Legal Issues

by Mike Masnick

Filed Under:
4th amendment, cloud, ecpa, privacy, security


Does Storing Your Documents In 'The Cloud' Mean The Gov't Has Easier Access To It?

from the privacy-concerns dept

One of the more annoying things concerning the ever changing technology world is the trouble that the law has in keeping up. We're seeing that a lot lately. For example, a few months ago, we talked about 4th Amendment issues when it comes to cloud data. There are a few different camps on this, with a few different thoughts -- and so far, no one's exactly sure who's right. We predicted the issue was going to come up more frequently... and we're already seeing that. A few months after that post, we had a court ruling that (on a questionable basis) found no 4th Amendment privacy protections for emails once delivered, using similar logic to the debate over the cloud. And such cases are becoming more common.

The Citizen Media Law Project has a good discussion about the FBI getting access to documents stored in Google Docs as part of a spam investigation. In that case, the FBI did go through the process of getting a full search warrant (which should have satisfied some of the 4th Amendment concerns), but it's the first case on record of the FBI getting access to Google Docs.

Part of the problem here is that this sort of stuff is covered under a law that's nearly a quarter of a century old, and is not even remotely designed for a modern technology world:
The current federal statute on the issue, the Electronic Communications Privacy Act (ECPA), 18 U.S.C. § 2510, et seq., basically extended the rules regarding government access to older technologies like the telephone (e.g., wiretapping) to electronic communications. The USA Patriot Act, passed after the Sept. 11, 2001 attacks, modified these old rules a bit.  But the basic, underlying statute was passed in 1986, before the advent and widespread use of email, text messaging, social networking websites, and the myriad other means of modern communications.

As others have explained at length, ECPA creates an exceedingly dense and confusing statutory framework, and relies on a series of archaic distinctions, such as whether a communication is "stored" or "in transit."  This complexity creates uncertainty about what showing law enforcement has to make in order to access user materials stored in the cloud. Is a search warrant, a subpoena, or an informal request required?  Under what circumstances can service providers voluntarily cooperate with law enforcement?
What's interesting is how little attention these issues seem to be getting -- even though they can have a pretty large impact. And, even though this may seem like legal details, it applies well outside the legal field as well. While it won't be the key focus, we're even going to include a short section on these kinds of legal issues in the cloud in our upcoming webinar on cloud security (register here). While this might not seem directly like a security issue, if you're in charge of keeping data secure, it's pretty important to know what it means when the feds knock on your door... or the door of the third party "cloud" provider to whom you outsourced your company's data.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Justa Comment, 6 May 2010 @ 8:59am

    The Answer = YES

    Just to review:
    * Internet - a public access network where you can try to attempt privacy... Good Luck !
    * Communications - company owned networks working with the government, the companies have proprietary access to their systems/software and allow the government access and recording... like or not !
    * Companies - use open-ended 'agreements' to do whatever they want with any data they get (which becomes their data). They are also legally harrassed/exploited/covered to do whatever more powerful companies tell them to do with 'their' data... Obviously !
    * 'Security' - a goverment workaround or black market business model/hobby that's hacked in two minutes or less. Otherwise, your data is open and accessed by foreign processors.

    If you're on-line, learn to assume access by anyone with technology and time.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.