Does Every Cloud Have a Silver Lining?

Posted October 10, 2010 | View revision history

Today’s New York Times article outlining law enforcement officials’ attempts to expand their digital wiretapping authority, offers interesting insight into the law enforcement world of tomorrow. In the not too distant future, TV’s crime-process dramas may take on a very different feel. Gone will be the days of gun-toting detectives busting down doors, search warrant in hand. Instead, as our lives become increasingly digital, investigations will be conducted by keyboard-wielding lab techs submitting automated requests to service providers. Don’t be surprised if the next CSI spin-off is CSI: Inbox Inspectors Division.

But why does this shift matter? Simply put, in the cloud, there is no door for the police to kick in. While the law is clear in that your physical files and those computer files stored on your computer itself enjoy the protections of the fourth amendment, those stored in the cloud do not, and the standards of proof required differ dramatically.1

Skyline with logos of cloud service providers superimposed on the clouds cleverly

Consider this: you are the target of a criminal investigation and the police believe that six months ago you e-mailed an accomplice to discuss the crime. Depending on your email settings and which service you use (e.g., if the “leave downloaded messages on server” option is checked), the police may need only offer “specific and articulable facts” that they suspect the email is related to the crime.2 That same email stored on your computer (e.g., if the setting is not checked), would require a search warrant and showing of probable cause, and thus would be afforded significantly greater protections under the law.3

However, the typical “if you don’t want it public, don’t put it on the internet” argument doesn’t apply here. While that may be true for photos and updates posted to social networking sites, as more and more of our lives (and commercial dealings) are pushed to the cloud, we’re losing our abilities to have a digital private sphere.4

The good news is that it’s in service providers’ interest to instill confidence in the integrity of your data by disclosing when information is shared with authorities and by pushing for legal reform to better safeguard personal data stored in the cloud. The bad news, beyond more painfully tacky computer search scenes, is that before we know it, our perception of privacy may be forced to evolve.

Thunderstorms occur when divergent forces collide in clouds. It is becoming increasingly clear that cloud computing is in our extended forecast, but whether the imminent digital due process storm the cloud foreshadows will contain a silver privacy lining remains to be seen.

Photo credit: garyhayes

  1. Compare Fed. R. Crim. P. 41(e)(2)(B) with 18 U.S.C.A. § 2703(d) (West). 

  2. 18 U.S.C.A. § 2703(d) (West). 

  3. See generally Obtaining Electronic Evidence, Federal Law Enforcement Training Center (July 2003). 

  4. Take Google, as an example, who, to their credit, is a front-runner in the push toward digital due process, testifying on the Hill just last week. Without signing up for a Google account, through the use of cookies, Google can compile a relatively accurate profile of what sites you visit and how often you visit them, what products you purchase, and where you go. And if you sign-up for a near-ubiquitous Google account, you introduce the cloud to what others are saying about you, what you read, files stored on your computer, and even your medical history, not to mention with whom you communicate, what you’re doing, and where you are right now

If you enjoyed this post, you might also enjoy:

Ben Balter is Chief of Staff for Security at GitHub, the world’s largest software development platform. Previously, as a Staff Technical Program manager for Enterprise and Compliance, Ben managed GitHub’s on-premises and SaaS enterprise offerings, and as the Senior Product Manager overseeing the platform’s Trust and Safety efforts, Ben shipped more than 500 features in support of community management, privacy, compliance, content moderation, product security, platform health, and open source workflows to ensure the GitHub community and platform remained safe, secure, and welcoming for all software developers. Before joining GitHub’s Product team, Ben served as GitHub’s Government Evangelist, leading the efforts to encourage more than 2,000 government organizations across 75 countries to adopt open source philosophies for code, data, and policy development. More about the author →

This page is open source. Please help improve it.