Newly Proposed U.S. Bill Calls for Warrant to Access Cloud Data

by Sam Dean - May. 24, 2011Comments (0)

In a move that could open up a whole new debate on privacy issues surrounding cloud computing, U.S. Senator Patrick Leahy has introduced a bill in the Senate that would require authorities to get a court-ordered search warrant before gaining access to messages and other data stored on cloud platforms. Currently, access to such data is subject to restrictions set by the 25-year old Electronic Communications Privacy Act (ECPA). The newly proposed bill, dubbed the ECPA Amendments Act, not only requires a search warrant for access to cloud data, but also requires officials to have probably cause to obtain one. This proposed legislation promises to have a big impact on cloud players, including the many open source cloud players.

According to SC Magazine:

"Under current law, law enforcement does not need to acquire a search warrant to obtain email communications that have been stored for longer than 180 days. The proposed legislation would eliminate this rule and require a search warrant regardless of the age of an email. It would also implement new protections for geolocation information that is collected, used or stored by smartphones or other mobile technologies."

Like it or not, we are moving toward a cloud-centric model for working with not just messages, but data of all stripes, and this newly proposed legislation promises to have a significant impact on all players in the cloud. Google, for example, is pushing a heavily cloud-centric computing model with its new Chrome OS. Chrome OS eschews locally stored data and applications and imposes cloud-based solutions on users. Its acceptance will depend heavily on user-based perceptions of privacy in the cloud. 

Notably, Leahy also introduced the original ECPA legislation that governs access to data stored in the cloud. It's also notable that Google is among a group of tech giants, including AOL and Microsoft--called Digital Due Process--that have been asking for amendments to the original ECPA legislation.

For those who believe in the promise of cloud computing--where open source solutions are playing an increasingly prominent role--the newly proposed legislation promises to ensure more privacy than cloud users have currently. It's likely to be good news on the cloud front, but the legislation may be heavily amended going forward. For example, it proposes rules pertaining to real-time collection of geolocation data, but does not restrict the right of law enforcement officials to obtain past cell phone location data from crime suspects. It also calls for new rules surrounding how the governement can "collaborate" with companies who are under network attack, in efforts to identify attackers.

As Eucalyptus Systems' CEO Marten Mickos noted in a recent GigaOM post: "We’re seeing the 'server' side of client/server disrupted and replaced by cloud computing." That has profound privacy implications. Leahy's bill is definitely one to watch on this front, but will probably be finalized with many revisions.

Mark Hinkle uses OStatic to support Open Source, ask and answer questions and stay informed. What about you?


Share Your Comments

If you are a member, to have your comment attributed to you. If you are not yet a member, Join OStatic and help the Open Source community by sharing your thoughts, answering user questions and providing reviews and alternatives for projects.

Promote Open Source Knowledge by sharing your thoughts, listing Alternatives and Answering Questions!