Georgetown Law
Technology Review

What is a cloud? Twenty years ago, anyone on the street could easily define the term; even children could simply point to the sky to effectively communicate their understanding. But all of that changed when the term collided with technological evolution, subsequently transforming its ordinary definition. A cloud is no longer a strictly meteorological concern, only affecting a secluded environment, rather, it is now an everyday concern of the technologically connected community of service providers and data users worldwide. Cloud computing is the not-so-new advancement in data storage, management, and processing, expanding the physical realm of communication privacy up to the virtual clouds.1See generally Michael Chertoff, It’s Too Hard to Search the Cloud, WALL ST. J. (Feb. 11, 2018), https://www.wsj.com/articles/its-too-hard-to-search-the-cloud-1518377986; Brad Smith, US Supreme Court Will Hear Petition to Review Microsoft Search Warrant Case While Momentum to Modernize the Law Continues in Congress, MICROSOFT (Oct. 16, 2017), https://blogs.microsoft.com/on-the-issues/2017/10/16/us-supreme-court-will-hear-petition-to-review-microsoft-search-warrant-case-while-momentum-to-modernize-the-law-continues-in-congress/; Tom Hale, How Much Data Does the World Generate Every Minute?, IFL SCI. (July 26, 2017), http://www.iflscience.com/technology/how-much-data-does-the-world-generate-every-minute/. Cloud computing brings ease-of-use and low-cost maintenance for providers and subscribers alike.2See Hale, supra note 1. Within the last decade, service providers found it beneficial to expand their new-age “filing cabinets” by securing server space all over the globe.3See Marcia Coyle, Justices’ Heads Were in the Cloud at Microsoft Email Arguments, NAT’L L.J. (Feb. 28, 2018), https://www.law.com/nationallawjournal/2018/02/27/justices-heads-were-in-the-cloud-at-microsoft-email-arguments/; see Chertoff, supra note 1. For maximum storage capabilities, cloud technology enables providers to slice and dice data into tiny packets and shove them into available corners, anywhere and everywhere.4See Chertoff, supra note 1. The borderless capabilities of the internet successfully expanded the scope of cloud computing, but left regulators scrambling.5See generally, Thomas P. Bossert & Paddy McGuinness, Don’t Let Criminal Hide Their Data Overseas, N.Y. TIMES (Feb. 14, 2018), https://www.nytimes.com/2018/02/14/opinion/data-overseas-legislation.html. Law enforcement agencies struggle to understand their capabilities when it comes to cloud-based investigations, and with an ever-growing amount of electronic data being produced every minute, all over the world, cloud concerns are poised for clarification.6See id.; Chertoff, supra note 1; Hale supra note 1.

This new, unchartered territory requires an initial comparative analysis to connect known physical solutions to possible virtual ones. Since its enactment in 1986, the Electronic Communications Privacy Act (ECPA) persevered as the guiding authority in the balancing act of public and private electronic data interests.718 U.S.C. § 2510, et seq. (1986). More specifically, the Stored Communications Act (SCA), within the ECPA, focuses on protecting communication data, such as email, from unauthorized searches, seizures, hacks, and publishing.8See 18 U.S.C. 2701, et seq. (1986); see Brief for Respondent, United States. v. Microsoft, __ U.S. __ at 5 (2018) (No. 17-2), https://www.supremecourt.gov/DocketPDF/17/17-2/27619/20180111205746909_Brief%20for%20Respondent%202018.01.11.pdf. Recently, facing strong scrutiny, the SCA’s extraterritorial application was questioned before the Supreme Court.9See United States v. Microsoft, 138 S.Ct. 356 (2017); see Microsoft v. United States, 829 F.3d 197 (2d Cir. 2016). At the same time, the broader issue of statutory reform, and the decades-old statute being effectively applied to cloud management, provoked Congress to introduce their aptly named fix: The Clarifying Overseas Use of Data (CLOUD) Act of 2018.10See Ali Breland, Hatch Introduces Bipartisan Bill to Clarify Cross-Border Data Policies, HILL (Feb. 6, 2018), http://thehill.com/policy/technology/372637-hatch-introduces-bipartisan-bill-to-clarify-cross-border-data-policies.

