×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Fourth Amendment and the Cloud

kdawson posted more than 4 years ago | from the reasonable-expectation dept.

The Courts 174

CNET has up a blog post examining the question: does the Fourth Amendment apply to data stored in the Cloud? The US constitutional amendment forbidding unreasonable searches and seizures is well settled in regard to the physical world, but its application to electronic communications and computing lags behind. The post's argument outlines a law review article (PDF) from a University of Minnesota law student, David A. Couillard. "Hypothetically, if a briefcase is locked with a combination lock, the government could attempt to guess the combination until the briefcase unlocked; but because the briefcase is opaque, there is still a reasonable expectation of privacy in the unlocked container. In the context of virtual containers in the cloud...encryption is not simply a virtual lock and key; it is virtual opacity. ... [T]he service provider has a copy of the keys to a user's cloud 'storage unit,' much like a landlord or storage locker owner has keys to a tenant's space, a bank has the keys to a safe deposit box, and a postal carrier has the keys to a mailbox. Yet that does not give law enforcement the authority to use those third parties as a means to enter a private space. The same rationale should apply to the cloud." We might wish that the courts interpreted Fourth Amendment rights in this way, but so far they have not.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

174 comments

US Border Laptop Searches (4, Insightful)

naz404 (1282810) | more than 4 years ago | (#30818300)

Shouldn't the same privacy logic apply even more to your laptops and personal electronic devices when you're entering U.S. borders? Having these people search your hard drive is an invasion of privacy.

Re:US Border Laptop Searches (4, Insightful)

FinchWorld (845331) | more than 4 years ago | (#30818316)

The US is getting to the point were one should just ask "Does the Fourth Amendment apply anywhere now?".

Re:US Border Laptop Searches (4, Insightful)

MrNaz (730548) | more than 4 years ago | (#30818528)

I see your point and raise you a generalization; The US is getting to the point where one should just ask "do any of the amendments apply now?".

Re:US Border Laptop Searches (1)

Dragonslicer (991472) | more than 4 years ago | (#30819754)

I see your point and raise you a generalization; The US is getting to the point where one should just ask "do any of the amendments apply now?".

I haven't been forced to house soldiers yet, so we've still got one.

Re:US Border Laptop Searches (0, Troll)

mcgrew (92797) | more than 4 years ago | (#30818854)

It doesn't apply in my garage or in my car. [slashdot.org] In fact, none of the bill of rights has any meaning left. [kuro5hin.org]

Re:US Border Laptop Searches (1)

dkleinsc (563838) | more than 4 years ago | (#30819400)

none of the bill of rights has any meaning left

Not true. The US government will not quarter troops in your home without your consent. In addition, jury trials are still available for federal lawsuits.

Re:US Border Laptop Searches (0)

Anonymous Coward | more than 4 years ago | (#30819704)

The first has not been tested recently. The second is dependent on whether the government raises the State Secrets defense.

Constitution-Free Zone (0)

Anonymous Coward | more than 4 years ago | (#30819394)

If, like nearly 2/3 of the US population, you live within 100 miles of an international border or coastline -- the Constitution is a dead letter:

http://www.aclu.org/national-security_technology-and-liberty/are-you-living-constitution-free-zone

Re:US Border Laptop Searches (0)

Anonymous Coward | more than 4 years ago | (#30819466)

Nope!

I can recite a bunch of "Founding Father" quotes but nobody is listening. It appears to be a downward spiral where economic hard times and terrorism are causing our citizens to sell each other out over anything they can get away with . Privacy just means that you're not loyal.

What about Scarlet Letter laws? You deserve to harass and humiliate ex-cons, dui offenders and bad parents, right?

What's YOUR flavor of the day? Are you "entitled"?

Family man?
Minority?
Female?
Gay?
Jobs-creating small businessman?

The next crash is right around the corner. We can't get there fast enough.

Re:US Border Laptop Searches (4, Insightful)

Calinous (985536) | more than 4 years ago | (#30818332)

When you are a foreign citizen, searching laptops, personal electronic devices and so on is just a prerequisite for entering the country (if you don't want your laptops to be searched, you are free to leave, but if you want to enter we need to search your laptop).
      I don't know how this can be related to US citizens (as a country should not be/is not allowed to refuse entry to its citizens)

Remember that searching personal effects is rarely done, but entirely normal in border posts

Re:US Border Laptop Searches (2, Insightful)

Tim C (15259) | more than 4 years ago | (#30818352)

if you don't want your laptops to be searched, you are free to leave, but if you want to enter we need to search your laptop

Need? Want I can see, and I appreciate that submitting to the search is a condition of being granted entry, but I really don't see where the need comes from.

I don't know how this can be related to US citizens (as a country should not be/is not allowed to refuse entry to its citizens)

So they can't refuse you entry; surely (assuming the law permits it) they can have you arrested and possibly charged for failing to comply?

Re:US Border Laptop Searches (1)

morgan_greywolf (835522) | more than 4 years ago | (#30819382)

Need? Want I can see, and I appreciate that submitting to the search is a condition of being granted entry, but I really don't see where the need comes from.

It's all in the interests of national security, and not necessarily to only stop terrorists as the Department of Homeland Security purports. Just as they search your luggage for physical weapons, they're searching laptops for virtual weapons.

So they can't refuse you entry; (assuming the law permits it) they can have you arrested and possibly charged for failing to comply?

