There’s no denying the convenience of Dropbox, iCloud, and other various public cloud services. However, according to the law, any electronic communications data stored online becomes accessible to the government after 180 days; without demonstrating probable cause of a crime or obtaining a warrant.
The Electronic Communications Privacy Act of 1986
The Electronic Communications Privacy Act of 1986 was enacted by the U.S. congress to extend government restrictions on wire taps, from telephone calls to electronic data transmissions. The ‘electronic communication’ refers to any transfer of signals, signs, writing, images, sounds, data, or intelligence of any type transmitted by a radio, wire, electromagnetic, photoelectronic, or photooptical system.
In the U.S., email messages and electronic communications lose their status as a ‘protected communication’ after 180 days, thus becoming another database record. After 180 days, a government agency only requires a subpoena, instead of a warrant, to access electronic communications from a provider. In addition, government agencies aren’t required to demonstrate probable cause of a crime.
What Does This Mean For Dropbox?
Dropbox, like any company, is subject to the law; which means it must turn over your files and customer data to the police if they’ve asked for it. On the Dropbox privacy section of its website, the company explains the following on compliance with laws and law enforcement requests:
“We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.”
Public Cloud Services
Under the electronic communications privacy act, law enforcement authorities are able to obtain access to data stored with a cloud provider as well. Again, the only requirement is a subpoena, rather than the warrant they would need to obtain those same communications stored locally on a personal computer.
There’s a few implications for those who use cloud based email services such as Gmail, because as soon as a message is opened by a recipient, it loses the protection of being in “transmission.” The government can access your emails without a warrant or probable cause of a crime, as long as the messages or attachments are over 180 days old.
In the age of online services such as Dropbox, Gmail and Facebook; the assumption of consumer privacy is outdated and dangerous. However, Sen. Patrick Leahy has proposed an email protection measure, Leahy’s amendment.
The Leahy amendment strives to eliminate the “180 day rule” for the contents of electronic communications or stored files. If the amendment passes, law authorities would be required to obtain a search warrant if there is evidence of wrongdoing, prior to receiving the contents of your communications or files from a service provider.
In other words, your electronic communications or files would have the same protection as files stored in your home. Patrick Leahy, one of the authors of the bill, explained that the legislation is absolutely necessary to “better protect Americans’ digital privacy” and provide security for materials that reside in the cloud.
For now, organizations and individuals alike must make sure that all content residing in the cloud or within email transfers is legal, and they won’t experience any problems with the electronic communications privacy act, other than the lack of privacy.