Representing Clients Since 1983
Call Our Firm Today 419.625.1234

Is my data stored in the cloud safe from the government?

January 27, 2018

By Kenneth R. Bailey, OACDL President and Technology Chair

4th Amendment and Electronic Devices.

Technology issues remain the front line of the fight for Fourth Amendment protections. Courts are looking to traditional concepts of privacy in physical property and the expectation of privacy when determining whether to and what extent to protect those new technologies.

For example, the Fourth Amendment protects the content of the modern day letter, the e-mail. United States v. Warshak, 631 F.3d 266, 288 (6th Cir. 2010).

Individuals are increasingly storing their private information (correspondence, names and contact information of associates, e-mails, videos, health records, financial information, and photographs) online in applications and storage devices rented from companies – the offsite storage platforms are generically referred to as the cloud. Meanwhile, many of the foregoing private content may also or alternatively be stored directly on the user’s own device.

Accordingly, as we identify new technologies, data stored in the cloud, and other adaptations of the traditional “papers” identified in the Fourth Amendment, we must evaluate privacy by paralleling the new information to traditional protections then identifying the expectation of privacy by the person and society in general.

Courts have and should recognize a greater need for protection of the electronic device, because of the high expectation of privacy in the device, locked behind a password or biometric security, which provides the gateway into a device with banking, passwords, private communications, thoughts, photographs, and location history.

While Fourth Amendment proponents identify those passwords as the digital equivalent of a locked door, opponents propose a concept called virtual opacity likening the digital realm to a having only a sheer protecting such digital data.

1.00. Preserve your objections as we await the Supreme Court’s ruling on mobile phone locations.

This year, the U.S. Supreme Court will rule on Carpenter v. U.S., answering the questions of whether and when a probable cause warrant is required to access an individuals mobile phone location history, and this author anticipates we may see an outline of a new rubric for searches touching upon whether an individual may entrust his privacy in the hands of a third party.

The underlying ruling in Carpenter by the Sixth Circuit Court of Appeals stated individuals did not have such a reasonable expectation of privacy in their mobile phone location history and it would for Congress to proscribe such protection, if they so desired. (Notably, between 2005 and 2012, the Sixth Circuit was the most reversed circuit court of appeals, reversed in 31 out of 38 cases. See Walsh, Mark, “A Sixth Sense: 6th circuit has Surpassed 9th as the Most Reversed Appeals Court”, ABA Journal, December, 2012.

The Court’s decision in Carpenter will likely give guidance as to how future cases are handled with respect to cloud storage and search warrants, and it will likely influence the safety of attorney-client information being stored in these locations, as well.

2.00. Anticipate more traditional concepts being extended to cover new technology.

The Fourth Amendment protects all areas to which a person has a reasonable expectation of privacy. Katz v. United States, 389 U.S. 347 (1967). Further, electronic as well as physical intrusions into a private place may constitute a violation. Id.

Privacy exists where (1) the individual has exhibited an actual (subjective) expectation of privacy, and (2) society is prepared to recognize that this expectation is (objectively) reasonable. Smith v. Maryland, 442 U.S. 735 (1979).

As the U.S. Supreme Court looks to consider the rental of digital real estate for the storage of information behind passwords, it’s reasonable they will provide extension of the traditional privacy protections of a rental of a hotel room for the storage of one’s papers. See Hoffa v. United States, 385 U.S. 293, 301 (1966) (4th Amendment applies to hotel rooms); United States v. Domemenech, 623 F.3d 325, 330 (6th Cir. 2011) (privacy recognized even if hotel is reserved under an alias).

2.01. Cell Phones.

Police must obtain a search warrant prior to searching data stored in a cell phone seized incident to a lawful arrest, unless the search is necessary for an officer’s safety or due to exigent circumstances. State of Ohio v. Smith, 124 Ohio St.3d 163, 2009-Ohio-6426. The United States Supreme Court agrees. Riley v. California, 134 S. Ct. 2473 (2014).

Interestingly, in Smith, the Ohio Supreme Court distinguished cell phones from the traditional concepts of closed containers, recognizing a much higher expectation of privacy in the contents of their cell phone. Id. The next step will be to see whether the data on the phone is more easily accessed through a third-party, because the information on the phone is stored with the service provider. Consider looking for GPS location of a vehicle, if officers are unable to attach a device to a vehicle and or search the phone’s content for history, can the GPS information simply be obtained from a provider.

It seems the holdings that will come in the future will parse into two categories information from third-party vendors (a) the transactional business records of the service provider with their customer, and (b) the customer’s private data which the service provider is renting space to the customer to store.

2.02. GPS vehicle tracking devices.

Police must obtain a search warrant prior to placing a GPS tracking device on a vehicle, because such monitoring of the vehicle constitutes a search. United States v. Jones, 565 U.S. 400 (2012). Admittedly, the Jones Court’s opinion seems to have left room for a case wherein the device it attached for a shorter period of time, likely looking to analogize the tracking to merely following the vehicle.

2.03. E-mails.

As stated above, the Fourth Amendment protects the content of the modern day letter, the e-mail. United States v. Warshak, 631 F.3d 266, 288 (6th Cir. 2010). However, the internet analogue of the envelope markings, the metadata, has not been protected, yet.

3.00. Client Advice.

Just as you would advise your clients to embrace their right to remain silent, you should advise your clients as to their right to protect their privacy.

3.01. Lock your devices.

Encourage clients to have a pass code for entry into their cell phone or other device. While such a lock is not axiomatic of privacy, if your client engages such protection, it will bolster and assist in making analogous arguments as to the expectation of privacy behind a locked door. Further, this will assist in protecting against claims of voluntary abandonment where the device is not seized from the person but found after being lost, mislaid, or abandoned. See State of Ohio v. Moten, 2012-Ohio-6046 (search warrant unnecessary in spite of Smith’s holding, because phone was abandoned not seized).

3.02. Maintain local storage.

Where the option is available, encourage your clients to maintain storage on a locked device. If that device can be maintained unattached to the internet, all the better to maintain privacy from governmental intrusion.

3.03. Turn-off location sharing.

Encourage your clients to turn off their location sharing. Many cell phones will ask if you want to turn-off or turn-on location sharing, meanwhile encouraging sharing under the guise of an emergency 911 service; however, these default settings may provide a dangerous foothold for the government to claim there was no subjective expectation of privacy.

3.04. Read User Agreements.

While it is unlikely your clients are going to start reading all the user agreements for their cloud storage, we may have to sooner than later. Consider the fact IT companies may provide in their standard user agreement of their taking ownership of data stored on their devices. Based upon the above predictions, avoiding such companies may become a practical consideration.

What Sets Our Team Apart?

Serving Ohioans for Over 35 Years Full-Service Law Firm Free Criminal & Personal Injury Case Consultations Proven Strategies that Lead to Successful Results

The information on this website is for general information purposes only. Nothing on this site should be taken as legal advice for any individual case or situation. This information is not intended to create, and receipt or viewing does not constitute, an attorney-client relationship.

© 2020 All Rights Reserved.