A Global Reality:Governmental Access to Data in the Cloud

Governmental authorities are able to reach data stored onthe servers of a Cloud service provider over whom they donot have jurisdiction through an
MLAT
with a foreign nation where the Cloud service provider is based. For example, the United States and member states in theEuropean Union have entered into bilateral MLATs thatallow governmental authorities on both sides of the Atlantic to request access to data stored on the servers of a Cloud service provider physically located in or subject to the jurisdiction of the foreign nation.Pursuant to an agreement governing MLATs between theU.S. and EU member states, a request for data shall only bed enied on data protection grounds in “exceptional cases.”That is, most MLAT requests for data will be honored bythe recipient party. Currently, Article 13(3) of Framework Decision 2008/977/JHA of the Council of the European Union allows transfers of personal data for law enforcement purposes even to countries whose privacy regimes have not been found “adequate” by the EU where there are “appropriate safeguards.” The phrase“appropriate safeguards” is widely interpreted to include international agreements such as MLATs.Other treaties, such as the multilateral Council of Europe Convention on Cybercrime, as well as informal relationships between law enforcement agencies, also allowfor governmental access to data in the “possession, custody,or control” of Cloud service providers over whom there questing country does not otherwise have jurisdiction.The existence of these treaty relationships diminishes any perceived advantage of placing data with a Cloud   in a jurisdiction believed to permit less governmental access than other jurisdictions covered by the treaties. For all practical purposes, the laws permitting governmental access by the requesting country have their reach extended through operation of the treaties.
2. UNITED STATES
Any discussion of U.S. government access to data in theCloud needs to begin with the Patriot Act,  , but erroneously, is believed to have created invasive new mechanisms for the United States government to get information. The reality is that most of   methods in the Patriot Act were   before it was enacted. And those investigative toolshad, and still have, limitations imposed by the United States Constitution and by statute. It is more accurate to say that the Patriot Act did not create broad new investigatory powers but, rather, expanded existing investigative methods, and retained Constitutional and s tatutory checks on abuse.Even with the Patriot Act, it is generally the case in the United States that the more substantive the data sought by the government, the greater the government’s burden of demonstrating a strong legal justification to obtain thatdata. That is, there are greater restrictions on accessing thecontents of electronic files and communications (“content data”) than for other information associated with those files such as the file owner’s contact information and server log information (“non-content data”).In most circumstances, governmental access to data stored by a Cloud service provider is regulated under the Electronic Communications Privacy Act (“ECPA”). Underthe ECPA, if a government body seeks disclosure of customer data from a Cloud service provider, it can only do so if a judge issues a
search warrant
or special
ECPA court order
, or if the government issues a valid
subpoena
to the provider.

A judge can issue a search warrant for Cloud data onlyif the government demonstrates that there exists
probable cause
– that is, reason to believe that acrime has been committed and that evidence of thecrime would be found in the Cloud data sought. Asearch warrant is the
only
method under the ECPA through which the government may obtain the
contents
of stored online communications facilitated by a Cloud service provider (as opposed to other types of electronic files) that are 180 days old or less.

A judge can issue an ECPA court order for Cloud data only if the government demonstrates that there exist
reasonable grounds to believe
that the data sought are relevant and material to an ongoing investigation.

Prosecutors and other government investigators may issue subpoenas requesting Cloud data directly to Cloud service providers if the data are relevant to theinvestigation.
If the government requests customer content data from a Cloud service provider through an ECPA court orde ror a subpoena, the government generally must notify the customer before obtaining the requested data from the provider. This allows the customer to challenge the governmental request.
However, no prior notice is required to customers when the government requests (i)non-content data or (ii) content data via a search warrant,although customers can challenge the validity of search warrants in court after the data are produced. In addition,in situations where the ECPA requires notice to a Cloud customer, the notice may be delayed in certain limited situations, such as when notice would endanger a person’s safety or compromise the investigation

Advertisements

About irmedeaca


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Well Balanced Blog

Take Control of Your Own Health!

Έγκλημα και Τιμωρία/Crime and Punishment/Crime et Châtiment/Delitto e castigo/Преступление и наказание

CRIME DOES NOT PAY... PLUS, THE BUTLER DID IT! AND REMEMBER: WHAT DOESN'T KILL YOU, WILL -MOST LIKELY- TRY AGAIN... AND DON'T FORGET: TODAY IS A GOOD DAY FOR SOMEONE ELSE TO DIE.

BanTheBBC Blog

A constant reminder that life would be so much better without the BBC's TV Licence Gestapo

Healthy At Any Age

Welcome to June Rousso's Blog !

iGlinavos

Thoughts of a recovering leftist

Scottish Gaelic

Word a Day

NEO INKA - ΣΕ ΠΡΟΣΤΑΤΕΥΕΙ, ΔΥΝΑΜΩΣΕ ΤΟ!!!

ΓΙΝΕ Ο ΕΠΟΜΕΝΟΣ ΚΡΙΚΟΣ ΣΤΟ ΔΙΚΤΥΟ.

Talk of the Tail

"Tails" from pets searching for their forever home.

ultimatemindsettoday

A great WordPress.com site

Are You Finished Yet?

Alea Jacta Est

Watts Up With That?

The world's most viewed site on global warming and climate change

Levi Quackenboss

Putting the boss in quack.

I shouldn't have left Wonderland

Ir's diary of deficient years

KXAN.com

Austin News & Weather - Austin Texas, Round Rock, TX

Unstrange Mind

Remapping My World

psychinfo.gr

ΛΙΝΑ ΨΟΥΝΗ • psouni@gmail.com • www.psychinfo.gr

Wee Ginger Dug

Biting the hand of Project Fear

QuitTrain®

Quit Smoking & Take Your Freedom Back!

%d bloggers like this: