Perils in the Privacy Cloud

The lack of strong and clear protections may also be discouraging use of cloud computing services. The situation may offer an incentive for individuals and businesses to use cloud computing services outside of the United States if they think they can get stronger protections in other countries.

Updating the Privacy Laws

Of course, the government has important interests that justify access to Internet communications in specific cases. However, the fact that the technology has outpaced the law should not diminish Fourth Amendment guarantees against unreasonable search and seizure. It is a fundamental of democracy that government surveillance powers should be subject to rigorous checks and balances.

I believe it is possible for technology companies, privacy and consumer advocates, and the government to come together around some basic privacy principles that would update the laws and strike a better balance between liberty and security.

A core principle of an updated privacy law is that personal information stored in the cloud should have the same protections as information stored on an individual's computer. The government should be required to obtain a warrant issued by a judge in order to read someone's e-mail, regardless of whether it is in transit on the network or stored on a server and regardless of whether the recipient has read it yet or not.

A reasonable update would also set an appropriate standard for the release to a governmental entity of any subscriber identifying information (i.e. name, address, account number), protecting against fishing expeditions by making it clear that court orders must be specific to a particular account in connection with an ongoing investigation.

Another issue that needs to be addressed is location information, which is currently causing confusion among the courts. All of our cell phones and other mobile devices are constantly reporting our location. A full record of our movements is available to government agents, both in real-time or retrospectively over weeks or months. ECPA does not make it clear what standard applies to this information. Some courts have ordered its release under a weak standard.

Time for Technology-Neutral Privacy Improvements

It will probably not be possible to address in advance all of the ways in which technology may change in the coming years. However, technology-neutral privacy improvements can address some of the key gaps in the law.

Some in government are likely to resist any updating of the privacy laws. They want to maintain the current loose restraints on their access to citizens' personal information.

However, a reasonable update of ECPA would not deprive law enforcement agencies of the tools they need to find criminals. Rather, an update would restore clarity and balance to surveillance laws that have become outdated due to rapid technological changes.

Updating ECPA would preserve traditional privacy protections in the context of new technologies.

The words of the Fourth Amendment refer only to protection of our houses and "papers" against unreasonable search and seizure.

It is time for the law to explicitly recognize that privacy protections should extend also to the wealth of digital information that we generate, whether it is resides on a mobile device or is stored in the cloud.

Leslie Harris is president and CEO of the Center for Democracy & Technology.

  • 1
  • |
  • 2
  • |
  • 3
  • |
  • 4
Join the Discussion
blog comments powered by Disqus
You Might Also Like...