Clippings: Law must keep pace with the cloud
If you own a computer in this day and age, chances are you’re storing information in the cloud.
Let me rephrase: If you’ve ever shared photos on Facebook, ever sent an email using Gmail, Hotmail or Yahoo, or ever transferred files using Dropbox, you have information stored on any number of third-party servers around the globe — termed “the cloud.”
And if you store anything at all in the cloud, you probably do so with the assumption that your information will have some modicum of privacy. In fact, last Friday we celebrated the 25th anniversary of the federal law governing privacy in the digital realm: the Electronic Communications Privacy Act, or ECPA.
Back in 1986, President Ronald Reagan signed the legislation that, for the first time, outlined the tenets of digital privacy.
This was back in the days when the sole purpose of mobile phones was to (gasp!) make phone calls, and when emails and networked computers were used exclusively by, well, geeks.
Back then, servers were somewhat like purgatory for emails (and little else). An email sat on the server until its recipient downloaded it, and that was the end of its stay in a space owned by a third-party. The email was downloaded safely on a personal computer, subject to the privacy stipulations of the Fourth Amendment. In the eyes of the ECPA, an email left on a server for six months or more was as good as abandoned, and thus it was no longer private information, and so police could look at it without a warrant.
Since then, a whole lot has changed. For starters, 1990 saw the invention of the Internet — maybe you’ve heard of it? (The history of the World Wide Web is a little more complicated than that, but for more information I’ll refer you to Wikipedia, that bastion of cloud-based reference.)
Fast forward to 2011.
I keep my recipes in the cloud so they’re always searchable from my smartphone, since I can never remember to make a shopping list before I leave home. I keep 2.5 gigabytes of email in my Gmail account, and I have writing and notes ranging back to 2007 in Google Docs.
All of my contacts, with addresses and phone numbers, are connected with my Google account and sync, via the cloud, to my phone.
That’s not to mention the 2.5 gigabytes of documents and music I store on Dropbox, which syncs between my work computer and my home laptop.
Innovation in the tech world has allowed me to network my life in ways that would have been hard to imagine just five years ago, but the laws governing electronic privacy have failed to evolve as quickly. In fact, the ECPA has not been significantly revised since 1986, according to Digital Due Process, a coalition of privacy advocates, companies and think tanks organized to push for digital privacy reform.
Today, an email or a photo stored on my computer is my own property, and law enforcement agencies can’t get it without a warrant. Similarly, a file in transit — whether it be an email, a music file or a document — can’t be intercepted without a warrant.
But in the eyes of the federal government, a file I’ve had on a third-party server for more than six months is not subject to any of those protections.
Wired.com reports that justices in the 6th U.S. Circuit Court of Appeals ruled the loophole blatantly unconstitutional, stating that “the Fourth Amendment must keep pace with the inexorable march of technological progress, or its guarantees will wither and perish.”
Sen. Patrick Leahy, D-Vt., as ranking member of the Judiciary Committee, has joined the Digital Due Process coalition and the American Civil Liberties Union in pushing for ECPA reform. In May, Leahy introduced a bill that would close that loophole and mandate a warrant for personal information stored on a third-party server.
But pushback from law-enforcement agencies and the government, including the Obama administration, has stalled the bill’s progression. Politico.com notes that Obama’s Department of Justice actively seeks digital information on cases using the leeway provided by the ECPA.
By all accounts, reform will take a long time. In the meantime, more and more Americans will move files and personal information onto the cloud.
And in all honesty, I’ll continue moving my life into the cloud, as well. There’s just too much convenience to be gained by using cloud-based storage and services for me to abandon it now.
But I’m probably going to be a bit more cautious about what I’m putting into the cloud, because until we start a national conversation on digital privacy and the Fourth Amendment, we may be “secure in (our) persons, houses, papers and effects against unreasonable searches,” but we’re certainly not secure in our cloud-based storage.
Reporter Andrea Suozzo is at email@example.com. You don’t need a warrant to read her tweets at @asuozzo.