out the thinking here, and explaining why the Fourth Amendment absolutely should apply to information you store online. As it notes, while the Smith case said that phone numbers dialed might not be private, that did not extend to the contents of the phone call itself. And that's key. The reason that the phone company gets the phone numbers dialed is because that information is key to it delivering its service of connecting the phone call. So you can make a reasonable argument that while such information (the information needed to initiate a service) might not be subject to privacy protection, everything else communicated or stored via that service still deserves those protections.

The issue is that right now we really don't know how the courts feel about this -- and you can bet this is going to become an issue that shows up in the court system before too long. Hopefully, the courts will recognize that any "third party doctrine" when it comes to the Fourth Amendment is limited to a very narrow subset of information provided for a particular purpose, rather than all information stored on third party servers.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Griff (profile), 19 Jan 2010 @ 3:53am

    Depends on terms of service

    If they tell you it's private before you put your stuff there, it should be.
    And the terms of service should say, quite clearly "we will not divulge to law enforcement unless compelled by a court order". Then if they breach this, you sue them.

    And there should be penalties if they breach (whether deliberate or through incompetence). Based on the same "how many people COULD have downloaded your stuff" metrics that the RIAA use...

    reply to this | link to this | view in thread ]

  2. identicon
    John Doe, 19 Jan 2010 @ 4:05am

    Does technology negate the Constitution?

    My question would be how does technology negate the Constitution? Does technology exist outside the Constitution? Of course not. It would be dangerous if We the People allowed the government to strip our rights because of technology. If we put files/documents/etc onto a secure cloud server then we have the right to expect privacy. If we rent a storage locker and put a lock on it, does it not take a search warrant for the government to search it? Of course and a secure virtual environment is the same concept.

    reply to this | link to this | view in thread ]

  3. identicon
    Spanky, 19 Jan 2010 @ 4:11am

    13 Stars in a circle

    IMHO, case law don't matter. Nor does any of this other theoretical bull shit.

    The Founders said individuals in a free society have a right to privacy. This is a condition of Democracy. This is a moral, ethical notion, not something to be determined by corporations or a judge paid-off by one.

    An individual's right to privacy must apply everywhere, regardless of the counterparty, or we're all seriously just flippin' it off till it cums.

    reply to this | link to this | view in thread ]

  4. icon
    senshikaze (profile), 19 Jan 2010 @ 5:00am

    Re: Does technology negate the Constitution?

    "We the People" have already sold our rights as citizens to the highest bidder.
    "We the People" care about American Idol and stupid celebrities more than what happens to us or our money.
    "We the People" get more angry over a racial comment than over the fact that our government spends trillions of dollars of our money on bailing out huge banks and car companies that are too stupid to survive, er, "too big to fail".

    "We the People" are idiots.

    "We the People" have lost any rights to claim our god given rights as human beings and as Americans. This nation is the nation we have given ourselves.

    Hope you enjoy the next season of American Idol.

    reply to this | link to this | view in thread ]

  5. identicon
    do not trust the cloud, 19 Jan 2010 @ 5:14am

    recipe for success

    1. promise user data is private
    2. break that promise
    3. kiss your users goodbye
    4. rinse, repeat

    reply to this | link to this | view in thread ]

  6. identicon
    TOS, 19 Jan 2010 @ 5:42am

    Re: Depends on terms of service

    The TOS also (typically) states that the terms and conditions can be changed at any time without your consent.

    reply to this | link to this | view in thread ]

  7. identicon
    AndyB, 19 Jan 2010 @ 6:08am

    The real problem.

    The real problem is that the 4th Amendment (and most other Constitutional protections) only apply to the government. The FBI can't collect databases of information on citizens? No problem! They just buy the same information from any of the aggregators that know more about your life than you do and avoid all those pesky governmental restrictions.

    The Constitution was written at a time when issues like this couldn't be imagined. The threat was government, not private entities. Today private entities are by far the bigger threat to privacy.

    My belief is that the core change that will do the most good is making private information about me my 'property' which requires my permission to duplicate/transmit/sell/disclose without a warrant. We bend over backwards expanding IP rights that restrict what we can do with "ideas" yet don't seem to care about the - much more important in my view - intimate information our lives.

    reply to this | link to this | view in thread ]

  8. identicon
    Anonymous Coward, 19 Jan 2010 @ 7:01am

    So how does Smith v. Maryland apply to the voicemail services that the phone company offers. Again the numbers are a matter of the phone company record, but is there an expectation of privacy to the voicemails?

    reply to this | link to this | view in thread ]

  9. identicon
    the law, 19 Jan 2010 @ 7:20am


    according to the privacy commissioner we do

    reply to this | link to this | view in thread ]

  10. identicon
    Glenn, 19 Jan 2010 @ 7:44am


    The bank doesn't know what's in your safe deposit lock box either, and neither does anyone else (barring a court order). There's a contractual obligation. If the data service (in the cloud) has the same contractual obligation (of which there's no guarantee), then there's really no question as to whether privacy should be "expected". What's sad is that so many people "in power" think that they have a right to know anything that they want to know about anyone. They're wrong. No one has that right.

    reply to this | link to this | view in thread ]

  11. identicon
    Anonymous Coward, 19 Jan 2010 @ 7:48am

    If I were to put my backups in a safe deposit box, I could expect that they would not be turned over to the police without a court order. If my backups are stored in the cloud, why shouldn't I be given the same protection?

    reply to this | link to this | view in thread ]

  12. icon
    R. Miles (profile), 19 Jan 2010 @ 8:17am

    What should be expected?

