Perils in the Privacy Cloud

Sept. 15, 2009— -- We all know that Internet and communications technology is changing rapidly, creating huge opportunities for business innovation and individual self-expression.

Most people are probably not aware, however, that privacy law is not evolving nearly as quickly. It is time to update legal protections to reflect the impact the digital revolution is having on modern life.

Cloud computing -- a bit of tech-jargon meaning the use of remote servers to store and process data -- is a great example.

The movement of personal and proprietary data off desktop computers and into "the cloud", which is made up of server farms and broadband connections, is a major disruptive trend in computing.

Unless our laws change to account for cloud computing and other equally momentous technology developments, the Constitution's protection against unreasonable search and seizure will become a relic of the past.

The federal law setting standards for government access to personal communications -- the Electronic Communications Privacy Act (ECPA) -- was written more than two decades ago, before the Internet took off.

It has become needlessly complex, while leaving many new categories of data poorly protected. We need a broad-based effort to reform ECPA to offer greater protection for consumers' information.

Meanwhile, reform of ECPA will give service providers the clear rules they deserve and ensure that government agencies have access to electronic communications when justified in law enforcement and national security investigations.

Increasingly, consumers and businesses alike are taking advantage of cloud computing capabilities by storing e-mail, photos, medical records and other data in the faraway data centers of companies and accessing the data via the Internet.

The payoff for users is massive data storage capacity available at very low -- or zero -- cost and freedom from having to deal with upgrades and security issues.

The downside, however, may be loss of privacy when a government agent or a lawyer with a subpoena shows up at the office of the cloud computing service provider.

E-mail is one of the most familiar examples of the shift to cloud computing. In 1986, when ECPA was written, e-mail users would generally download their e-mails onto their PCs and those e-mails would often be deleted from the computers of the e-mail service provider.

Nowadays, e-mail providers offer thousands of megabytes of storage and actively encourage users not to delete their e-mails, but rather to store them on the service provider's computers -- in the "cloud," if you will. Many individuals and businesses have years of correspondence and other records stored with these third parties.