Posted by: Sharon Fisher
backup, cloud storage, data storage, government
What is storage?
“The privacy group is filing an amicus brief asking the high court to accept an email privacy case from South Carolina that’s exacerbated confusion over what courts consider electronic storage,” writes the political journalism site Politico. “In the filing, submitted on behalf of nearly 20 privacy advocates, EPIC tells the Supreme Court that email privacy rules and definitions have become increasingly unclear, thanks to the rise of cloud computing, and Congress has yet to step in to fill the gap.”
The whole issue of what “storage” is became an issue last fall, when a South Carolina Supreme Court ruled that, under the Stored Communications Act (SCA), email in a Yahoo! account should not be considered protected from unauthorized access because email sitting in the cloud was not “stored” the same way as it would be sitting on one’s own computer — which was protected.
This means that was also true for anyone who uses a cloud-based email system — not just Yahoo, but also Gmail and a plethora of other systems. Not to mention some components of the federal government itself that have moved to cloud-based email, EPIC notes in its brief.
The original case was a domestic dispute — a husband was cheating on his wife, and the wife’s daughter-in-law figured out the husband’s e-mail password and logged in to his personal account to read the e-mails between the husband and his paramour, wrote Orin Kerr in The Volokh Conspiracy legal blog. ”The daughter-in-law found the e-mails and shared them. The husband filed suit under several laws including the Stored Communications Act, 18 U.S.C. 2701, which only allows a civil suit if the e-mails accessed were in “electronic storage.””
The Supreme Court may get involved because this decision conflicts with a similar case by the Ninth Circuit Court in 2004, wrote Andrew Hoffman at the Information Law Group blog.
“The Jennings opinion establishes a split with the Ninth Circuit’s opinion in Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004), which found that emails that had been received, read, and left on the server were stored “for purposes of backup protection” and therefore within the ambit of the SCA,” Hoffman wrote.
This is a problem because it’s not good for different courts to have different ideas of what does and doesn’t constitute a legal issue, Hoffman wrote. “Thus, until the split of authority is resolved, the same conduct will disparately subject some individuals to civil liability, depending on the interpretation of the SCA applied by the court. Such disparate interpretations could create an incentive for forum shopping and pose conflict of law questions, when multiple states (and even nations) could be involved in an email hacking case. Such disparate interpretations may also pose problems for employers investigating suspected employee misconduct involving webmail.”
Just to show how confused the South Carolina court was, its judges couldn’t even agree on why the email wasn’t stored, but instead had three different opinions, Kerr wrote.
Aside from the issue of protection, the issue of defining what storage is is important because it is the primary difference between the Stored Communications Act — the law under which the original suit was filed — and the Electronic Communications Privacy Act, according to EPIC.
A related question is “What is a backup?” because some of the legal arguments also hinged on whether the email retrieved from the account was the “only copy” or a backup — a question that is kind of irrelevant in cloud storage, which may feature multiple replicated copies of data, EPIC writes.
“A wealth of personal and private messages are now stored remotely in the cloud, and their protection depends on the interpretation of ‘electronic storage’ under ECPA,” EPIC writes.