    Past TD articles have disclosed the abuse of databases in which users would violate privacy to do some digging.

    The EXPECTATION of privacy will never be guaranteed 100% despite any laws or policies. Common sense should dictate the moment secured information is placed on restricted, yet secured system, the information isn't guarded against internal users.

    Thus, any loss of privacy should be a consideration when moving to the "cloud" world. Whining about breach of privacy is pointless when it's the user who took the chance to begin with.

    I can't imagine what resolution companies or people think will occur when the data has already been breached. More laws?

    As if these have ever had an impact.

    reply to this | link to this | view in thread ]

  13. identicon
    RobShaver, 19 Jan 2010 @ 9:55am

    Maybe Technology Holds the Answer

    If you put data into the cloud that you want to remain private then why not encrypt it? Then the ISP or whomever can't disclose it even if they wanted to.

    Isn't TOS like a contract? If they break it they have violated their contract with the user.

    Is there an analogy in the physical world that might apply?
    Would you consider a letter sent through the USPS or a package sent via UPS or FedX to be a good example? That is, can anyone open your letter or package without a court order? I guess the USPS is a special case with it's own set of laws, but the other delivery services might be a good analogy.

    reply to this | link to this | view in thread ]

  14. identicon
    Anonymous Coward, 19 Jan 2010 @ 10:43am

    Tech who found Child porn

    The courts were clear when they stated a machine that was brought in for service has no right to privacy from the tech who worked on the machine. The tech found child porn and turned it over to the authorizes and the owner went to court and to jail for possession of said child porn.

    How is on-line storage any different? If anything, it is less secure than your personal hard drive and open to be looked at and shared with whomever. Even worse, someone could hide their child porn in your account and if it is found, you take the fall.

    reply to this | link to this | view in thread ]

  15. identicon
    Vincent Clement, 19 Jan 2010 @ 11:00am

    Re: 13 Stars in a circle

    Where exactly does this right to privacy exist?

    reply to this | link to this | view in thread ]

  16. identicon
    Vincent Clement, 19 Jan 2010 @ 11:04am


    Because the protection stems from the contract you signed with the company that is storing the safe deposit box, not from any law or so-called right to privacy. If you want the same protection afforded to your backups, then you better read that agreement/contract before agreeing to it.

    reply to this | link to this | view in thread ]

  17. identicon
    Anonymous Coward, 19 Jan 2010 @ 11:55am

    Nowadays it is even possible to open and handle a bank account via Internet, and all the bank keeps for you is the information regarding which amount of the money they have is yours and what you do with it.
    In a way it is quite similar to storing information in the cloud, only the kind of information differs.
    Should that information also be public?

    reply to this | link to this | view in thread ]

  18. identicon
    :), 19 Jan 2010 @ 2:10pm


    The fourth amendment should apply but I do think people should make an effort to make it less transparent on the digital realm and that means encryption.

    Encryption is the envelope of the mail, would you send letters without and envelop or seal?

    Encryption is the box in the bank without it you are not really being private.

    reply to this | link to this | view in thread ]

  19. identicon
    jo-user, 19 Jan 2010 @ 2:45pm

    Say hello to key escrow!

    The powers that be and corporations would cry foul when/if individuals choose to encrypt data stored in the cloud. I can see them perhaps stating that key escrow is a necessary requirement as part of the standard terms of service.

    reply to this | link to this | view in thread ]

  20. identicon
    Anonymous Coward, 19 Jan 2010 @ 4:15pm

    Challenges of Cloud Computing adoption in the enterprise

    There are major problems with the logistics of cloud computing. I find it difficult to stand behind the concept of a company handing over all email and other business communications and hosted applications when there is apparently no legal recourse outside of a TOS. The economics of Cloud Computing may make it a viable option for some. For many others, cost is not the only factor.

    reply to this | link to this | view in thread ]

  21. identicon
    Anonymous Coward, 20 Jan 2010 @ 12:04pm

    If the method for initiation is not protected, does that mean that your password is not private?

    reply to this | link to this | view in thread ]

  22. identicon
    Rooker, 20 Jan 2010 @ 1:39pm

    Re: Re: 13 Stars in a circle

    The Supreme Court has ruled that privacy is protected by the 1st and 9th Amendments to the US Constitution and is inherent to the 3rd, 4th and 5th Amendments.

    reply to this | link to this | view in thread ]

  23. identicon
    Brendan Maclellan, 27 Jan 2010 @ 12:51pm

    Data Protection

    I lost data and credit card information on the Internet and really feel uncomfortable at the moment. Government need to up their game.

    Great articles thanks

    reply to this | link to this | view in thread ]

  24. identicon
    Sarah Marie, 14 Feb 2010 @ 1:00am

    Information shared with Club officers

    In a gaming place that I play online they have "Clubs". I recently gave the club president some information regarding my health and asked her not to share it with anyone. I told her my reason for telling her is so that, while I am in the hospital and cannot play, she won't delete me. I told her I want to be able to choose who I will tell about my medical condition. The club policy is that if you don't play for a certain length of time you might get deleted from the club....which I feel is a bunch of baloney. Its a game and no one should feel threatened. Her response to me was that she doesn't keep secrets from her friends and then she blocked me from ever being able to respond to her. Now I fear my medical info will be spread through the club.

    reply to this | link to this | view in thread ]

  25. identicon
    Anonymous Coward, 7 Jun 2011 @ 2:55pm

    Re: Does technology negate the Constitution?

    im twelve and working on a project and loved your analagy
    it will help me alot

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.