The Daily Caller

The Daily Caller
An undated aerial handout photo shows the National Security Agency (NSA) headquarters building in Fort Meade, Maryland. REUTERS/NSA/Handout via Reuters An undated aerial handout photo shows the National Security Agency (NSA) headquarters building in Fort Meade, Maryland. REUTERS/NSA/Handout via Reuters  

It’s time to protect data in the cloud

Photo of Steven Titch
Steven Titch
Associate Fellow, R Street Institute

Tuesday’s State of the Union address affords President Barack Obama another opportunity to address the government’s massive overreach in collecting data about ordinary Americans in the name of protecting us.

Although Obama, a constitutional scholar, spoke at length in a January 17th address to the nation about balancing individual privacy and national security, even conceding that there is a “bias” within government to amass as much information as it can, he offered no guidance or framework to Congress as to how existing law can be strengthened to protect Americans from wholesale government intrusion into their online lives.

Fortunately, bipartisan efforts on Capitol Hill have been gaining ground. And while the scope of NSA and other government abuses defy a single solution, strengthening existing laws, particularly the Electronic Communications Privacy Act, is a great place to start.

Even before news of the NSA’s surveillance programs broke last June, Sens. Patrick Leahy, D-Vt., and Mike Lee, R-Utah, had co-sponsored revisions of ECPA to extend Fourth Amendment protections to private data stored on servers on the Internet, or as it’s called current nomenclature, the “cloud.”

ECPA sets out rules for law enforcement agencies that want to tap phone lines. When it was enacted nearly 30 years ago, there was no concept of cloud computing. Cloud computing makes it possible for users to, for example, access playlists and movies from multiple devices, because that content is stored on servers in data centers that could be anywhere in the world.

But there’s much more to it than that. Cloud computing is driving the so-called “Internet of things.” The latest tech buzzwords that shout from covers of Wired and Popular Science — smart homes, driverless cars, wearable computers — will all be possible because of cloud computing.

But to work efficiently, cloud computing needs large amounts of personal data. Much of it is anonymized in the process, such as when a GPS system can access highway location data about automobile speeds and car density, determine there is an accident three miles ahead and route you around the traffic. Still, it would be wrong to say systems always purge personal information.

That means companies involved in cloud technology will require a high degree of trust and goodwill from the marketplace if consumers are going to feel comfortable sharing data. One way the government can help increase this trust is to extend legal protections to data in the cloud, because it is where most of our data will inevitably reside.

The lack of specific Fourth Amendment protection is partly responsible for the massive scope of government intrusion into the Internet. NSA programs such as MUSCULAR and “Tailored Access Operations” were specifically aimed at defeating the encryption and firewalls that Internet companies use to safeguard user data. The NSA hopes to hide behind judicial interpretations that cloud data has no explicit legal protection. But this is a technicality to evade the principle. The intent of ECPA always was to prevent law enforcement agencies from the very sort of fishing expeditions the NSA has been doing.