Border security is also about smuggling illegal items into the country. For instance, there are plenty of U.S. citizens who would cross the border hoping to smuggle in drugs, weapons and other illegal contraband. These laws apply to laptops as well.

Re:US Border Laptop Searches (4, Insightful)

L4t3r4lu5 (1216702) | more than 4 years ago | (#30818434)

They don't need to search my laptop at all. No picture, document, executable, or video on my laptop is a risk to the aircraft or any person on that aircraft.

The legality of the contents of the laptop can be contested if I am arrested within the US and the laptop seized as evidence. Until that point, that laptop is a sealed envelope; X-ray and perform a cursory physical examination all you like to ensure that it is a laptop computer, but like the documents inside the envelope, the content of the disk is not subject to being examined or duplicated.

Re:US Border Laptop Searches (1, Troll)

L4t3r4lu5 (1216702) | more than 4 years ago | (#30818538)

Oh, crap, this is investigation at the US border after the flight, so it's nothing to do with bombing planes.

Sorry, I went off on a tangent. This is about finding out if you're a communist. Business as usual, then.

Re:US Border Laptop Searches (0, Troll)

L4t3r4lu5 (1216702) | more than 4 years ago | (#30819274)

Ha, I've been modded Troll after commenting on the pertinence of my own post!

Sweet Jeebus, /. sort out some better criteria for who you give mod points too. The current method seems to hand them to idiots with the reading comprehension of a limp lettuce leaf.

Re:US Border Laptop Searches (3, Interesting)

MrNaz (730548) | more than 4 years ago | (#30818546)

Hmm... perhaps you could just put your laptop in an envelope. I wonder if that would work.

Re:US Border Laptop Searches (1)

Kjella (173770) | more than 4 years ago | (#30819634)

Try applying that to say, driving across the border where you're no more a hazard than anywhere else on the road. Right or wrong, countries have asserted the right to search anyone and anything on the border before letting them into the country.

Re:US Border Laptop Searches (1)

catmistake (814204) | more than 4 years ago | (#30819002)

I don't know how this can be related to US citizens

You don't say it explicitly, but I get the feeling that you believe the Bill of Rights and the other rights enumerated in the US Constitution only applies to US Citizens. If so, I urge you and others that believe this to take a closer look at the document. The Founders were extrememly careful and deliberate. If it were the case surely the Preamble would begin "We the citizens...." It does not.

Re:US Border Laptop Searches (1)

MattSausage (940218) | more than 4 years ago | (#30819532)

Whoa whoa whoa, interpreting what the founders "would have" put in the Constitution if they meant some certain thing is a ridiculous leap of logic. The argument can be made that people of the day and time felt more a 'citizen' of their state than the country as a whole. And the Constitution (well, the Bill of Rights) turns itself into knots in order to not restrict the powers of the states.

The Constitution was in many ways a communication to the world at large that if you attack New York State, the people of Pennsylvania and Georgia will join them in the fight, and vice versa. The suggestion that the Constitution was ratified with the intention that the rights applied to all PEOPLE living in the United States is simliarly discredited by the fact that from Day 1 after the ratification, the right delineated therein were only applied to while males. The majority of people living in the US at the time (women, children, slaves, prisoners) had no expectation of coverage by the Bill of Rights.

Effectively, you have no way of knowing what the framers "would have" said, and that argument smacks of the same assumptions as Born Again Christians (tm) who suggest there is no reference in the Constitution because the framers took their christian faith "as a given" since they were all such moral, strict Christians.

Re:US Border Laptop Searches (4, Informative)

eln (21727) | more than 4 years ago | (#30819052)

The Fourth Amendment has long been held to apply to all people under US jurisdiction, whether citizens or not. However, as stated by another reply to your post, the Supreme Court has ruled, rightly or wrongly, that it does not apply to border searches. So, by current law, the government is within its rights to search you at the border regardless of your citizenship status.

It's a fallacy to state that the rights outlined in the Constitution (particularly the Bill of Rights) are granted only to citizens. The Constitution makes distinctions between "citizens" and "persons" all over the place. When the Constitution refers to "persons" or "people" (as it does in the fourth amendment), it is referring to ALL people, citizen or not. The founders believed in the concept of inalienable rights, which are rights granted to all people (or at least all white males in their day) by their Creator. The purpose of enumerating some of the more important of those rights in the Constitution was not to grant them, but to prevent the government from infringing on them.

How much the government has infringed on them anyway is, of course, a matter of much debate.

Re:US Border Laptop Searches (3, Informative)

dollargonzo (519030) | more than 4 years ago | (#30819152)

I think an easier way to look at it is that it applies to the government, in that the articles place restrictions on what agents of the government can and cannot it. e.g.:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated"

...by the government

Re:US Border Laptop Searches (1)

locallyunscene (1000523) | more than 4 years ago | (#30819224)

The Fourth Amendment has long been held to apply to all people under US jurisdiction, whether citizens or not. However, as stated by another reply to your post, the Supreme Court has ruled, rightly or wrongly, that it does not apply to border searches. So, by current law, the government is within its rights to search you at the border regardless of your citizenship status. It's a fallacy to state that the rights outlined in the Constitution (particularly the Bill of Rights) are granted only to citizens. The Constitution makes distinctions between "citizens" and "persons" all over the place. When the Constitution refers to "persons" or "people" (as it does in the fourth amendment), it is referring to ALL people, citizen or not. The founders believed in the concept of inalienable rights, which are rights granted to all people (or at least all white males in their day) by their Creator. The purpose of enumerating some of the more important of those rights in the Constitution was not to grant them, but to prevent the government from infringing on them.

