New Bill Pushes For Warrants To Access Cloud Data

mask.of.sanity writes "A bill introduced by Sen. Patrick Leahy in the US Senate would require authorities to obtain a court-issued search warrant before retrieving a person's email and other content stored in cloud services. The law would update a 28 year old law, which Leahy also introduced, that does not require warrants for data access. The Bill will not prevent the FBI from accessing data without a warrant under terrorism and intellgence clauses."

Re:

[Mitchell314]

This conundrum brought to you from our legal system's lack of forwards compatibility with Buzzword 2.0 .

Re:

[fuzzyfuzzyfungus]

In practice, not very. Legally, the right to "be secure in one's person, papers, and effects" has generally been regarded as providing relatively strong protection to one's domicile and property stored therein(exceptions, of course, exist, because drugs are scary and terrorists are scary); but has not been regarded as being particularly relevant to some bits floating around somebody else's datacenter(that, depending on the ToS may or may not even be 'yours').

It would be nice to see offsite-stored "papers

Re:

[interkin3tic]

Unfortunately, as long as the 'terrorism and intelligence' loophole exists, the present bill is sort of a waste of effort.

It seems to me that this is a valid first step towards what you want. One senator and one bill usually can't solve a major issue like this in one shot. Many of the voters are still scared little idiots, seems like not exempting terrorism would doom this bill, as it would be a liability to anyone who voted for it in midterms. "The CIA says that you, senator smith, voted FOR ONLINE TERRORISM [gasp!]" Hopefully the voters can be educated that terrorists are not something they should be worried about to the

Sudden oubreak of common sense?

[I'm not really here]

I know this doesn't eliminate the issues with the patriot act, etc., but at least it's a step in the right direction of treating digital 'property' the same as physical property when dealing with "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures. . ." (emphasis mine).

Re:

[yt8znu35]

Don't get excited. This bill will go nowhere. The law enforcement industry will oppose it in the name of safety/freedom/the children/whatever. Also, in case you have not been keeping up, the 4th Amendment is no longer recognized.

Re:

[mcgrew]

None of the bill of rights are. [kuro5hin.org]

Re:

[SilentStaid]

Speak for yourself - I slept in my Mom's living room drunk on leave plenty of times.

Re:

[VGPowerlord]

Speak for yourself - I slept in my Mom's living room drunk on leave plenty of times.

By troops, I'm pretty sure they meant the US Army, Navy, and Air Force, not the the armies of the Alliance, Horde, or Fistandantilus.

Re:

[SilentStaid]

Solid reference!

Re:

[AHuxley]

As was reported by http://www.koat.com/r/27922147/detail.html [koat.com]
“While billed as an anti-terror tool, (a sneak-and-peek warrant) had no requirements on it that it precluded it from being used in standard criminal investigations,”
"According to the U.S. Department of Justice’s figures, the majority of the warrants are for drug cases."
Expect some very creative use of the term "terrorism and intellgence" over time even if they have a terrorism and intellgence clause.
Cloud data was always fai

Re:

[imamac]

Wait, /. is supposed to think that there are no "digital property". Or is that only for other people? I'm confused.

Re:

[icebraining]

I agree. Thankfully, privacy rights don't require property rights, or else there would be no need to warrants to tap phones.

Re:

[JesseMcDonald]

Thankfully, privacy rights don't require property rights, or else there would be no need to warrants to tap phones.

Sure there would be. To tap your phone directly (without your permission) would violate your property rights, obviously, but tapping a line at the phone company without their permission would just as obviously be a violation of their property rights. If you're smart, your service contract with them will ensure that they can't grant anyone permission to listen in to your conversations voluntarily, in which case the police would still require a warrant. Alternatively, you could simply take steps to ensure you

Re:

[sjames]

Those property rights are a terrible way to protect individual privacy. The federal government is capable of applying a great deal of pressure on private companies.

You won't get a privacy clause from any of the big players in telecommunications. The A&T debacle shows us just how much they care about our privacy.The small players CAN'T give you such a clause because the big players they have to deal with won't.

