Cloud + 180 Days = Open Season On Your Data

So... You're looking to migrate your systems and data to the cloud.  Many concerns surrounding the security, compliance, and complexity lie ahead.  However, what you may not know, is that thanks to The Electronic Communications Privacy Act, anything older than 180 days is not protected by the 4th Amendment - in short, OPEN SEASON!

A section of law that hasn’t come up for discussion in the past few weeks, is the one that gives law enforcement at all levels relatively unfettered access to stored email, documents in the “cloud” and other personal material.

The reason this law allows this is really a loophole.  The Electronic Communications Privacy Act, is old, and technology has far surpassed the vision of the lawmakers who wrote and passed it in 1986. Almost no one used email then, the online cloud didn’t really exist, and storing personal information for long periods of time with a third party such as Google didn’t seem to make any sense.

Your own personal computer is protected by Fourth Amendment protections against unreasonable searches, so the law provided privacy protections to messages on servers, but only for the first 180 days.  After that,   messages on servers "would be considered abandoned," and a search warrant wouldn't be required.

Ironically -- the unopened messages in your spam file enjoy greater privacy protection than messages you've opened or the ones you sent.  Speaking at the State of the Net Conference in January,  Kevin Bankston, senior counsel for the Center for Democracy & Technology, called the privacy act "a bit strange and rather outdated."

So, the law says, if users keep e-mail on a third-party server for more than 180 days, they’ve abandoned the material and law enforcement can look at it — armed merely with a subpoena, not a warrant from a judge. 

Now Americans store years’ worth of email online, compose everything from professional

documents to love letters on cloud-based word processors and keep all sorts of other files on remote hard drives owned by communications companies and located far away from their homes. It’s not just metadata that’s vulnerable here — it’s the full contents of every stored email and every cloud-based document.  So if it's on the cloud, you may as well have pasted your info on your forehead. 

Journalists, among many others, use these tools, which is why the Newspaper Association of America, to which The Washington Post belongs, is part of the Digital Due Process Coalition,  which includes advocacy groups like the American Civil Liberties Union as well as companies including Google, Facebook, Hewlett-Packard (HPQ) and IBM, is leading the charge to reform the Electronic Communications Privacy Act.  Acknowledging that it "was a forward-looking statute when enacted in 1986," the group says it has become "a patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for both service providers and law enforcement agencies." 

For years, Sen. Patrick J. Leahy, D-Vt., chairman of the Judiciary Committee, has been trying to do that. Though his updates would keep multiple exceptions for law enforcement, his reforms would at least require government investigators to obtain a search warrant when they want to obtain e-mail content of any vintage from third-party companies. This would not only meet Americans’ legitimate expectations of privacy, it would also moot the legally murky question of whether searches conducted under the old law are constitutional. Unlike some of the tougher issues the country is confronting following the NSA leaks, this one is easy. Congress should finally act on Mr. Leahy’s bill, and soon.

But while there may be a bipartisan consensus building for scrapping the 180 days provision, law enforcement agencies are using the prospect of ECPA reform to lobby for data retention of text messages. Authorities have been pushing for a clause that would force carriers like Verizon and AT&T to store all text messages sent by Americans in a vast database so that the information can be perused at a later date to help with investigations. "Billions of texts are sent every day, and some surely contain key evidence about criminal activity," Richard Littlehale, a special agent with the Tennessee Bureau of Investigation, said today before the House judiciary subcommittee, echoing similar statements made by authorities in December. 

Source(s)

• http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act
• http://www.mercurynews.com/larry-magid/ci_22741896/when-it-comes-using-online-data-investigate-crime
• http://www.slate.com/blogs/future_tense/2013/03/19/patrick_leahy_introduces_legislation_to_update_ancient_electronic_communications.html

So “Once more unto the breach, dear friends, once more;”

____________________________________________________________

About Rick Ricker

An IT professional with over 21 years experience in Information Security, wireless broadband, network and Infrastructure design, development, and support.

For more information, contact Rick at (800) 399-6085 x502