Isn't it amazing that 218 years later even "activist judges" would consider the constitution a radical document with respect to "inalienable rights"? I fear that reflects more on the current society than on the wisdom of the founding fathers.

Re:US Border Laptop Searches (4, Insightful)

Attila Dimedici (1036002) | more than 4 years ago | (#30818384)

Shouldn't the same privacy logic apply even more to your laptops and personal electronic devices when you're entering U.S. borders? Having these people search your hard drive is an invasion of privacy.

The logic has never applied when entering U.S. borders (or any other country for that matter). Searches that would be disallowed within the country have been ruled by the Supreme Court as allowed since the founding of the country. The people who wrote the Fourth Amendment did not question such border searches, which makes it hard to argue today that the Fourth Amendment was intended to apply.

Re:US Border Laptop Searches (0, Flamebait)

maxume (22995) | more than 4 years ago | (#30818852)

What does their intent matter?

The only thing that gives the Constitution any power at all is our collective acceptance of it.

For instance, the founders also intended that only landowning men could vote and that humans could be property (perhaps not universally, but they did all sign that document).

Re:US Border Laptop Searches (0)

Anonymous Coward | more than 4 years ago | (#30819172)

You don't get to just change what the Constitution says. There's a process for amending it.

Your two examples are fallacious. Article I section 4 leaves the rules for voting up to the states, and gives Congress the power to overrule them.
And Amendment 13 had to be passed to abolish slavery.

Sure, theoretically we could put together a new Constitutional Convention and draft a new constitution from scratch. Barring that, we have to work within what it says, including to change what it says.

Re:US Border Laptop Searches (1)

maxume (22995) | more than 4 years ago | (#30819250)

I'm not suggesting that it can simply be ignored, I am suggesting it is valuable because of the ideas that it contains, not because it happens to exist.

(Look at it this way: Is it a bigger deal that the government is trampling all over "The Constitution", or is it a bigger deal that the government is trampling all over "human rights"; I go with the latter.)

Re:US Border Laptop Searches (1)

MattSausage (940218) | more than 4 years ago | (#30819698)

Surprisingly enough, even to myself, I go with the former. The term "human rights" is ambiguous (is Internet access a human right? Is access to any form of media or news? Some say yes, others say no) The Constitution is the closest guide we have to a literal, physical reference to define human rights, and as such is at least equal in value to the rights themselves in my estimation. Others might say the same of the bible, and I would shudder at the thought. Perhaps I am incredibly stupid, but I believe a document which lays out, in amendable form, the philosophy of a country (and by extension, that country's view towards the world) as voted upon and ratified by the citizens of that country is just as valuable as "human rights" and in some ways, moreso.

Re:US Border Laptop Searches (1)

maxume (22995) | more than 4 years ago | (#30819768)

The constitution doesn't actually list any human rights anywhere, it lists a bunch of things that the government it authorizes is not supposed to do.

And the Constitution was not voted on or ratified by any living person. It is all inertia at this point.

Re:US Border Laptop Searches (1)

TheCarp (96830) | more than 4 years ago | (#30819430)

Speak for yourself.

I accept that it claims power for governing bodies who have men with guns. I am afraid of those thugs with their guns.

That is the entire extent to which I accept the constitution. I never signed it, I see no egitimate authority in it, or in the thugs with their guns, or the white haired old men who prattle about on topics that they know little about, who give them their orders.

-Steve

Re:US Border Laptop Searches (1)

maxume (22995) | more than 4 years ago | (#30819516)

'collective'. You can't argue with the fact that, as a whole, the American people accept the government that they have.

Re:US Border Laptop Searches (0)

Anonymous Coward | more than 4 years ago | (#30819840)

The people who wrote the Fourth Amendment did not question such border searches, which makes it hard to argue today that the Fourth Amendment was intended to apply.

Yeah, when Thomas Jefferson got on an airplane, he never complained about his laptop's hard disk being cloned!

Re:US Border Laptop Searches (1)

alen (225700) | more than 4 years ago | (#30818442)

being searched at any border crossing in almost any country is normal. if you want to enter a country you have to agree to a search if they ask. same applies in the free loving europe as well. when i was in the military and we would return to the US after a deployment, they would take every 10th person and tear apart their stuff looking for contraband.

Re:US Border Laptop Searches (0)

Anonymous Coward | more than 4 years ago | (#30818560)

The main reason the government is backing cloud computing is for this very reason. They want more warrantless searches. It's also why google is upset with Chinese. Google wants everyone to believe cloud computing is safe and secure, it's not.

Re:US Border Laptop Searches (1)

postbigbang (761081) | more than 4 years ago | (#30818718)

I don't think the two can be joined in the way your logic presents. The US uses the aegis of terrorism for many of its searches, and I'll use the example of vacuuming NAP points with filters, monitoring most all cell calls in the world, and using spy sattelites to look at naked people on beaches.

Google itself performs searches, ostensibly to the point of robot.txt, but I'm guessing it goes beyond that sometimes, it just doesn't produce public results to queries. Any spider/crawler app with sufficient muscle can digest websites in the same way Google, Bing, Yahoo, etc do. We let them.