A privacy right protects individuals AND the companies that contract services to them from that

Re:

[smelch]

You're probably being a bit of a troll but that is an interesting way to look at it. I've long been anti piracy (though I used to pirate often and still do to some degree, I don't pretend I'm some kind of freedom fighter) and pro privacy. I never looked at it in the terms of the "information wants to be free" argument.

How can you be for privacy but still cling to the tired defense of piracy?

Re:

[imamac]

May a tiny bit of a troll. But yes, that was my point.

Re:

[ATMAvatar]

Privacy laws are about preventing the dissemination of information to people you don't want to have it.

Intellectual Property laws are about controlling what someone can do with the information once you have (willingly) given it to them.

Re:

[smelch]

Intellectual Property laws are about controlling what someone can do with the information once you have (willingly) given it to them.

But when you willfully give give your information to a service such as Facebook and they expose the information you gave them in a way you didn't want them to, is that or is that not a violation of privacy? Of course they have a privacy policy they are bound by. How is that different from the license a creative work is sold under? If violation of a privacy policy is bad, does it not also follow that violation of a license is bad for the same reason, as essentially they serve the same purpose (regulating wha

Re:

[Threni]

Well, if you don't pay property taxes on it it can't be property, can it?

That's the trouble with analogies; they're usually misleading and/or wrong.

Re:

[imamac]

You're saying analogies are like women?

Re:

[mms3k]

That's why ladyboy analogies are the best. They look pretty, but they are still as wise as men.

Re:

[jedidiah]

Of course you are confused. Big Media loves to push the idea that everything that's "created" should be governed by copyright when the truth of the matter is quite the opposite.

Re:

[mrchaotica]

Well, Big Media is kind of right (in this narrowly-defined situation) -- everything you write is copyrighted by you. It's just that that's irrelevant, because if you don't distribute it then it's also essentially a [trade] secret, which is a stronger protection.

Re:

[RadiantPhoenix]

There is a difference between information for use by others, e.g.:
* Music
* Movies
* Software
and information not for use by others, e.g.:
* Financial information
* Calendar
* Passwords

Re:

[Hatta]

No, a sudden outbreak of common sense would be courts throwing out all previously attained data because it was collected in violation of the 4th amendment. We don't need a law protecting our data, the 4th amendment does that. Our government is simply too corrupt to follow the Constitution though.

Re:

[cavreader]

What evidence do you have that the 4th Amendment is not being applied as intended today? The 4th amendment is used by the Judiciary to ascertain if the enforcement agencies collected the evidence legally. You might get arrested by someone violating your 4th amendment rights but actually convicting you of a crime is something else. Most domestic enforcement agencies go out of their way to obey the laws because they know they end up looking like idiots when their actions get over turned by the courts. The sys

Re:

[Hatta]

What evidence do you have that the 4th Amendment is not being applied as intended today?

The 4th amendment says that I shall be secure in my papers unless a warrant is issued. The existing law allows my papers to be searched without a warrant. This is blatantly unconstitutional. I don't see any way an honest person can argue that it's not. Unfortunately, we don't have any honest people on the Supreme Court, all we have are lawyers.

Re:

[cavreader]

The exceptions to the 4th amendment dealing with national security issues do provide a free pass for someone to gain access to your papers however any prosecutions are still subject to judicial review before prosecution. Whether this is done using a FISA warrant or no warrant at all the enforcement agency will need to provide justification showing that the warrantless action was executed in good faith or the request proves itself after the fact. Such as a notebook containing the activation and location of a

Re:

[rhalstead]

One of, if not the most important reason I oppose using the cloud for anything personal or business related. True those who know how can get access to your own machine, but out in the cloud it's far easier as many more hands are on it. Then there is data integrity. It appears that several major pieces on the cloud caused some expensive breaches. At one time I was a project manager, installing and working on FDA validated systems. The companies at that time had to retain physical control and possession o

Re:Head in cloud storage and darker body parts

[Doc Ruby]

Meanwhile, billions of people listen, everyone takes more dollars than ever before, and people (not corporations) pay more taxes than ever.

The message is that as tired as people are, they fear an alternative. And for good reason: the alternative is nearly certain to be worse - probably much, much worse.

Why don't you run for office and make it worth listening, buying into, paying taxes to? Even if just the school board. Stop whining with kindergarten doomsday talk and do something, however small, proportional to you own potential for making a difference.

