Cloudy Privacy Protections: Why the Stored Communications Act Fails to Protect the Privacy of Communications Stored in the Cloud

Cloudy Privacy Protections: Why the Stored Communications Act Fails to Protect the Privacy of Communications Stored in the Cloud

Ilana R. Kattan · 13 Vand. J. Ent. & Tech. 617

Abstract

The advent of new communications technologies has generated debate over the applicability of the Fourth Amendment’s warrant requirement to communications sent through, and stored in, technologies not anticipated by the Framers. In 1986, Congress responded to perceived gaps in the protections of the warrant requirement as applied to newer technologies, such as email, by passing the Stored Communications Act (SCA). As originally enacted, the SCA attempted to balance the interests of law enforcement against individual privacy rights by dictating the mechanisms by which the government could compel a particular service provider to disclose communications stored on behalf of its customers. However, technological advances since 1986—especially the advent of cloud computing—have rendered the SCA unworkable and unpredictable.

This Note examines how the SCA’s compelled disclosure provisions apply to cloud computing services. It begins by discussing the historical precedents for the SCA and its basic provisions. It then demonstrates the complexity of the SCA and shows that cloud computing services may lie beyond the scope of the Act. This Note concludes by examining the current debate over the SCA and recommending that Congress require the government to obtain a warrant to compel service providers to disclose communications stored in the cloud.