Google got black-hat cracked. They're unhappy about that, and with good reason. But extending Google's cloud offerings to join it with the Chinese hacks is a stretch, IMHO. Cloud is, and always has been, just as secure as you make it. Depending on others for security in resources outside of your own protection boundary has always required great care, and always will.

Re:US Border Laptop Searches (1)

Registered Coward v2 (447531) | more than 4 years ago | (#30819294)

Shouldn't the same privacy logic apply even more to your laptops and personal electronic devices when you're entering U.S. borders? Having these people search your hard drive is an invasion of privacy.

Not really - at least not for US citizens, IMHO. Non-citizens are requesting to enter the country, a prerequisite to such permission is to search items being brought in. You should be able to refuse a search and leave on the next flight; entrance is a not a right. It's the same traveling to any country; you either meet their entrance requirements or don't enter.

Re:US Border Laptop Searches (1)

fredrik_haard (720279) | more than 4 years ago | (#30819650)

Shouldn't the same privacy logic apply even more to your laptops and personal electronic devices when you're entering U.S. borders? Having these people search your hard drive is an invasion of privacy.

What is it that they think this policy stops, anyway? If I wanted to import illegal electrons into the US, I'd just put them on a nice server right here in terrorist Europe, go to the US with a clean OS installation, and pull it encrypted over the intertubes.

Re:US Border Laptop Searches (1)

prezpwns (1343365) | more than 4 years ago | (#30819710)

Thanks to the 'Patriot Act' this is required by law. You can thank all the senators who did not read the entire bill before it had passed.

As they say in GNAA (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30818302)

You're all a bunch of faggots.
Cloud computing sucks.
Fuck amazon.

It's very simple (5, Insightful)

Shrike82 (1471633) | more than 4 years ago | (#30818320)

If you want your data to be safe,especially when you plan to store it online in this new-fangled cloud thing, then encrypt it. You can't trust a service provider to stand up to a government access order, and you can't rely on the security of a storage system that you didn't make yourself.

Be responsible for your own data privacy instead of relying on an ambiguous interpretation of an ammendment written before the days of digital data.

Re:It's very simple (0)

Anonymous Coward | more than 4 years ago | (#30818356)

Like cracking the encryption will take long. You are deluding yourself if you believe that.

Re:It's very simple (4, Insightful)

khallow (566160) | more than 4 years ago | (#30818480)

Like cracking the encryption will take long.

Using good encryption means the task is virtually impossible (even for someone like the NSA) unless they make a lucky guess or obtain the code key (via theft or subpoena).

Re:It's very simple (1)

GargamelSpaceman (992546) | more than 4 years ago | (#30819184)

Yes, good encryption can protect your data from brute force attacks, but ultimately, the government can stop you from encrypting your data at all with an act requiring data not be encrypted. The fourth ammendment protects your data from being snooped by the government more than any encryption because it would require passing a constitutional ammendment to overturn, or a series of court rulings that would set precedent for the 4th being interpreted extremely narrowly.

Of encryption and the 4th ammendment, the 4th ammendment is the strongest protection for your ability to keep your data private from the government.

Re:It's very simple (1)

sconeu (64226) | more than 4 years ago | (#30819912)

Banning encryption falls afoul of the First Amendment, and possibly the Second (depending on whether strong crypto is still considered a munition).

Re:It's very simple (0)

Anonymous Coward | more than 4 years ago | (#30818592)

Encryption is pointless if you want to keep your data from the police in the UK. We have to supply encryption keys if they ask.

Re:It's very simple (0)

Anonymous Coward | more than 4 years ago | (#30818638)

especially when you plan to store it online in this new-fangled cloud thing, then encrypt it. You can't trust a service provider to stand up to a government access order, and you can't rely on the security of a storage system that you didn't make yourself.

I recommend simply carrying a bootable GNU/Linux distribution on a USB thumbdrive and remotely access your data once inside the USofA. If the Border Patrol wants to image your USB thumbdrive just be certain no configuration information pointing back to your data is stored on the USB thumbdrive. In fact, use a memory-resident GNU/Linux distribution or one without a swap file partition enabled for added protection against backdoor search and seizure.

The long-standing authority of border agents to search incoming materials is permitted under the law regarding protection against contraband being smuggled into the country. Contraband has been defined very loosely by legislation and the courts. The hamburg in the Big Mac you ate immediately prior to arrival at the border is contraband yet rarely enforced for obvious reasons.

Jesus Fucking Christ (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30818324)

Seriously. Can we just save everybody the trouble and travel 5 years into the future when this whole cloud FAD runs its course? Maybe by then all the hype surrounding Twitter and Facebook will have died down a bit. And hopefully use of the word "blogosphere" will be punishable by death.

Security is NOT an issue with The Cloud. (5, Funny)

Anonymous Coward | more than 4 years ago | (#30818328)

Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.

The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.

And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.

My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.

Re:Security is NOT an issue with The Cloud. (5, Funny)

L4t3r4lu5 (1216702) | more than 4 years ago | (#30818512)

You'll want to upscale the downstream synergies of a Cloud Services 2.0 deployment to be an enabler of Top-Tier Blue-Sky processes to your Crowd-sourced resources. Otherwise you'll not be utilising the future-thinking operational motivators of time-shift market deployments, and that can seriously anti-creationalise your interstabularistic practicalularisation performocarbunkle cheesewozzles.

Re:Security is NOT an issue with The Cloud. (1)

2names (531755) | more than 4 years ago | (#30819024)

"Practicalularisation" is not a word, dumbass.

