Legal Issues

by Mike Masnick

Filed Under:
4th amendment, cloud, ecpa, privacy, security


Does Storing Your Documents In 'The Cloud' Mean The Gov't Has Easier Access To It?

from the privacy-concerns dept

One of the more annoying things concerning the ever changing technology world is the trouble that the law has in keeping up. We're seeing that a lot lately. For example, a few months ago, we talked about 4th Amendment issues when it comes to cloud data. There are a few different camps on this, with a few different thoughts -- and so far, no one's exactly sure who's right. We predicted the issue was going to come up more frequently... and we're already seeing that. A few months after that post, we had a court ruling that (on a questionable basis) found no 4th Amendment privacy protections for emails once delivered, using similar logic to the debate over the cloud. And such cases are becoming more common.

The Citizen Media Law Project has a good discussion about the FBI getting access to documents stored in Google Docs as part of a spam investigation. In that case, the FBI did go through the process of getting a full search warrant (which should have satisfied some of the 4th Amendment concerns), but it's the first case on record of the FBI getting access to Google Docs.

Part of the problem here is that this sort of stuff is covered under a law that's nearly a quarter of a century old, and is not even remotely designed for a modern technology world:
The current federal statute on the issue, the Electronic Communications Privacy Act (ECPA), 18 U.S.C. § 2510, et seq., basically extended the rules regarding government access to older technologies like the telephone (e.g., wiretapping) to electronic communications. The USA Patriot Act, passed after the Sept. 11, 2001 attacks, modified these old rules a bit.  But the basic, underlying statute was passed in 1986, before the advent and widespread use of email, text messaging, social networking websites, and the myriad other means of modern communications.

As others have explained at length, ECPA creates an exceedingly dense and confusing statutory framework, and relies on a series of archaic distinctions, such as whether a communication is "stored" or "in transit."  This complexity creates uncertainty about what showing law enforcement has to make in order to access user materials stored in the cloud. Is a search warrant, a subpoena, or an informal request required?  Under what circumstances can service providers voluntarily cooperate with law enforcement?
What's interesting is how little attention these issues seem to be getting -- even though they can have a pretty large impact. And, even though this may seem like legal details, it applies well outside the legal field as well. While it won't be the key focus, we're even going to include a short section on these kinds of legal issues in the cloud in our upcoming webinar on cloud security (register here). While this might not seem directly like a security issue, if you're in charge of keeping data secure, it's pretty important to know what it means when the feds knock on your door... or the door of the third party "cloud" provider to whom you outsourced your company's data.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    MadderMak (profile), 5 May 2010 @ 11:55pm

    Re: Re: Re:

    OK on some of that I agree with you (well the first 2 points at least). Mea Culpa if I made a strawman, that was not my intention.

    On your third point I again agree - I never said there was no conflict of interest. But the open disclosure indicates that the authors are aware of the conflict and intended to inform their community of this. Indeed were it not for that we would not be having this discussion :)

    I was of the impression that the authors were in fact at the top of the tree - but I have done no research so could be wrong. Your point is valid but I am unsure it is fully relevant in this case.

    "This isn't just putting some random ads on a website, this is allowing two companies to sponsor articles. This is clearly improper." I have to laugh! Sorry :) but this exactly describes lobby groups.
    Seriously - there should be nothing wrong or improper with companies sponsoring articles (even directly) if that fact is disclosed. I can think of several examples (which may not be totally relevant either) such as Open Source, Editorials in publications, Reviews etc. The problem is if that sponsership is allowed to affect/restrict the free expression of the content, or the sponsorship is not disclosed.

    All I say is the sponsorship itself is not improper. If Techdirt allow it to "colour" their reporting/discussions then that would be improper.

    But have they? I think we have to wait and see - since there are so many sources for "news" about both the sponsors I am sure the community here will notice if some egregious behaviour by them either fails to be reopted on, or the "voice" of that report is out of character.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.