Outpaced by other legislation you mean

[memyselfandeye]

I'd like to point out, that it's laws such as Sarbanes–Oxley that say you have to store e-mail for 5 years (well if you're a public company). There are a slew of other laws too that have obfuscated the situation so bad my former employer is archiving 100% of Mail, including mail normally rejected to a user's inbox, for over a year. Perhaps that's not such a bad thing, however my point is the problems with all these privacy acts is that they need not exist in the first place had the original laws never been written. I mean, if I keep a wallet for more than 180 days does that subject it to a warrantless search? If do not shred my journal after 180 days does that subject it to a warrantless search? Why would electronic communications ever be subject to a warrantless search after 180 days, whether it is here in 2011 or even back in 1986?

Re:Outpaced by other legislation you mean

[fuzzyfuzzyfungus]

While publicly traded corporations, and their friends, love to cry about sarbox and similar, to say that those created the situation is so misleading as to constitute a lie. The concern for natural persons is the fact that things like Gmail are socially pretty much the same as personal mail; but have none of the 4th amendment jurisprudence protecting them.

Work email, and records, since those are already widely understood to be an open book as far as the employer is concerned, are already not usefully private, even if the state didn't exist. The fact that your boss can read them any time he pleases, with even less oversight than the most sinister three-letter-intelligence agency, basically ensures that.

(now, as the IT department, having to do document retention annoys me as much as anybody; but conflating requirements that corporations voluntarily bring upon themselves as a condition of being publicly traded, limited liability entities(a very valuable status...) with the novel privacy problems encountered by services that are treated as "personal" but run as outsourced hosted services is either confused or dishonest.)

Re:

[mcgrew]

That's a bit of a stretch, I think. I applaud Sarbines-Oxley or whatever it;'s called. I don't think corporations are people and I don't think they should have rights. You don't have to send private emails from your work email address, and in fact it's against most companies' policies. Use your own email account from your own computer or phone.

Perhaps if elections here were publicly funded the corporatti would have less influence in this country, and perhaps we, the people, would have more freedom.

Re:

[smelch]

Is your position that people performing their jobs not be granted the same protection of rights as they would otherwise due to the fact that business is a public matter and (taking a bit of a leap here) that way we help to preserve the notion of the "well-informed" consumer? Do you view this as something that should only be for large corporations, or should this apply to small shops and contractors working out of their homes as well? I'm trying to figure out how your statements above would apply to your ove

Re:

[mcgrew]

I think it should only apply to corporations, not privately owned companies. A sole owner of a company is responsible for that company and what it does, stockholders in a corporation have no such responsibility. If a corporation kills a dozen people and is sued out of business, the stockholders lose only their investment, while a private owner is responsible for all the damages and could be ruined for life.

As to what you do on the job, if your job requires you to break the law, maybe you should look for a d

Re:

[Golddess]

Use your own email account from your own computer or phone.

Why?

No, seriously, why? I suppose one could make the argument that it's trivial to setup access to a personal email account from the office, but why should email be treated any differently from a phone call? Do you think my employer has the right to listen in on conversations with my doctor just because they were made with an office phone?

Re:

[mcgrew]

In some jobs they DO listen in on your phone calls. Even if using email for personal use wasn't against company policy, I'd still use my own email just because I don't trust my employer. These days, why would you need to use your desk phone (and only we who wwork at desks have desk phones; construction workers, linemen, etc don't have them) when you have your own phone in your pocket that it's illegal for your employer to listen in on?

The question shouldn't be "why use your own phone" but "why use your empl

Re:

[Golddess]

In some jobs they DO listen in on your phone calls.

I wasn't saying they don't, I was more of incorrectly presuming that you think they should not be allowed to.

While I certainly agree that it's safer to use your own personal device rather than trusting your employer to "do the right thing", I do not think people should be required to own a cellphone in order to have a private conversation while at the office, nor do I think that the near-ubiquitous presence of personal cell phones should be used to justify an employer monitoring 100% of employee activity

Re:

[mcgrew]

Actually, I don't think they should be allowed to, but they are and they do. We live in the world we live in, and if you have a cell phone (who but my eighty year old dad doesn't?), why not use it?

