I am a millennial, and technology is a major part of my life. When I discovered "the cloud," it completely changed the way I store my electronic data. The pictures I took from my European vacation, my tax returns, and even my notes, papers, and documents from law school are all stored in my cloud account. The amount of storage, and ease of access were what enticed me to create a cloud account. I feared that my computer will crash, and that I might lose everything I have stored on the hard drive; but now that I have a cloud account, that fear is no longer a reality. As long as I have an Internet connection, my files are always available to me on any device.
As much as I want instant access to all my data, I equally do not want the government having any access to it. In light of the current battle between Apple and the FBI, it appears that other U.S. citizens are just as concerned as I am about preserving a balance between privacy, and what the government can and cannot gain access to. In particular, I am concerned with keeping the data that I store in my cloud account private, and keeping law enforcement out. It is implausible that a judge would approve a warrant to seize all the letters I have ever mailed in my lifetime through USPS, so why should a judge approve a warrant for all content stored in my cloud account? Just because my data is digitized, and I can save an immense amount of it in a single account, does not mean that that data is less deserving of Fourth Amendment protections.
When the founding fathers drafted the Bill of Rights, more specifically, the Fourth Amendment, they would have never imagined the vast breakthroughs in technology that we see today. In drafting the Fourth Amendment, James Madison guaranteed a "right of the people to be secure in their persons, houses, papers, and effects;" an umbrella of protections. The Fourth Amendment should continue to be read with such broadness, especially in the age of the cloud. There is a need for law enforcement to gain access to cloud accounts through warrants, but the rights of U.S. citizens cannot be ignored.
The current federal law that addresses how law enforcement can obtain warrants for electronic data stored in the cloud is known as the Stored Communications Act (SCA), which was passed as part of the Electronic Communication Privacy Act of 1986. 1986 was more than thirty years ago, and technology has tremendously changed since then. Today, Congress seeks to amend the SCA with the Law Enforcement Access to Data Stored Abroad Act (LEADS). What LEADS intends to do is limit warrants for electronic data to only U.S. persons or businesses incorporated in the U.S. However, LEADS fails to stipulate a time frame that government actors can access a cloud account, and it also fails to particularize the type of data to be seized. LEADS is a good start to updating the old SCA, but it has serious gaps and we should not squander the legislative attention being paid by leaving the gap unfilled. More importantly, LEADS should not become law unless it is amended to comply with the Fourth Amendment.
Under the SCA and LEADS, there are no sections stipulating what Fourth Amendment guidelines law enforcement should abide by when applying for a warrant to search your cloud account. For me, the solution is simple: recognition of a reasonable expectation of privacy in data stored in the cloud. Unfortunately, no court has recognized a reasonable expectation of privacy in data stored in the cloud, but I feel that the courts are approaching the subject. In 2010, the Sixth Circuit, in U.S. v. Warshak, was the first circuit to recognize a reasonable expectation of privacy in the content of e-mails stored on third party servers. The Sixth Circuit stated that the content of e-mails are subject to Fourth Amendment protections. Furthermore, in 2014, the Supreme Court, in Riley v. California, held that the warrantless search and seizure of digital content of a cell phone during an arrest is unconstitutional. Chief Justice Roberts explained that since cellphones can take advantage of cloud technology, Fourth Amendment safeguards should exist. And even today, several courts are divided on the issue plaguing the FBI and Apple, and whether Apple should have to comply with the FBI's demand to unlock the phone that belonged to the San Bernardino killer. Even though these cases have not directly recognized a reasonable expectation of privacy in data stored in the cloud, I believe that the holdings from these cases are laying the groundwork that will help to achieve that privacy right.
In order for a reasonable expectation of privacy to exist, there is a two-fold test that must be adhered to. The first step is to determine whether a person has exhibited an actual expectation of privacy. The second step is to determine whether that expectation of privacy is one that society is prepared to recognize as reasonable. I believe that when it comes to data stored in the cloud, a reasonable expectation of privacy should exist. First, I keep my cloud account private by utilizing password protection. I also do not share my password or any of the content within my cloud account. Second, I am not the only individual who takes advantage of cloud technology; therefore, I feel that society is ready to recognize an expectation of privacy in data stored in the cloud. Millions of Americans utilize cloud technology, and also safeguard their accounts through password protection or encryption services. I firmly believe that society is ready to recognize a privacy right in data stored in the cloud, especially since so many Americans vocalized distrust and contempt against the FBI in its recent battle with Apple.
According to Justice Stewart in his majority opinion from Katz v. U.S., the Fourth Amendment protects people, not places. Justice Stewart even went so far as to say that what a person "seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected." I seek to preserve as private all data that is stored in my cloud account. I keep my account private, and so do millions of other cloud users. It is vital that the Fourth Amendment evolves with technology, and that is why I believe that it is time for the courts to award Fourth Amendment protections to data stored in the cloud.
Victoria Drake recently graduated from St. John's University School of Law. During her time at St. John's, Victoria served as the Editor in Chief for the Journal of Civil Rights and Economic Development, as well as Vice President for the Women's Law Society. After the bar exam, Victoria will be joining the in-house legal team at Grassi & Co., a leading accounting and consulting firm in New York.
Suggested citation:Victoria Drake, A Digital World: Why Law Enforcement Needs to Obey the Fourth Amendment, JURIST, September 23, 2017, http://jurist.org/dateline/2017/09/Victoria-Drake-cloud-technology-fourth-amendment.php.
This article was prepared for publication by Ben Cohen, Section Editor for JURIST. Please direct any questions or comments to him at email@example.com