Re:Security is NOT an issue with The Cloud. (1)

L4t3r4lu5 (1216702) | more than 4 years ago | (#30819282)

I am anispeptic, frasmotic, even compunctuous to have caused you such pericombobulation.

Re:Security is NOT an issue with The Cloud. (1)

Daimanta (1140543) | more than 4 years ago | (#30819126)

"Otherwise you'll not be utilising the future-thinking operational motivators of time-shift market deployments, and that can seriously anti-creationalise your interstabularistic practicalularisation performocarbunkle cheesewozzles."

Won't someone please think of the cheesewozzles!

Hosting countries (5, Insightful)

Anonymous Coward | more than 4 years ago | (#30818338)

And if the data center is in another country, would the 4th Amendment apply there?

If so, how would you enforce it? Soldiers with machine guns show up, grab all of your data, crack the encryption, and take what they want. And you'll do exactly what?

The data is gone and seen, so you're screwed. And even if you have super duper one hundred billion bit encryption, your data center and data are gone. So, you have up to the second back-ups?

Other than cost, I see no upside to cloud computing.

Re:Hosting countries (0)

MrNaz (730548) | more than 4 years ago | (#30818582)

The upside to cloud computing is that clouds are in the sky. Other than that, there's not much.

Re:Hosting countries (1)

IBBoard (1128019) | more than 4 years ago | (#30818702)

Or any law on the Internet, for that matter. I'm in the UK but the servers I rent are in the US, so I'm aware that the American government may have no qualms at all about implementing their (stupid or otherwise) legislation on my site and it is reasonable enough, since that is where the server sits.

The problem comes if I had a server in the UK and they try the same thing - they'll sure as hell feel that they have a right to enforce their laws (because it is relevant to an American citizen, damnit) but if my nation doesn't have a DMCA law, I'm not in their nation and the server isn't in their nation then there is no way that any sensible implementation of cross-border justice should apply. Of course, "sensible" is the key stumbling block there.

I guess the 4th Amendment would still apply to info about US citizens on foreign servers being accessed by US authority (since the subject and the authority are American and not doing that would create one hell of a wonderful loophole for nations to target their own people by going outside their borders) but if it is a foreign server with foreign access then you're playing by foreign rules.

Re:Hosting countries (0)

Anonymous Coward | more than 4 years ago | (#30818724)

The upside is simple.

The general idea is that a service provider can provide a service to an end-user which is probably better (more secure, reliable, better redundancies, backups) than anything that end-user can do themselves, for lower cost.

It makes little sense if you already know how to do this stuff yourself. It does make sense if, for example, you're a smallish business with next to no technical expertise of your own, and a limited IT budget.

However, it only makes sense if you're paying for the service. If you aren't paying, there should be no expectation that the service won't disappear tomorrow, having first sold your data to someone else.

Re:Hosting countries (0)

Anonymous Coward | more than 4 years ago | (#30818774)

If you aren't paying, there should be no expectation that the service won't disappear tomorrow, having first sold your data to someone else.

That holds true even if you are paying for it. Companies go out of business and are bought and sold all the time.

Re:Hosting countries (0, Insightful)

Anonymous Coward | more than 4 years ago | (#30818804)

More to the point, as a Canadian I have to know that my data will NOT be stored in the states because of the weird (Mostly PATRIOT) laws there that make a mockery of any security provisions we might want.

Re:Hosting countries (1)

bschorr (1316501) | more than 4 years ago | (#30819896)

So you'd be happier if your data was stored in China, where there's a decent chance it's being actively monitored?

Re:Hosting countries (2, Interesting)

betterunixthanunix (980855) | more than 4 years ago | (#30818962)

"crack the encryption"

That is really nowhere near as easy as you make it sound, at least not with any modern cipher. Even the NSA, with the most vast computing resources in the entire world, would have a lot of difficulty cracking AES or Serpent, barring some completely novel attack that has eluded the crypto research community thus far.

If you want to break someone's crypto, you should not even think about attacking it directly. You should think about attacking the person, or at least planting recording devices in their home or on their computer, so that you can get the secret key. If a foreign government wanted to do this, they would have to either commit an act of war by attacking a US citizen on US soil, or wait until you enter their country and kidnap you (or if you bring your computer with you, plant a recording device or software).

Re:Hosting countries (1)

bschorr (1316501) | more than 4 years ago | (#30819860)

No, and that is exactly what I consider to be one of the biggest issues of the Cloud. The Terms of Service of many, if not most, Cloud Computing/SaaS providers explicitly allow them to outsource their storage (or either primary data or backups or both) to unnamed 3rd parties. Where are these mysterious 3rd parties located?

Like all businesses keeping costs down helps them keep profits up and since Cloud Computing IS largely sold as a low-cost solution (we can discuss price vs. cost later) we know that keeping costs low is imperative. As we know the Internet crosses International borders (most of them anyhow) effortlessly. Is there any reason to think that a Cloud/SaaS provider wouldn't gladly outsource their storage to a cut-rate data center in another country? Maybe even a country that isn't very friendly to the U.S.?

The 4th Amendment means nothing in Malaysia or China or Venezuela or ...you get the idea.

The Fourth Amendment became a quaint notion (3, Insightful)

Ellis D. Tripp (755736) | more than 4 years ago | (#30818382)

at the point when urine drug testing was mandated by the government for any company receiving government contracts. You know back in the days of Ronnie Raygun and the "Just Say No" crusades?

