Whose Data Is It Anyway?

Derek Hunter,

The days of hand written letters and notes is over, it’s all digital now. As such, we find ourselves in a weird position where our private thoughts aren’t sealed in an envelope, but basically handled in an accurate version of “telephone” by third party companies on the honor system that they won’t reveal them. The problem isn’t companies accessing what we voluntarily give them, it’s the sense of entitlement to that information the government has.

The Internet is the greatest advancement in communication in human history; it’s also a potential invasion of privacy that would make George Orwell declare it implausible.

Yet it is plausible, and it is happening.

When we sign up for an email account we know the words we type will be skimmed for keywords so the company providing us the service can make money targeting ads for products their algorithms think we’re likely to buy. It’s a part of the deal for a “free” and reliable service and most people accept it.

It can be discomforting, but the odds of Google or Hotmail kicking in your door and arresting you for something you wrote in an email are nonexistent. Government, on the other hand, is a different story.

Given what we know about the National Security Agency and the government’s penchant hunger for our data, that email providers refuse to cooperate with demands to information is an important safeguard for our privacy. As we move away from physical hard drives and toward cloud-based computing, how secure our data is from the prying eyes of government is becoming an imperative.

That’s why the case of Microsoft vs. Ireland should be of interest to everyone, as should the Stored Communications Act.

Lawfare reports on the basics of the case:

Back in December 2013, federal law enforcement was conducting a criminal narcotics investigation. During the course of this investigation, the government sought a search warrant, pursuant to Section 2703(a) of the SCA, to seize the contents of an email account belonging to a Microsoft customer. Microsoft complied with the warrant to an extent, turning over any account information that was being stored in the United States. However, the actual emails, and their contents, were stored overseas in Dublin, Ireland. Microsoft balked at turning over the overseas content, and the district court held the corporation in civil contempt for its failure to comply with the warrant.

The case was reversed by the Second Circuit, ruling “the Stored Communications Act does not authorize courts to issue and enforce against U.S.‐based service providers warrants for the seizure of customer e‐mail content that is stored exclusively on foreign server.”

The case is now working its way to the Supreme Court.

While I have no love for drug dealers, the idea that the United States government can compel companies to provide people’s data from anywhere in the world strikes me as the first step on a slippery slope.

Once the feds can mandate access to data no matter where it’s stored, the cloud becomes a massive potential negation of the 4th Amendment.

Governments would like nothing more than unfettered access to all we do online, as demonstrated by the NSA. That’s why every effort to insert their nose under the tent of all our lives should alarm everyone.

Some governments are already making moves against private data of their citizens.

Forbes reported in 2015, “Russian President Vladimir Putin signed a bill mandating that foreign companies store Russian citizens’ data on servers within Russia and give Russian security forces greater access to user information.”

While we’re a long way from Russia, we should endeavor to stay as far away from Russia as we possibly can.

I understand the arguments for accessing information in regards to terrorism investigations, but if the Obama years have taught us anything, it’s that government intention when passing laws has very little to do with what those laws become when implemented. Plain language with original intent easily understood can be reinterpreted by a president, a bureaucrat, or a judge to mean whatever any situation needs are.

The government can’t just access your hard drive at your house, what about the cloud when it extends around the globe? Warrants should stop at the water’s edge, and any incursion into any American’s privacy should have to clear a high bar. If they can get to data stored in Ireland, there’d be little stopping them from accessing data stored everywhere in the cloud.

|