Note: Defogging the Cloud: Applying Fourth Amendment Principles to Evolving Privacy Expectations in Cloud Computing
By David A. Couillard. Full text here.
It took nearly a century after the invention of the telephone for the Supreme Court to recognize that the Fourth Amendment could be applied to the content of private telephone conversations. Today, the Internet is in a similar state of limbo, with courts reluctant to grant Fourth Amendment protection to data placed in a medium that has been perceived as inherently public in nature. This perception has begun to shift as Internet technology becomes faster, more widespread, and more mobile. “Cloud computing” is the trendy phrase used to describe this change. Rather than merely a medium of mass communication, the ethereal Internet “cloud” is now used as a virtual platform for storing and interacting with data that are intended to remain private yet accessible anywhere. Although some courts have recently recognized limited protection for e-mails and text messages, these narrow holdings are not universal. The third-party doctrine further complicates the issue when content and quasi-transactional data are being stored by cloud service providers.
This Note argues that because the Internet has evolved to allow new uses, data placed in the cloud merit some level of Fourth Amendment privacy protection. Fourth Amendment protection requires a subjectively reasonable expectation of privacy. Because limited means exist to conceal virtual containers in the cloud, methods such as encryption and password protection should be analogized to virtual opacity rather than the lock-and-key analogy that has been dismissed by some scholars. Finally, courts should acknowledge the landlord-tenant nature of the relationship between the cloud service provider and the user, and thus the use of cloud platforms should not create a categorical waiver of Fourth Amendment protection under the third-party doctrine.