If you aren't secure against government searches OF YOUR OWN BODILY FLUIDS, do you really think that they will respect your right of privacy regarding some random 1s and 0s stored on a private corporation's computers somewhere?

I have no problem testing my pee (3, Funny)

L4t3r4lu5 (1216702) | more than 4 years ago | (#30818526)

They can scoop some out of the bowl when I'm done having my Morning Glory, if they're that bothered about how much I had to drink last night.

They can also just ask me. The answer is "If you haven't brought me some black coffee and dry toast in 5 minutes, I'm barfing on your shoes."

Re:The Fourth Amendment became a quaint notion (0)

Anonymous Coward | more than 4 years ago | (#30818536)

Except that you can choose not to submit to the drug testing, but you may not have a job after that. It is a pre-requisite of doing work for the government. Just like if a private employer has drug testing you can choose not to work for that employer. With your data it is a different story, you can choose not to use the cloud, but still the data itself is supposed to be secured, it's just like the government cannot just come into your house and start going through your filing cabinets. They should not be able to go through your virtual filing cabinet. On the other hand if you are not doing anything illegal do you have anything to worry about? Maybe not now but someday I might say yes. The way the US governement is heading both under Republican and Democrat leadership I worry that someday the first amendment isn't going to amount to a hill of beans. Ever read 1984?

4th Amendment and progress (1)

ElitistWhiner (79961) | more than 4 years ago | (#30818516)

Wasn't it a core value of the Internet that it was abstracted above limitations of juridical boundaries, political division and secular belief systems to provide redundant fail-safe communication world wide enabling human progress in the face of systemic failed governance?

How does advocating _for_ juridical application of the 4th virutally annexing "the cloud" as the 51st state... tell me again how that abstracts the medium above the landscape.

Part of the problem... (3, Insightful)

Alarindris (1253418) | more than 4 years ago | (#30818524)

The US constitutional amendment forbidding unreasonable searches and seizures is well settled in regard to the physical world

Electrons in computers ARE part of the physical world.
Stop conceding that is it different!

IT'S NOT!

its different philosophically (1)

circletimessquare (444983) | more than 4 years ago | (#30818958)

and therefore, it makes sense that it is also different legally

moving bits around is completely unlike moving pieces of paper around, in all sorts of fundamentally significant ways, with all sort of implications and ramifications for how society does work, could work, and should work

Re:its different philosophically (0)

Anonymous Coward | more than 4 years ago | (#30819472)

No, moving bits around is not unlike moving paper around. Both of them are merely a medium for information. The information is protected as much as, I'd say it should be more than, the physical piece. The fact that one is physical and one is not doesn't change that they're both carrying the same protected thing.

#1: i have a piece of paper on my desk (1)

circletimessquare (444983) | more than 4 years ago | (#30819680)

100 people around the world want that piece of paper

this will involve copying and mailing that paper, a lengthy task. it is indeed, protected, because it is a time consuming and expensive. therefore, there are natural hurdles to sharing this information, which means that publishing, or, the large scale movement of media, is the domain of a few rich players. laws governing their behavior can easily be enforced, mainly gentleman's agreements in the club house. a closet holding cd duplicators or a warehouse holding vhs machine copiers can be located and shut down, and it is expensive to set up these shops. for these many reasons, it is easy to enforce the rules

#2: i have a file on on my computer

100 people around the world want that file

this will involve nothing but installing a free easily available program, which requires no monitoring or effort to use to distribute. it is not protected, because it is effortless and cost-free. therefore, there are no natural hurdles to sharing this information, which means publishing, or, the large scale movement of media, can be performed by any teenager in any basement. a 13 year old in novosibirsk or johannesburg or pasadena has the same publishing might of bertelsmann or time warner or disney in 1980. laws governing the behavior of these teenagers cannot easily be enforced: they're teenagers. the sharing software is headless, encrypted, obfuscated, made sparse and otherwise untraceable. for these many reasons, it is no longer possible to enforce rules created in the age of vinyl records or even player pianos

this technological progress. it is not moved by legal standards, legal standards change in response to technological progress. read up on your history. when you say "The fact that one is physical and one is not doesn't change that they're both carrying the same protected thing" all i see is someone living in colossal denial about how the world is changing around them

the world is changing friend. the whole edifice of ip law is now completely unenforceable. and therefore completely useless. welcome to reality

Dumb idea anyhow. (4, Insightful)

lancejjj (924211) | more than 4 years ago | (#30818540)

[T]he service provider has a copy of the keys to a user's cloud 'storage unit'

Why the hell would I want to give a copy of the keys to the service provider?

Just because you use the cloud to store bits of data doesn't mean that you'd want to store unencrypted bits of data there. Those that do risk distribution of your unencrypted data via a multitude of channels, including but certainly not limited to:

  • Cloud configuration errors
  • Service Policy changes
  • Service Security failures
  • Data theft by administrators
  • Service scanning and reselling of your data

Why would anyone hand the keys to all their important data to a 3rd party that they don't personally know? Just because they're under a contract with that 3rd party? A contract drawn up exclusively by that 3rd party? With clauses designed to exclusively to protect that 3rd party?

Re:Dumb idea anyhow. (2, Interesting)

Zerth (26112) | more than 4 years ago | (#30819234)

Seriously, if you are going to do something important in the cloud, get data storage from a different cloud than the one you use for processing.

