As within the medical field where doctor/patient confidentiality is one of the major cornerstones, the same holds true in all firmly established attorney/client relationships. In fact, privileged trust between two parties is one of the oldest on English law record, dating back to the 16th century and the reign of Elizabeth I. In both professions, a person seeking assistance, whether medical or legal, may not be as forthcoming if that element and security of trust is missing. Realizing and accepting in advance the security of this privilege, allows a client to speak frankly and openly, knowing whatever is said will be kept confidential.
Until computers became an office staple, statements, conversations and meeting notes were taken by dictation, transcribed and kept in thick paper files. Technology rapidly began to change and improve the behind the scene mechanics of these often cumbersome methods of legal documentation and storage, opening up new uncharted territory into the security behind that all important attorney/client privilege.
Remember fax machines? Questions arose as to if client data transmitted over a telephone line was completely secure. Then after the faxed document arrived at the attorney’s office, unless he or she had their own secure fax machine, what chain of command was in place to guarantee the transmitted information would continue to be privileged until it reached the intended recipient? All these questions, in addition to the legality of everything from judge’s orders to someone’s signature when transmitted via a facsimile had to be addressed.
In 1986, around the time fax machines, the Internet and email were beginning to change the world’s landscape, the federal government passed the Electronic Communication Privacy Act (ECPA) to address and govern wiretapping and electronic eavesdropping. It became a federal crime to wiretap or use any type of electronic machine to record or capture communications of a single person or group of individuals without a court order or prior consent of one of the parties involved. Because many aspects of this technology were still in its infancy, mistakes whether intentional or not, abounded along with subsequent lawsuits each attempting to do damage control over privileged information no longer attorney/client protected.
Now 30 years later and once again technology is creating new rules when it comes to American jurisprudence and not only just for attorney/client privilege but on how and where much of this protected information is stored. Cloud computing in basic terms is software and computer services, usually pertaining to data storage, transmitted and delivered over the Internet rather than kept locally on an individual computer or business server. While the concept for cloud computing was introduced back in the 1960’s it took almost 50 years to evolve to what we use on a regular basis today. Amazon was the first to launch a widely accessible cloud computing infrastructure service back in 2006. Soon after, Apple, Google and Microsoft began jumping on the bandwagon providing their own version of cloud computing services. This once again opened the floodgates for concerns especially in privacy sensitive sectors including the above mentioned medical and legal fields as well as the banking and financial industry. Because cloud computing stores data on remote servers located outside the immediate control of both parties, there has been concern in terms of client confidentiality, controlled access and privacy rights not just here in the United States, but globally.
One of the most closely watched cases involves Microsoft servers located in Dublin, Ireland. Grouped under the ECPA is the federal Stored Communications Act (SCA) which “protects the privacy of the content of files stored by service providers and of records held about the subscriber by service providers, such as subscriber name, billing records or IP addresses.” The SCA gives the United States federal government the authority to obtain warrants for unopened emails stored for a specific amount of time as long as probable cause is shown. Using this law, the federal government issued a warrant demanding Microsoft turn over unopened email documents. Microsoft obviously fought back arguing federal warrants for search and seizures don’t apply outside United States territories.
Bypassing many of the obstacles under the USA PATRIOT Act, it was ruled while a SCA warrant, obtained by showing probable cause, is issued under search warrant guidelines it is served like a subpoena, meaning the served party is ordered to produce information “rather than commandeering a party’s property to retrieve or search for the information” in question. The court also ruled when the served party knowingly has the requested information under their control, they are legally obligated to produce it.
Every day it seems as though there is another case of Internet hacking being reported with the majority of them originating in China, Russia and Turkey. While Americans care strongly about their online privacy and take steps on their own to control online hackers and thieves with everything from sophisticated anti-virus programs, spyware detection systems and lengthy complicated passwords, they still expect and assume the federal government has statutes in place to protect their data, and laws in place to prosecute those who commit nefarious acts online. And while to a certain extent this is true, it is important to remember the SCA which was passed as part of the ECPA happened almost 30 years ago.
Much in the tech world has changed since then, including remote international computing storage and services and the subsequent security, or lack of. Then because the SCA is for many courts, legislators, law enforcement agencies and even legal scholars dense and confusing, there has been a slow and steady demand for amendments to the law, statute simplifications, elimination of redundant verbiage, along with worldwide negotiations to create mutually beneficial cloud computing security solutions.
Whether a member of the legal profession or just someone who enjoys surfing the web, paying bills online and on a regular basis, backs their computer and smart phone up to the cloud, it will be interesting to see what the future holds for Internet security.