Is Your Cloud Data Safe From Government Snooping?
Posted by Freedom 101 in Commentary, Political, Technology, tags: Cloud Computing, PrivacyWell another Appeals Court has ruled that once you place your data into a third party’s possession you no longer have any expectation of privacy thus you have no 4th amendment protections if the government wants access to that data. While this case was about cell phone tracking information the ruling goes into detail of what they consider protected or not protected information.
http://pdfserver.amlaw.com/nlj/GRAHAM_ca4_20160531.pdf
From this ruling it is clear the courts feel any information gleamed from the user account in the course of offering their service is not protected information, user has no expectation of privacy, no 4th amendment protections. They specifically state the email addresses a user sends/receives email from is not protected. With most Cloud services providing at least basic SPAM and AV scanning my take is that the email in general would no longer fall under protected data either using their same argument, the user knows the third party has to have access to the email in order to scan that email.
“ United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008). The Forrester court also held that there is no reasonable expectation of privacy in either the to/from addresses of a user’s emails or the “total amount of data transmitted to or from [a user’s] account.” Id. at 510-11.”
Using that same logic and the courts statements in the ruling it seems to me the use of any Cloud provider for files and data also falls under these same guidelines. Clearly a third party file sharing service has to have access to the names of the files being uploaded thus at the very least the names of those files is not protected by the 4th. While the data in those files may be protected it is very common for users to use file names which are very descriptive of what the file actually contains. That being the case if the Government asked for the listing of all files held by a user the Cloud provider would have to provide that list without a warrant. Now with that list if there was a file called “my tax return cheats.doc” it’s again clear to me the Government could now use that info as probable cause to get a warrant for the data itself.
The ruling goes on to cite the SCA which is of critical importance to those that provide some sort of Cloud data storage. The court reminds us that “communications” have a specified time limit in which a warrant is or is not required to access stored communications. What will be interesting is to see if the Government or the courts start to expand what is considered “communications”. Is a file placed on a Cloud file sharing service which is opened by another person considered “communications”? Again, clearly information was communicated from one person to another so is that enough to meet the definition of communications? If so then all those files stored on Cloud services that have a date older than 180 days are free to Governmental snooping with nothing more than a subpoena presented to the Cloud provider, not the user/owner of that data.
“At the heart of the SCA lies § 2703. That provision establishes a calibrated set of procedural safeguards based on the type and amount of information sought and the length of time the records are stored. For instance, “only pursuant to a warrant,” 18 U.S.C. § 2703(a), can the government obtain the contents of a communication that is in electronic storage with a service provider for 180 days or less. Alternatively, the government has a number of options for compelling the disclosure of non-content customer records, or the contents of communications in electronic storage for more than 180 days: Appeal: 12-4659 Doc: 227 Filed: 05/31/2016 Pg: 39 of 66 40 “obtain[] a warrant,” id. §§ 2703(b)(1)(A), (c)(1)(A), “use[] an administrative subpoena . . . or trial subpoena,” id. § 2703(b)(1)(B)(i), or “obtain[] a court order.””