Even better, have the data only exist in an unencrypted form while it is in use on the zero-storage processing cloud and run the keyserver in a third location. Preferably somewhere you'd notice when the cops break the door.

The 4th amendment grants government. (2, Informative)

tjstork (137384) | more than 4 years ago | (#30818554)

It is worth noting that under the Constitution, there is no federal power to search or seize, at all. Thus people who say that the 4th amendment doesn't list something as protected, like a computer file, miss that point. The 4th amendment is that the government is allowed to search mail, with a warrant, and nothing else.

Re:The 4th amendment grants government. (4, Informative)

edittard (805475) | more than 4 years ago | (#30819228)

The actual text would appear to disagree.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The last bit seems to list a set of preconditions which, if met, do allow it.

Uh not so fast. (2, Insightful)

Geofferic (1091731) | more than 4 years ago | (#30818562)

This post starts with a false statement. 4th amendment rights are not well settled. They've been challenged and altered repeatedly within the last decade.

But then again (1)

Dunbal (464142) | more than 4 years ago | (#30818580)

If you know anything at all about security, you won't let your data be stored on someone else's computers and travel on someone else's network in the first place. (Spoken in the voice of Fat Tony [wikipedia.org] ) Off-site storage is absolutely necessary, but there are other, more expensive, more tedious, but far more secure methods of keeping your data off site. And please don't keep a paper trail.

Only in america (2, Insightful)

petes_PoV (912422) | more than 4 years ago | (#30818674)

US freedoms, protections and liberties only apply within US borders. If you put your data in "the cloud" is there any guarantee that your data will stay with US borders, or is it free to float (as clouds do) to any other geographic location.

Specifically, would it be wise to assume that all, or any, backups will only be taken in america, or that the data won't get routed to or through another country.?

It's a big world out there and the USA is only a small part of it.

This was addressed by the Stored Communications Ac (1)

Tobor the Eighth Man (13061) | more than 4 years ago | (#30818704)

t, way back in 1986.

http://en.wikipedia.org/wiki/Stored_Communications_Act

"With respect to the government’s ability to compel disclosure, the most significant distinction made by the SCA is between communications held in electronic communications services, which require a search warrant and probable cause, and those in remote computing services, which require only a subpoena or court order, with prior notice. This lower level of protection is essentially the same as would be provided by the Fourth Amendment—or potentially less, since notice can be delayed indefinitely in 90-day increments."

So no warrant is needed, just subpoena and notice. As the wiki article points out, this is essentially the "third party doctrine," which already exists for the Fourth Amendment. The third party doctrine basically states that if you reveal information to a third party, you can't make a fourth amendment claim against that info.

Re:This was addressed by the Stored Communications (1)

Tobor the Eighth Man (13061) | more than 4 years ago | (#30818722)

Rather... no warrant is needed for cloud computing services, which I'd say is the very definition of a remote computing service.

No easy access to a cloud if not the owner (0)

Anonymous Coward | more than 4 years ago | (#30818746)

Here in Holland the landlord does not have a key to a tenant's space. The landlord is not allowed to enter the tenant's space without the express permission of the tenant. I think the same should apply to a service provider in relation to the users storage unit in the cloud.

Stop insult people's intelligence (4, Insightful)

Yvanhoe (564877) | more than 4 years ago | (#30818784)

A bit offtopic but I think it is important for lawmakers : stop doing analogies. Cryptography does not work like a lock or like an opaque case, owning cryptographic keys does not make you the landlord of anything. Cryptography works by taking a clear message and a key and mix them in a way that produces a seemingly random information but that can be made sense of thanks to the decoding key and the decoding algorithm. It is not that hard to understand. It requires 30 secondes of focus to understand and twenty minutes of thinking about and around, and you have understood the basis of crypto.

Dear lawmakers, please make laws about cryptography, not about analogies of cryptography if you don't want me to just be an analogy of a law abiding citizen.

Thanks.

Re:Stop insult people's intelligence (0)

Anonymous Coward | more than 4 years ago | (#30818968)

Indeed. Stop insult people's intelligence. People insult own intelligence just fine.

Time to change the test? (1)

wrencherd (865833) | more than 4 years ago | (#30818970)

As far as US law is concerned in this regard, the 4th Amendment is not so much the problem as is the 40 yr old "expectation of privacy" test.

Perhaps it's time to change that one and bring it up to date particularly in light of the fact that it doesn't seem to apply to very much any longer.

The larger problem--as pointed out above by petes_PoV--is the international jurisdiction issue; "where" is the data cloud?

The answer to that question determines which laws--including any related "third party doctrines"--will apply.

Will google respect non-US law when it comes to turning over cloud data to non-US gov't agents?

folks (1)

circletimessquare (444983) | more than 4 years ago | (#30819068)

if you want something private, don't put it on the internet

if you want a private conversation, walk with the person on a beach

everything else is subject to snooping, and not just by the government. there are other less savory entities out there that can pilfer your information

so if its important, just keep it off the wires. this is a complete shortcircuiting of all of the legal arguments

because even if you successfully clamped down on the government across all legal avenues, the government really is the least of your worries in terms of who can snoop on you and why. there is no protection that works except your own attempts to secure your data. that's your job, not the government's

there's people reading this comment who buy guns because they don't trust the government to protect them. so why would anyone trust the government to protect their privacy online?

protect yourself with your own protocols for how and when and what is disclosed over a wire. this shortcircuits all the needless legal arguments, since the potential list of online snoopers does not begin nor end with your friendly local government bureaucrat

Clueless Gov't (0)

Anonymous Coward | more than 4 years ago | (#30819080)

Our gov't is totally clueless when it comes to technology. We need to get rid of these Luddites and take over. Long Live the Technocracy!!!

