Is data stored “in the cloud” protected by the Fourth Amendment?
The implementation of cloud computing by companies and individuals is rising slowly, but steadily. There will always be people who are ready to bear the risk of a new way of doing things and hope that when a problem arises they will be capable to deal with it without incurring overwhelming losses.
One of the issues that still needs to be debated on and regulated in the US (and worldwide) is that of legal rights regarding the data stored “in the cloud”. Is it covered by the Fourth Amendment?
The question was raised a couple of months ago when a paper by a student of the University of Minnesota Law School was published in the Minnesota Law Review. The paper outlines the current situation and offers a very well though out proposal about the rules that should be applied when judging if that particular data in the cloud should or should not be under the protection of the Fourth Amendment.
Putting aside the fact that the law in this matter is definitely evolving much slower that the actual technology and society’s acceptance and implementation of the same, the author – one David Couillard – compares the cloud with a briefcase and encryption and/or password protection to a lock and key. He argues that if you use any of the two, it means that you have a reasonable expectation of privacy, and he suggests that this kind of reasoning should be applied in cases that come before the court.
He also states that “courts should treat cloud service providers as virtual landlords and apply the third-party doctrine narrowly to cloud content.” What he means is that even though the service provider can access the data, doesn’t mean he should have the authority or the right to share the contents of this virtual “storage unit” with law enforcement agencies without the consent of the owner of the “box”.