The Fourth Amendment and the Cloud 174
CNET has up a blog post examining the question: does the Fourth Amendment apply to data stored in the Cloud? The US constitutional amendment forbidding unreasonable searches and seizures is well settled in regard to the physical world, but its application to electronic communications and computing lags behind. The post's argument outlines a law review article (PDF) from a University of Minnesota law student, David A. Couillard. "Hypothetically, if a briefcase is locked with a combination lock, the government could attempt to guess the combination until the briefcase unlocked; but because the briefcase is opaque, there is still a reasonable expectation of privacy in the unlocked container. In the context of virtual containers in the cloud...encryption is not simply a virtual lock and key; it is virtual opacity. ... [T]he service provider has a copy of the keys to a user's cloud 'storage unit,' much like a landlord or storage locker owner has keys to a tenant's space, a bank has the keys to a safe deposit box, and a postal carrier has the keys to a mailbox. Yet that does not give law enforcement the authority to use those third parties as a means to enter a private space. The same rationale should apply to the cloud." We might wish that the courts interpreted Fourth Amendment rights in this way, but so far they have not.
US Border Laptop Searches (Score:4, Insightful)
Re:US Border Laptop Searches (Score:5, Insightful)
It's very simple (Score:5, Insightful)
If you want your data to be safe,especially when you plan to store it online in this new-fangled cloud thing, then encrypt it. You can't trust a service provider to stand up to a government access order, and you can't rely on the security of a storage system that you didn't make yourself.
Be responsible for your own data privacy instead of relying on an ambiguous interpretation of an ammendment written before the days of digital data.
Jesus Fucking Christ (Score:1, Insightful)
Seriously. Can we just save everybody the trouble and travel 5 years into the future when this whole cloud FAD runs its course? Maybe by then all the hype surrounding Twitter and Facebook will have died down a bit. And hopefully use of the word "blogosphere" will be punishable by death.
Re:US Border Laptop Searches (Score:5, Insightful)
When you are a foreign citizen, searching laptops, personal electronic devices and so on is just a prerequisite for entering the country (if you don't want your laptops to be searched, you are free to leave, but if you want to enter we need to search your laptop).
I don't know how this can be related to US citizens (as a country should not be/is not allowed to refuse entry to its citizens)
Remember that searching personal effects is rarely done, but entirely normal in border posts
Hosting countries (Score:5, Insightful)
And if the data center is in another country, would the 4th Amendment apply there?
If so, how would you enforce it? Soldiers with machine guns show up, grab all of your data, crack the encryption, and take what they want. And you'll do exactly what?
The data is gone and seen, so you're screwed. And even if you have super duper one hundred billion bit encryption, your data center and data are gone. So, you have up to the second back-ups?
Other than cost, I see no upside to cloud computing.
Re:US Border Laptop Searches (Score:3, Insightful)
if you don't want your laptops to be searched, you are free to leave, but if you want to enter we need to search your laptop
Need? Want I can see, and I appreciate that submitting to the search is a condition of being granted entry, but I really don't see where the need comes from.
I don't know how this can be related to US citizens (as a country should not be/is not allowed to refuse entry to its citizens)
So they can't refuse you entry; surely (assuming the law permits it) they can have you arrested and possibly charged for failing to comply?
The Fourth Amendment became a quaint notion (Score:4, Insightful)
at the point when urine drug testing was mandated by the government for any company receiving government contracts. You know back in the days of Ronnie Raygun and the "Just Say No" crusades?
If you aren't secure against government searches OF YOUR OWN BODILY FLUIDS, do you really think that they will respect your right of privacy regarding some random 1s and 0s stored on a private corporation's computers somewhere?
Re:US Border Laptop Searches (Score:5, Insightful)
Shouldn't the same privacy logic apply even more to your laptops and personal electronic devices when you're entering U.S. borders? Having these people search your hard drive is an invasion of privacy.
The logic has never applied when entering U.S. borders (or any other country for that matter). Searches that would be disallowed within the country have been ruled by the Supreme Court as allowed since the founding of the country. The people who wrote the Fourth Amendment did not question such border searches, which makes it hard to argue today that the Fourth Amendment was intended to apply.
Re:US Border Laptop Searches (Score:5, Insightful)
The legality of the contents of the laptop can be contested if I am arrested within the US and the laptop seized as evidence. Until that point, that laptop is a sealed envelope; X-ray and perform a cursory physical examination all you like to ensure that it is a laptop computer, but like the documents inside the envelope, the content of the disk is not subject to being examined or duplicated.
Re:It's very simple (Score:5, Insightful)
Like cracking the encryption will take long.
Using good encryption means the task is virtually impossible (even for someone like the NSA) unless they make a lucky guess or obtain the code key (via theft or subpoena).
Part of the problem... (Score:4, Insightful)
The US constitutional amendment forbidding unreasonable searches and seizures is well settled in regard to the physical world
Electrons in computers ARE part of the physical world.
Stop conceding that is it different!
IT'S NOT!
Re:US Border Laptop Searches (Score:4, Insightful)
I see your point and raise you a generalization; The US is getting to the point where one should just ask "do any of the amendments apply now?".
Dumb idea anyhow. (Score:5, Insightful)
[T]he service provider has a copy of the keys to a user's cloud 'storage unit'
Why the hell would I want to give a copy of the keys to the service provider?
Just because you use the cloud to store bits of data doesn't mean that you'd want to store unencrypted bits of data there. Those that do risk distribution of your unencrypted data via a multitude of channels, including but certainly not limited to:
Why would anyone hand the keys to all their important data to a 3rd party that they don't personally know? Just because they're under a contract with that 3rd party? A contract drawn up exclusively by that 3rd party? With clauses designed to exclusively to protect that 3rd party?
Uh not so fast. (Score:2, Insightful)
Re:It's very simple (Score:5, Insightful)
http://xkcd.com/538/ [xkcd.com]
Only in america (Score:3, Insightful)
Specifically, would it be wise to assume that all, or any, backups will only be taken in america, or that the data won't get routed to or through another country.?
It's a big world out there and the USA is only a small part of it.
Stop insult people's intelligence (Score:5, Insightful)
Dear lawmakers, please make laws about cryptography, not about analogies of cryptography if you don't want me to just be an analogy of a law abiding citizen.
Thanks.
Re:Hosting countries (Score:0, Insightful)
More to the point, as a Canadian I have to know that my data will NOT be stored in the states because of the weird (Mostly PATRIOT) laws there that make a mockery of any security provisions we might want.
Re:US Border Laptop Searches (Score:3, Insightful)
(emphasis mine)
You don't honestly think that, do you?
I think you meant "you are free not to come here in the first place".
Re:US Border Laptop Searches (Score:3, Insightful)
Yes, the one where the federal government gets to levy individual income tax.