Is the expectation of privacy legal? (1)

rickb928 (945187) | more than 4 years ago | (#30819204)

The analogy of a locked briefcase is instructive. If the government were to try to guess the combination, aren't they ignoring my intention of privacy? That is, I locked the briefcase, intending to shield the contents from disclosure without my consent. Being a combination lock means nothing, because picking a key lock is the same effort, indeed snipping off the lock is the equivalent. Does the means of entry matter? Indeed, coercing me to divulge the combination, or give them the key, aren't these also violations of the Fifth Amendment, allowed only in the most dire of circumstances, if at all?

So if I password protect my files in the 'cloud', don't I have a similar expectation of privacy? The government could indeed coerce the service provider to open the files (snip the lock). And if I encrypt the files, why should the government be allowed to even attempt to decrypt them by any means (guess the combination or pick the lock) including coercing me to offer the key (Fifth Amendment again)?

The slope we are slipping down is an old one - new technology doesn't change the principles. It just changes the means. As the government does not have the right to enter my home and search my papers without due process, so they should not have the right to rifle through my 'papers' online, either.

While any expectation of privacy in normal email is futile, if I choose to use Gmail, for instance, via SSL, then I should be granted the expectation of privacy also in that communication. And since I need my user ID and password to access my GMail account, I epxect my stored email data to also be granted that expectation of privacy.

The only reason that protections against unreasonable searches and seizures of electronically stored items should be 'lagging behind' the protections that 'more' physical items enjoys is twofold; 1. The government is charging in where they should not be, in the absence of court decisions, and 2. The courts have not yet handed down decisions that would retrain the governemnt.

But to point 1; Our goverment in the U.S. should not be seeking ways to expand their influence in the absence of restraint by the courts. They should act like the officers of the court they should be and consider the legality in favor of the people. And I'm sure they would claim to be doing so now and always. I disagree. Our government seeks to assume power in every area where the restrictions are unclear, or where the courts have not yet decided, or where they can justify the effort in the name of some greater good. We would be better off if our government considered first, "should we be doing this?".

I know I am probably in the minority with this belief. That doesn't make it wrong. Our government was devised from documents that also described its limits.

Shouldn't the Government need a reason? (1)

flaptrap (1038180) | more than 4 years ago | (#30819328)

In order for a search to be 'reasonable' I think the Amendment should be interpreted to require a good reason to have a search. It says, 'probable cause', after all, and requires a sworn affidavit.

It is not good enough just because the Government can tax the people to raise funds and use those funds to spy on everything they do. Then everyone is a suspect, and since nobody is perfect, everyone is a criminal.

Sorry, I spend my time trying to do good for the world. I do not feel like a criminal and deeply resent being treated like one.

the SCOTUS has already ruled against email. (0)

Anonymous Coward | more than 4 years ago | (#30819348)

it doesn't apply to email, so why would it apply here?

I guess those old fuddie duddies that PRINT everything have the right idea...

TSCOTUS only honors physical papers as your effects.

Encrypt/Decrypt at the client (1)

davidwr (791652) | more than 4 years ago | (#30819388)

Ideally, encrypted data in the cloud would be decrypted at the user's computer, much like PGP-enabled email.

don't give anyone else the key (1)

StripedCow (776465) | more than 4 years ago | (#30819418)

Solution: just don't give anyone else the key to your encrypted data. And certainly not the third-parties.

The problem is, though, that web-browsers don't (yet) have good support for encryption/decryption of data.
The only encryption supported well is the TLS connection to the webserver, but that one doesn't count since it merely allows you to talk to the webserver (i.e., the third-party).

Another problem with client-side-encryption is that the third-parties cannot manipulate or index your data, but that could also be done on the client, i suppose.

Two intermixed issues (1)

Registered Coward v2 (447531) | more than 4 years ago | (#30819486)

First issue - 4th Amendment protections in the US - what search and seizure protections do you have. Despite the so-called newness of the cloud (some of us remember big iron - dumb terminal models from way back) it is another way to electronically transmit information - so it would seem that all the existing wiretap laws would apply. Just like they can tap your phone they can intercept other electronic transmission, with a proper warrant. To the extent such information is publicly available (such as via a Google search), they should be able to get it without w warrant. if you fail to set security to prevent others from seeing it you, IMHO, have no expectation of privacy. To expand on the briefcase example, you may have an expectation of privacy for stuff in the briefcase, but the law can watch and videotape you putting something in in Starbucks.

The other issue, and to me the more important one, is collateral damage. As the referenced article pointed out, the physical search and seizure impacted a lot of innocent third parties. I doubt a court would say "you can't do a seizure because you'll grab other peoples stuff," but might say "you can only look at the target's info." So, rather tahn worry about the 4th companies should ensure their data centers have adequate disaster recovery plans to deal with such situations (along with fires, power outages, etc.) If a data center can't recover from the loss of some servers they have bigger problems than privacy rights.

Out of Control Supremes (0)

Anonymous Coward | more than 4 years ago | (#30819528)

Nothing is "well settled" with the current Supreme Court.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...