Re:

[countertrolling]

'We the people' have spoken.. 'We' do not want more freedom.. In fact, too many [alternet.org] (these are your kids, so this is your future) think we already have too much [freedomforum.org]. If 'we' did, 'we' would vote for freedom regardless of the propaganda being spewed against it. 'We' want convenience and American Idol and will kill anybody [costofwar.com] who gets in the way of that... Big business is the government. It is delusional to expect 'reform'. Regime change will not be peaceful by any means.

Re:

[memyselfandeye]

I should have been clearer. How is a 1986 SBX Like law ever considered constitutional when it comes to private communications? Why does the 1986 law need to be 'fixed' at all, it shouldn't have ever applied to personal communications. And for practicl purposes, it didn't apply until some johnny fracking asshit FED realized this law could be used to unconstitutionally read your e-mail stored on your GMail/ISP/whatever mail server. "Who cares about the 4th amended right, there is this law see, so you gott

Re:

[Dragonslicer]

I'd like to point out, that it's laws such as Sarbanes–Oxley that say you have to store e-mail for 5 years (well if you're a public company).

Can government agencies access that email without a warrant? I honestly don't know the answer, but I would hope that they can't.

Jurisdiction

[TemperedAlchemist]

Not if I store my data on the moon. MUAHAHAHAHA =3

Re:

[The O Rly Factor]

There's an American flag and American military aerospace equipment on the moon. Technically, its a US sovereign territory. Nice try though.

What a load of bollocks

[ciderbrew]

They put in Anti-terrorism legislation here in the UK for searching people. Soon everyone became a terrorist and the search laws get used by the local council to look in your bins to make sure your recycling.
Apart from a few poor people being blown up, (which I'm very sorry for) - most "terror" and "evil" acts are done by the name of the government. Can I have my freedom back? I'm not bothered about being blown up that much any more. Means I don't have to keep paying tax.

Re:

[mcgrew]

Apart from a few poor people being blown up

Maybe in the UK, but where I live you're in far more danger of being blown down. [www.cbc.ca]

Re:

[ciderbrew]

I've been watching that on the news. It seems to happen each year. I'm not too sure why people continue to build in a tornado belt or why they build wooden structures there. I thought houses would be made to stand up to a 100+ year event in that area. If that's possible / feasible. I'm sure a tornado does more damage and has way more power than I give it credit for.

My first guess it that it's very cheap land so poor people can afford it and they build within their means. So it just lands more woe on the p

Re:

[mcgrew]

Actually, there are few if any places in the US that aren't prone to some natural disaster, whether tornados, floods, hurricanes, or earthquakes. I was in a hurricane in Deleware in the early 70s, and a tornado in 2006 here in Illinois. If you're never been in a tornado [slashdot.org] it's impossible to imagine the power and destruction (please pardon the rambling style of the journal).

The tornado in Joplin tore down double walled brick houses. It's like being in a giant blender. And yes, the poor suffer most, as they're

Re:

[sjames]

A tornado belt isn't a small area, it covers several complete states. Are you suggesting we should evacuate the entire middle of our country (an area larger than the UK)? Then we would have to evacuate California as well, and Florida and Louisiana.

As for building homes to withstand a tornado, the only option is to put it underground or possibly a foot thick concrete dome could handle it. I saw a tornado that scrubbed a neighborhood clear. It took the trees, grass, houses, and pavement with it. Simply using

Re:

[ciderbrew]

I'd not evacuate, I'd just think really hard about living there after my house was blown away.
Given the huge area I've just been made aware of. I am suggesting there is a market for decent looking affordable tornado proofed housing. Its a shame there isn't a government and insurance company backed tax loss subsidy scheme to research this. Japan has done it with earth quake proof it's building to help it's population.
To gain back land and to reach new engineering heights is a good reason to do things tha

Re:

[sjames]

In California, the building code includes measures to survive earthquakes. In our coastal areas where hurricanes are common, the building code includes measures to withstand hurricanes. However, for tornadoes, your options really are underground, concrete dome, or hope you don't get hit by one.

Of course, it's also a matter of odds. Most people who live in the tornado belt never encounter a tornado.

This map [wikimedia.org] may help put it in perspective.

