Cloud computing is easy to use and can instantly create a mobile law office. The privacy of emails and other online documents, however, is becoming more and more of an issue.

A surprising coalition of companies recently banded together to lobby the government for changes to online security laws.

Outdated law makes it easy to obtain information

Under the current law, the Electronic Communications Privacy Act (ECPA), lots of individual data can be obtained via subpoena, including Gmail accounts, Facebook, and other cloud-based storage. In addition, the Department of Justice recently argued that cellphone location data is not protected, because individuals waive their expectation of privacy by allowing companies to gather that information.

Other documents, like hard copies of records, and other papers, still require a warrant. But more and more companies and individuals store information online, and it is beginning to blur the line that separates the two standards.

Constitutional implications

The Fourth Amendment was drafted to protect the privacy of papers and other records kept inside of your house. In many ways, email and electronic communications have replaced handwritten letters and correspondence. That type of correspondence traditionally received Fourth Amendment protection.

Under the outdated ECPA, many emails are not given the same protections. Sure, there are ways to setup your email to keep all messages off the server, but what about the recipient’s email settings? Under the ECPA, law enforcement only needs a subpoena to get those emails, rather then procuring a warrant.

Arguably, Facebook and other forms of social media are different. Most social media users are intentionally publishing information for the public (or at least certain individuals) viewing. Email, however, is generally a message from one person to another, just like an old-fashioned letter.

In other words, technology has changed, but the law has not.

(photo: Anonymous Account)


  1. Interesting topic. Thanks fro researching the topic Randall.

  2. Dan Biedler says:

    Does the law take into consideration, in regards to our “expectation of privacy,” if we have no reasonable commercial alternatives to the “privacy policies” of the vendors of cloud services?

  3. Kate Taylor Battle says:

    I would like more information on how this relates to attorney-client privilege rules. If Google can sift info from your emails for advertising or if government entities can search cloud-based messages, does that have an effect on attorney-client relations?

    • Sam Glover says:

      That’s a complicated question, but my understanding is that using cloud services is no more threatening to the attorney-client privilege than hiring cleaning staff who move client files out of the way while vacuuming.

  4. Robert B. Willsie says:

    It blows a hole big enough to float an aircraft carrier through attorney-client privilege.

    Any attorney (or client) that expects any information posted on a web site, or stored on any computer (including their own) that is connected to the internet to be absolutely free from access or review by third parties is fooling themselves.

    The best you can hope for is (1) the hackers aren’t interested in your clients or you and pass you by, (2) you have top notch firewalls and security software in place to discourage attacks, (3) you use very strong encryption software to keep information confidential if it is compromised, (4) you use “disk wiping” software on a regular bases to overwrite deleted file to make them unreadable, (5) you encourage physical security of computers and information in your practice.

    Caveat: I’m not a lawyer, I’m an IT professional with 32+ years experience whose needed lawyers for 3 divorces, 4 home purchases, and numerous other business related needs.

    • Sam Glover says:

      In other words, it raises security concerns like every other method of storing and sharing client-related information.

      You can’t inadvertently waive the attorney-client privilege, as far as I know. Not as easily as getting hacked, anyway. And my contracts with my cloud service providers are more solid than the non-existent contracts most law firms have with their cleaning staff.

      • Well, a lawyer could inadvertently waive the attorney-client privilege, but that is not what we’re talking about here. This discussion is about whether the privilege could be waived as a result of another person’s violation of federal and state law. There are a number of cases that have held that criminal conduct does not result in a waiver.

        Occasionally, evil-doers break into attorneys’ offices to get information such as social security numbers off their paper files or just steal the computers right off their desks. That doesn’t mean lawyers have an obligation to hire 24-hour security guards. The duty is to take reasonable measures to protect client information, not every measure that is conceivable.

  5. Tim says:

    This is why I will NEVER use Cloud Computing. I knew it was a bad idea the first time I heard it. What it seems like they are trying to do is get all the smaller businesses “hooked” (not unlike “crack” – the first one’s free) then they can have your data, your schemas, anything they like and say “Oh, sorry, big ‘bro’ says you can’t do business anymore, nor get any data back or intellectual property”. Sorry, this is all going to go down in flames for Microsoft.

    • Sam Glover says:

      I use lots of cloud software and services, but I have not given my data to anyone. It’s all sitting here on my hard drive, but synced, shared, or duplicated in the cloud.

      Also, Microsoft has a relatively tiny (but growing) presence in cloud computing at this point. I’m not sure how it factors in.

      • There was a time not too long ago when people were afraid to give their credit card information out over the internet. I suppose some still are. Most of us are willing to live with the slim risk that exists. Cloud computing is the same way. If it makes you nervous, don’t use it. But your risk aversion does not make the transaction any riskier for the rest of us.

Leave a Reply