Gina Pickerrell

Clarifying Cloud Computing Confusion: Courts vs. Congress

What is a cloud? Twenty years ago, anyone on the street could easily define the term; even children could simply point to the sky to effectively communicate their understanding. But all of that changed when the term collided with technological evolution, subsequently transforming its ordinary definition. A cloud is no longer a strictly meteorological concern, only affecting a secluded environment, rather, it is now an everyday concern of the technologically connected community of service providers and data users worldwide. Cloud computing is the not-so-new advancement in data storage, management, and processing, expanding the physical realm of communication privacy up to the virtual clouds.1 Cloud computing brings ease-of-use and low-cost maintenance for providers and subscribers alike.2 Within the last decade, service providers found it beneficial to expand their new-age “filing cabinets” by securing server space all over the globe.3 For maximum storage capabilities, cloud technology enables providers to slice and dice data into tiny packets and shove them into available corners, anywhere and everywhere.4 The borderless capabilities of the internet successfully expanded the scope of cloud computing, but left regulators scrambling.5 Law enforcement agencies struggle to understand their capabilities when it comes to cloud-based investigations, and with an ever-growing amount of electronic data being produced every minute, all over the world, cloud concerns are poised for clarification.6

This new, unchartered territory requires an initial comparative analysis to connect known physical solutions to possible virtual ones. Since its enactment in 1986, the Electronic Communications Privacy Act (ECPA) persevered as the guiding authority in the balancing act of public and private electronic data interests.7 More specifically, the Stored Communications Act (SCA), within the ECPA, focuses on protecting communication data, such as email, from unauthorized searches, seizures, hacks, and publishing.8 Recently, facing strong scrutiny, the SCA’s extraterritorial application was questioned before the Supreme Court.9 At the same time, the broader issue of statutory reform, and the decades-old statute being effectively applied to cloud management, provoked Congress to introduce their aptly named fix: The Clarifying Overseas Use of Data (CLOUD) Act of 2018.10

The Microsoft case began when the company refused to allow law enforcement access to an email account as part of a December 2013 narcotics investigation, despite a government warrant.11 The particular account—accessible via cloud technology—was physically located on a server in Ireland.12 Microsoft argued the SCA could not be used to obtain private communications located in a foreign country, but the government insisted the American company was able to access the data domestically “with the click of a computer mouse.”13 Over four years later, on February 27, 2018, the Supreme Court heard oral arguments in the matter.14

The divided Justices raised concerns to both sides and found dealing with the SCA to solve modern technology conundrums difficult.15 Chief Justice Roberts feared companies could use this loophole to entice customers’ business, promising protection against government access by simply moving communications overseas.16 Whereas Justice Ginsburg seemed understanding of the difficulties providers face, which require them to first submit to foreign laws if the data was stored within foreign borders.17 Justice Gorsuch agreed with this outlook, affirming that the access would indeed require action within Ireland.18 Justice Sotomayor took a stand against the government in proclaiming that when the SCA was enacted, Congress only intended protection of data stored within the United States.19 Justice Breyer offered a solution generally allowing the desired access, but also providing an appeals process to cite difficulties or conflicts involved in the disclosure process.20 Interestingly enough, this interpretative solution is similar to a statutory solution proposed by Congress.21

In between the writ of certiorari and oral arguments, Congress proposed their own solution to the cloud confusion issue.22 The proposed CLOUD Act is a bipartisan, bicameral initiative aimed at providing clear instructions to law enforcement needing access to data outside of the United States and to provide a means of creating bilateral data-sharing agreements for accelerated access.23 Surprisingly enough, the Act has received great support from the technology community, especially from big players like Apple, Facebook, Google, and even Microsoft.24 It is praised as a modern approach that will keep America in a powerful, yet trustworthy, posture built on global cooperation to combat crime and terrorism.25 However, there are still some concerns about whether the Act will increase law enforcement powers without equally defending concerns of data privacy.26

If the Act passes through Congress, President Trump is likely to support its quick enactment, possibly mooting the Microsoft decision, which is expected by June.27 In any account, it seems everyone agrees that the data privacy of foreign and domestic communications should no longer cloud the minds of users, providers, and regulators.

GLTR Staff Member: Georgetown Law, J.D. expected 2018; Ball State University, B.S. 2011. © 2018, Gina Pickerrell.