The one I don't understand is when people build on a flood plain and d

Re:

[FreelanceWizard]

Relatively high risk areas for tornadoes (which, by the way, covers a substantial part of the U.S.) are far, far less risky than high risk flood zones. A tornado is a short-lived, rare event that's capable of incredible damage, but that damage is contained to a small area. Tornadoes can have long paths, but the average tornado runs for about 5 miles in a 500 foot swath. That's a preciously small area of damage. The probability of suffering a tornado hit is quite low. In cities in such a zone, there are many

Re:

[ciderbrew]

The news doesn't give that type of perspective. They show whole towns thrown about the place and 80 dead, more expected. No point having a tornado proof house really. Just have a place to hide and keep safe and rebuild later.

Badges?

[ThatsNotPudding]

"We don't need no steenking badges!!"

Secure in Our Papers and Effects

[Doc Ruby]

Amendment IV [cornell.edu]

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

"Secure in their persons, houses, papers, and effects" is the definition of privacy. We have a right to privacy. It doesn't matter that the Constitution signers "couldn't have imagined" cloud computing. They imagined that they couldn't imagine new things, so they signed a Constitution that recognizes our right to privacy in specific terms of that right.

If we can't require the government at least obtain a judge's authorization on probable cause specifying what's to be searched and seized, we have no boundary between what's private and what the public can force. The 4th Amendment's line protecting the private from invasion by the public except when it's reasonable and limited is the fundamental right to a limited government. Give it up as we already largely have and we're living in tyranny.

Re:

[countertrolling]

...we're living in tyranny.

By choice.. majority rule at its best/worst

Border Backup/Restore

[Doc Ruby]

If cloud storage has better legal protection than local storage when crossing the border, then I want an app that backs up all my data and configs to the cloud and deletes it locally whenever my GPS says I'm near an airport or the border, then restores it after I'm across - or on demand, when I've passed border control.

Re:Border Backup/Restore

[AHuxley]

If you live within 100 miles of the US land and coastal borders (along with ~70% of the US), your data is going to be gone for many of the people you may want to interact with.
http://www.aclu.org/national-security_technology-and-liberty/are-you-living-constitution-free-zone [aclu.org]
and the map http://www.aclu.org/constitution-free-zone-map [aclu.org] of where inland Border Patrol checkpoints can be used.

Re:

[countertrolling]

The entire country is a constitution free zone.. Who's going to defend you in court when a cop shoots you in the back during a botched bust? Just burn it.. Bush was right.. It's just a goddamn piece of paper..

Re:

[AHuxley]

Just watch out for asset forfeiture laws in some states, best keep that "crack"berry hidden.

Re:

[ledow]

Or just - don't take that data to that country.

I know plenty of people that have stopped taking data (and sometimes their business) over to the states since they started getting too heavy-handed while at the same time ordering the EU to send personal data on visitors to them.

They either VPN it in and access it live (which is still dodgy because certain people could insist they do that with them watching, but I supposed you'd at least get a choice to notice that from the home-base and revoke their credential

Re:

[drinkypoo]

No, this is for people who live in the USA. If you're near the border they can search your computer whether you were crossing it or not. That means if you love freedom and you live near the border, move. Or you know, go do something about these bullshit laws, I guess. Good luck.

Ha!

[atomicbutterfly]

would require authorities to obtain a court-issued search warrant

Yeah right. As if the US Government really cares about obtaining a warrant anymore. There's been enough news recently regarding the blatant disregard for warrants and due process that it all just a bunch of bullshit at this point.

Yes I'm cynical, and I don't even fucking live in the US (though I do live in Australia, which I believe is one of the US states at this point).

Well

[ShooterNeo]

What stops the Feds from simply claiming anyone they want to investigate is a "suspected terrorist" and doing all the snooping they want. Suppose the Feds simply declare that due to "secret" information, they believe that someone is a "suspected terrorist". They tap his phone, bug his car, break into his email accounts...and discover that John Doe buys personal use quantities of prescription pain meds without a prescription. (but is not a terrorist). Or some other low-end crime.

Can the Feds put John Doe into prison based on this information?