The Microsoft case began when the company refused to allow law enforcement access to an email account as part of a December 2013 narcotics investigation, despite a government warrant.11See Morgan Chalfant, Supreme Court Agrees to Hear DOJ Petition in Microsoft Data Warrant Case, HILL (Oct. 16, 2017), http://thehill.com/policy/cybersecurity/355621-supreme-court-agrees-to-hear-doj-petition-in-microsoft-data-warrant-case; see also Sydney Reade, Luck of the Irish for Microsoft?, GEO. L. TECH. REV. (Nov. 2017), https://georgetownlawtechreview.org/luck-of-the-irish-for-microsoft/GLTR-11-2017/. The particular account—accessible via cloud technology—was physically located on a server in Ireland.12See Brief for Respondent, supra note 8, at 38. Microsoft argued the SCA could not be used to obtain private communications located in a foreign country, but the government insisted the American company was able to access the data domestically “with the click of a computer mouse.”13See id.; see Chalfant, supra note 11. Over four years later, on February 27, 2018, the Supreme Court heard oral arguments in the matter.14See Amy Howe, Argument Analysis: Justices Divided over Disclosure of Overseas Emails, SCOTUSBLOG (Feb. 27, 2018), http://www.scotusblog.com/2018/02/argument-analysis-justices-divided-disclosure-overseas-emails/.

The divided Justices raised concerns to both sides and found dealing with the SCA to solve modern technology conundrums difficult.15Id. Chief Justice Roberts feared companies could use this loophole to entice customers’ business, promising protection against government access by simply moving communications overseas.16Id. Whereas Justice Ginsburg seemed understanding of the difficulties providers face, which require them to first submit to foreign laws if the data was stored within foreign borders.17Id. Justice Gorsuch agreed with this outlook, affirming that the access would indeed require action within Ireland.18Id. Justice Sotomayor took a stand against the government in proclaiming that when the SCA was enacted, Congress only intended protection of data stored within the United States.19See Amy Howe, Argument Analysis: Justices Divided over Disclosure of Overseas Emails, SCOTUSBLOG (Feb. 27, 2018), http://www.scotusblog.com/2018/02/argument-analysis-justices-divided-disclosure-overseas-emails/. Justice Breyer offered a solution generally allowing the desired access, but also providing an appeals process to cite difficulties or conflicts involved in the disclosure process.20Id. Interestingly enough, this interpretative solution is similar to a statutory solution proposed by Congress.21See Breland, supra note 10.

In between the writ of certiorari and oral arguments, Congress proposed their own solution to the cloud confusion issue.22See id. The proposed CLOUD Act is a bipartisan, bicameral initiative aimed at providing clear instructions to law enforcement needing access to data outside of the United States and to provide a means of creating bilateral data-sharing agreements for accelerated access.23See id. Surprisingly enough, the Act has received great support from the technology community, especially from big players like Apple, Facebook, Google, and even Microsoft.24See Letter from Technology Companies in Support for Senate CLOUD Act (Feb. 6, 2018), https://blogs.microsoft.com/datalaw/wp-content/uploads/sites/149/2018/02/Tech-Companies-Letter-of-Support-for-Senate-CLOUD-Act-020618.pdf; see also Letter from Multiple Associations in Support for the CLOUD Act (Feb. 6, 2018), http://www.bsa.org/~/media/Files/letters/02062018CLOUDActMultiAssnLtr.pdf. It is praised as a modern approach that will keep America in a powerful, yet trustworthy, posture built on global cooperation to combat crime and terrorism.25See id.; Bossert & McGuinness, supra note 5; Letter from National Association of Attorneys General in Support for the CLOUD Act (Feb. 21, 2018), https://attorneygeneral.utah.gov/wp-content/uploads/2018/02/Final-2.21-CLOUD-Act-Letter.pdf. However, there are still some concerns about whether the Act will increase law enforcement powers without equally defending concerns of data privacy.26See Camille Fischer, The CLOUD Act: A Dangerous Expansion of Police Snooping on Cross-Border Data, ELECTRONIC FRONTIER FOUND. (Feb. 8, 2018), https://www.eff.org/deeplinks/2018/02/cloud-act-dangerous-expansion-police-snooping-cross-border-data.

If the Act passes through Congress, President Trump is likely to support its quick enactment, possibly mooting the Microsoft decision, which is expected by June.27See id.; see Bossert & McGuinness, supra note 5. In any account, it seems everyone agrees that the data privacy of foreign and domestic communications should no longer cloud the minds of users, providers, and regulators.