In some instances, personal information stored online may not even be eligible for ECPA's subpoena protections.
The law may not provide protection if the cloud service provider can access stored data for a purpose other than storage or processing. But today it is a common business practice for e-mail and data-storage service providers to examine user communications for marketing, security and anti-spam purposes.
As the law is now written, the everyday business practices may strip their customers of any expectation of privacy. That would mean that the government would not even need a subpoena to access this information.
So something has to change. Operating without specific privacy laws threatens the development of cloud computing services and all of the efficiencies and capabilities they promise.
Will law enforcement buy into these changes? Consider that, today, most large cloud providers are U.S. companies and most store their data here. If cloud providers in the United States cannot assure their customers of an adequate level of privacy against the government, those customers will go elsewhere.
And they will take their information with them to other countries, where it will be harder for U.S. law enforcement to access. Treaties are helpful, but there's no substitute for having the data nearby, within the jurisdiction of a U.S. court.
It may sound counterintuitive, but raising the standard for government access to cloud computing information makes it more likely that the data will be here, accessible to U.S. law enforcement agencies. Failure to raise the standards in the United States means the data is more likely to be housed elsewhere, possibly out of reach of our law enforcement agencies.
What about those pictures you share with friends and family on Flickr or all that information you put up on Facebook for only "friends" to see? Are there any rules that protect this information from the prying eyes of government in a social media environment?
When ECPA was drafted in 1986, CompuServe was the closest thing to "social media" on the technological landscape; the authors of ECPA couldn't have foreseen the boomtown development of social media sites; so now, how law enforcement is allowed to operate within the social media landscape is also unclear.
Rules about how and when government is allowed access to information kept by a social media service can vary wildly.
Naturally, this lack of clarity confounds the lawyers for social networking sites. Government officials often do not know with certainty what authority they have to compel disclosure of a particular piece of information.
And consumers, meanwhile, are often most in the dark, left with a vague sense that maybe social networking is not so private. Bottom line: the rules are murky and need to be made clearer for everyone.