Can California Lead on Privacy in Cloud Computing?

Cloud-Computingby Anupam Chander

My parents grew up in a pen and paper world, where most of their writings and records were kept at home, in their offices, or with close confidantes. I grew up in a world of computers, but even my writings were mostly kept at home on hard drives and floppy disks (for today’s students, many of whom have never seen a floppy disk, a history of the floppy disk). My first writings were kept, astonishingly, on a cassette recorder, which stored what I typed on my TRS-80, a computer made by Radio Shack. That computer had a total memory of 16K, roughly 16,000 characters (not even words) of text.

My children are growing up in the cloud, where their writings and their records are being stored in remote computers. Because those computers are managed by Dropbox, Google, Microsoft, and their peers, their writings are far more secure than I ever managed when I stored my files on a floppy or a hard drive, both of which failed with remarkable regularity and maximally devastating timing.

But even if our kids never know the pain of losing a week’s work to faulty computing or an accidental deletion, they face a world where their writings are far more subject to government scrutiny than mine ever were. Not only are their writings subject to government searches, but also their whereabouts, through the tracking of smartphones. This is because while the Fourth Amendment clearly protects homes from searches and seizures without a warrant, it is not so clear that it protects writings and the records about us stored on a remote computer.

Do our children deserve less protection from government snooping because they are relying on cloud services? Right now, the law says that if the government wants to read what’s on my home computer, it has to get a warrant to do so. But if the government wants to read what our kids are storing privately online, they may not. (For a more detailed account of when the government can access information online without a warrant, see this ProPublica summary, updated as of June 2014, but not including Riley v. California, described below.)

Others in this symposium will discuss the reforms we need at the national level for this and related problems, including the LEADS Act, introduced by Senators Orrin Hatch, Dean Heller, and Chris Coons. I will focus my contribution on what we in California can do at home. The California legislature is currently considering a bill called the “California’s Electronic Communications Privacy Act (CalECPA).” In the words of the Electronic Frontier Foundation, CalECPA would require state law enforcement “to get a warrant before they can access electronic information about who we are, where we go, who we know, and what we do.” The California bill would apply only to California state officials. Thus, even if CalECPA passes, we will still need reform at the national level.

Some will worry that a warrant requirement will stop police from accessing a cellphone or an email in an emergency. But the bill provides exceptions for emergencies, allowing police to access information without a warrant if they believe that “an emergency involving danger of death or serious physical injury to any person requires access.”

Others will argue that we should trust the police to gather whatever information they need from whatever source they want. Our founding fathers may not have anticipated the Internet, but they knew all too well the potential for the government to abuse citizens through warrantless searches. Indeed, the Bill of Rights sought to enshrine this freedom in the Constitution. Recently, the United States Supreme Court ruled that a police officer must have a warrant to search the cellphone of a person subject to arrest. In that case, Riley v. California, Chief Justice John Roberts explained that “Modern cell phones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans ‘the privacies of life.’”

California’s concern with how technology might allow the invasion of privacy extends back at least to 1862, when the introduction of the telegraph caused worries about telegraph operators divulging messages. The Assembly accordingly passed “An Act for the Regulation of the Telegraph and to Secure Secrecy and Fidelity in the Transmission of Telegraphic Messages.” (I should note that I prefer the quaint and expressive legislative titles of the 19th century to the Orwellian and forced acronym-words of the 21st, such as the USA PATRIOT Act and the USA FREEDOM Act.) In 1905, in the face of yet a new communications technology, California extended its telegraph interception prohibition to the telephone.

California has led in cyber law before. It passed a security breach notification statute in 2002, requiring companies to notify Californians when their unencrypted data has been disclosed.

Support for this reform has been bipartisan. CalECPA is authored by Senator Mark Leno (D-San Francisco) and Senator Joel Anderson (R-Alpine). CalECPA has the support of a broad array of groups, from civil liberties groups such as the American Civil Liberties Union and the Electronic Frontier Foundation, to California-based technology companies like Apple, Facebook, Google and Twitter. On June 3, 2015, CalECPA passed out of the California Senate unanimously, 39 to 0. This week, the California state associations of police chiefs, state sheriffs, and district attorneys all withdrew their earlier opposition to the bill.

Cal-ECPA will be discussed next week on the floor of the California State Assembly. Given that the people of the world increasingly entrust the privacies of life to California companies, Californians should lead in protecting privacy.

A graduate of Harvard College and Yale Law School, Anupam Chander is the author of The Electronic Silk Road (Yale University Press)–http://www.amazon.com/The-Electronic-Silk-Road-Together/dp/0300154593and a law professor at UC Davis School of Law. This piece was originally published by the American Constitution Society.

Author

Categories:

Breaking News Civil Rights State of California

Tags:

3 comments

  1. Does this cover the Cell tower units Law Enforcement has been “borrowing” to intercept our wireless phones?  Who is exempt from this?

    As in Leno’s constant drumbeat of legislation he proposes, the anti gun phrases come into this one too. If you are picked up for anything, the gendarmes can seize everything electronic and search it?

    When I worked High Tech Crimes in the wayback, the drives we searched were very specific on the data that could even be opened. If they are searching for a gun, why would a cell phone be a target of the search? Not so much sense if the fine print is raised… If they arrest you for anything, your computer gets seized and searched, and every phone company and computer company has to turn records. Am I reading this correctly?

    Good luck with this one.

  2. Very interesting commentary. It sounds like this legislation is a good start, but the effort to roll back government abuse of power will need to go much further before anyone can rest easy or relax vigilance.

    History demonstrates that all governments (including the U.S. government) expand their power at every opportunity and seldom give back ground taken to “protect the people.” For interesting and fact-based analysis of this perversion of the legitimate purpose of government, see the work of Prof. Robert Higgs (Stanford, Oxford, etc.), author of “Crisis and Leviathan” more than 25 years ago. The phenomenon he described has turned out to be a continuous process, not merely a temporary aberration.

    A majority of Californians seem to endorse big (and growing) government power. Perhaps there is hope for humanity if this legislation represents a rational deviation from that trend.

Leave a Comment