Legal Issues

by Mike Masnick

Filed Under:
4th amendment, cloud, ecpa, privacy, security


Does Storing Your Documents In 'The Cloud' Mean The Gov't Has Easier Access To It?

from the privacy-concerns dept

One of the more annoying things concerning the ever changing technology world is the trouble that the law has in keeping up. We're seeing that a lot lately. For example, a few months ago, we talked about 4th Amendment issues when it comes to cloud data. There are a few different camps on this, with a few different thoughts -- and so far, no one's exactly sure who's right. We predicted the issue was going to come up more frequently... and we're already seeing that. A few months after that post, we had a court ruling that (on a questionable basis) found no 4th Amendment privacy protections for emails once delivered, using similar logic to the debate over the cloud. And such cases are becoming more common.

The Citizen Media Law Project has a good discussion about the FBI getting access to documents stored in Google Docs as part of a spam investigation. In that case, the FBI did go through the process of getting a full search warrant (which should have satisfied some of the 4th Amendment concerns), but it's the first case on record of the FBI getting access to Google Docs.

Part of the problem here is that this sort of stuff is covered under a law that's nearly a quarter of a century old, and is not even remotely designed for a modern technology world:
The current federal statute on the issue, the Electronic Communications Privacy Act (ECPA), 18 U.S.C. § 2510, et seq., basically extended the rules regarding government access to older technologies like the telephone (e.g., wiretapping) to electronic communications. The USA Patriot Act, passed after the Sept. 11, 2001 attacks, modified these old rules a bit.  But the basic, underlying statute was passed in 1986, before the advent and widespread use of email, text messaging, social networking websites, and the myriad other means of modern communications.

As others have explained at length, ECPA creates an exceedingly dense and confusing statutory framework, and relies on a series of archaic distinctions, such as whether a communication is "stored" or "in transit."  This complexity creates uncertainty about what showing law enforcement has to make in order to access user materials stored in the cloud. Is a search warrant, a subpoena, or an informal request required?  Under what circumstances can service providers voluntarily cooperate with law enforcement?
What's interesting is how little attention these issues seem to be getting -- even though they can have a pretty large impact. And, even though this may seem like legal details, it applies well outside the legal field as well. While it won't be the key focus, we're even going to include a short section on these kinds of legal issues in the cloud in our upcoming webinar on cloud security (register here). While this might not seem directly like a security issue, if you're in charge of keeping data secure, it's pretty important to know what it means when the feds knock on your door... or the door of the third party "cloud" provider to whom you outsourced your company's data.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Mike Masnick (profile), 6 May 2010 @ 12:31am

    Re: Re:

    Why don't we wait and see how it pans out :)

    Must you wait? Whoever the anonymous commenter is, he apparently doesn't realize that this site has taken on sponsorships for years, and I don't think anyone can say our level of coverage has changed in any way.

    This particular deal is not a new one. Oracle is new, but only picking up where Sun left off. Sun and Intel began sponsoring posts on IT-related topics in the fall last year, and since that time, you can see for yourself that there are articles critical of Intel:

    and Sun:

    The fact is that companies who sponsor have no control or input into the content of the posts, and the decision to add the little sponsorship blurb is done by someone else in the company who is not on the editorial side. The posts are not written up with any knowledge or thought of the fact that they're sponsoring certain topics.

    And there is no conflict of interest or worry over offending them, because frankly, I don't care. We have plenty of sponsors and advertisers, and we've probably offended most of them. But those who sign up know that Techdirt is known for its writers speaking their minds and sticking up for their positions, and they know damn well that we don't compromise positions on posts depending on who sponsors. If they don't like it, go elsewhere. We've got plenty of other sponsors. But they tend to sponsor it because they KNOW we speak our mind and they know that we can't be compromised and they want to support that.

    But, in the end, you judge for yourself. Frankly, it's obnoxious to insist that there's no credibility just because of an advertiser or sponsor, without actually finding a single piece of commentary that you feel was compromised (good luck finding it -- it doesn't exist). If you honestly believe that way, then pretty much all of the internet has no credibility in your book.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.