The Fourth Amendment and the Cloud 174
Posted
by
kdawson
from the reasonable-expectation dept.
from the reasonable-expectation dept.
CNET has up a blog post examining the question: does the Fourth Amendment apply to data stored in the Cloud? The US constitutional amendment forbidding unreasonable searches and seizures is well settled in regard to the physical world, but its application to electronic communications and computing lags behind. The post's argument outlines a law review article (PDF) from a University of Minnesota law student, David A. Couillard. "Hypothetically, if a briefcase is locked with a combination lock, the government could attempt to guess the combination until the briefcase unlocked; but because the briefcase is opaque, there is still a reasonable expectation of privacy in the unlocked container. In the context of virtual containers in the cloud...encryption is not simply a virtual lock and key; it is virtual opacity. ... [T]he service provider has a copy of the keys to a user's cloud 'storage unit,' much like a landlord or storage locker owner has keys to a tenant's space, a bank has the keys to a safe deposit box, and a postal carrier has the keys to a mailbox. Yet that does not give law enforcement the authority to use those third parties as a means to enter a private space. The same rationale should apply to the cloud." We might wish that the courts interpreted Fourth Amendment rights in this way, but so far they have not.
Re:US Border Laptop Searches (Score:3, Interesting)
Hmm... perhaps you could just put your laptop in an envelope. I wonder if that would work.
Re:Hosting countries (Score:3, Interesting)
That is really nowhere near as easy as you make it sound, at least not with any modern cipher. Even the NSA, with the most vast computing resources in the entire world, would have a lot of difficulty cracking AES or Serpent, barring some completely novel attack that has eluded the crypto research community thus far.
If you want to break someone's crypto, you should not even think about attacking it directly. You should think about attacking the person, or at least planting recording devices in their home or on their computer, so that you can get the secret key. If a foreign government wanted to do this, they would have to either commit an act of war by attacking a US citizen on US soil, or wait until you enter their country and kidnap you (or if you bring your computer with you, plant a recording device or software).
Re:Dumb idea anyhow. (Score:3, Interesting)
Seriously, if you are going to do something important in the cloud, get data storage from a different cloud than the one you use for processing.
Even better, have the data only exist in an unencrypted form while it is in use on the zero-storage processing cloud and run the keyserver in a third location. Preferably somewhere you'd notice when the cops break the door.
Re:The 4th amendment grants government. (Score:3, Interesting)
The last bit seems to list a set of preconditions which, if met, do allow it.
Read this, and then you will see.
http://www.amazon.com/Republic-Letters-Correspondence-Between-Jefferson/dp/039303691X/ref=sr_1_3?ie=UTF8&s=books&qid=1263914845&sr=8-3 [amazon.com]