Re:

[jr0dy]

What stops the Feds from simply claiming anyone they want to investigate is a "suspected terrorist" and doing all the snooping they want. Suppose the Feds simply declare that due to "secret" information, they believe that someone is a "suspected terrorist". They tap his phone, bug his car, break into his email accounts...and discover that John Doe buys personal use quantities of prescription pain meds without a prescription. (but is not a terrorist). Or some other low-end crime.

Can the Feds put John Doe into prison based on this information?

I was just about to post to this effect - you're spot on.

Re:

[cbope]

If this passes with the provision to allow the feds un-restricted access without a warrant under the guise of "intelligence" and "terrorism", then all it means is that in the future ALL accesses will be requested under these exceptions. Might as well write them a free pass to usurp whatever data they want now, and get this out into the open. I mean seriously, does anyone believe in this shit anymore?

Re:

[jon.siebert1]

almost makes you want to travel around with dirty diapers

Re:

[CastrTroy]

Maybe there should be a clause that unless the charges are actually terrorist/intelligence related, that any information obtained under the guise of "terror" should be inadmissible for any other offenses. So, if they searched your files without a warrant under the terror label, and found information about how you were selling drugs, then this information could not be used in court, as they got it without a warrant. If however, they found that you had plans to blow up a building, then they could use the in

Re:

[Black Parrot]

Maybe there should be a clause that unless the charges are actually terrorist/intelligence related, that any information obtained under the guise of "terror" should be inadmissible for any other offenses

Maybe we should just require a warrant, period.

In addition to the philosophical question of whether you should sell your freedom for improved (illusion of) security, there's the simple fact that 9/11 didn't succeed because it was too hard to get warrants; it succeeded because no one high enough up the chain of command connected the dots between the various hints that something was afoot.

But for the most part, the FBI has done a darn good job of busting up domestic terror plots for decades - warrants and all

Re:

[FrozenFOXX]

Yes, they can. IANAL mind you, but generally anything found would be deemed that it was "open and available" and thus they obviously just happened to find it. This is part of the reason why you make sure they've got a warrant before letting the police or the feds into your home, your car, or otherwise. If they can "see" something illegal then it's deemed admissable.

Is it bullshit? You bet your probably-going-to-be-jailed-at-some-point-in-your-life ass.

Of course not.

[Black Parrot]

The Bill will not prevent the FBI from accessing data without a warrant under terrorism and intellgence clauses.

We can't be concerned with trivial things like civil liberties when people are wetting their pants.

why is this even an issue?

[Anonymous Coward]

We've had PGP for what, 15 or 20 years now?

What sort of idiot would store data they wanted to keep private in the cloud and not encrypt it?

Mensch

[PopeRatzo]

Patrick Leahy takes a huge amount of shit from the right-wing talking heads. We get to hear how he hates freedom, hates America, blah blah.

But if you look at his career, you start to see someone who has worked quietly for the common good for a long time.

I'm afraid that any bill that protects any right that isn't about guns is never going to pass the Republican House of Representatives.

Re:

[Black Parrot]

I'm afraid that any bill that protects any right that isn't about guns is never going to pass the Republican House of Representatives.

The Democrats don't exactly have a strong record of standing up to them these days.

Re:

[PopeRatzo]

The Democrats don't exactly have a strong record of standing up to them these days.

True enough.

Nice idea, doesn't work

[Toby The Economist]

Accordingly, all warrentless accesses of personal data will be done for anti-terrorism reasons.

Government will use every power it has, always, to do whatever it is it wants to do.

The original intent of the power is *utterly and wholly irrelevant*.

Safety Deposit Box

[brendank310]

Cloud data should be treated the same way that the contents of a safety deposit box are treated.

Oh peachy: Leahy and my Civil Liberties

[CodeShark]

--sarcasm mode on--
I can sleep better knowing that Sen. Leahy is looking out for my civil liberties, especially where the 'Net and privacy are concerned.
--sarcasm mode off--

This may sound jaded but any time that particular name is associated with anything to do with our rights and civil liberties, I always seem to be saying under my breath "repeat after me: check the fine print" as there are very few individuals at the national level that I trust less. And I would love to see if the /. community agrees or

Just to be safe

[cavebison]

I tend to use Web-mail, not Cloud-mail.