It all started when Edward Snowden shed the light on spying operations occurring outside of U.S. borders, these operations involved the National Security Agency (“NSA”) collecting data on many telephone and e-mail conversations in other nations, and many were linked to U.S. citizens. [1] This revelation has ignited a domino-effect that includes large companies taking measures to prevent the government from encroaching on their data. [2] The Snowden release has fueled the fear that large technology companies all share, which includes their impending future economic losses as other countries find their people’s data is unsafe contained in the U.S. data centers located all over the world.[3] As a result, technology companies have publicly denounced their willingness to comply with United States, when the U.S. asks them to produce their customers’ data stored in U.S. data centers abroad since some countries, like Ireland, protect privacy vehemently.[4]
Moreover, many companies have announced their unwillingness to cooperate with the United States government and refuse to hand over data. [5] The United States attempted to have extra-territorial power to search data overseas with a warrant, issued under 18 USC § 2703(a), which requires the Government to use procedures under Rule 41 of the Federal Rules of Civil Procedure, but these procedures do not mention its extraterritorial effects. [6] Since the government has prevailed over Microsoft in its case on this matter, there has been a large threat against American cloud companies that do business abroad, and these implications over the internet of things is unknown world-wide. [7] Recent legislation and technological innovations can provide the response to U.S. technology companies’ privacy concerns.[8]
Many large technology companies are calling for more privacy protections in legislation, and until this is done, there have been efforts to encrypt code, and amend the Electronic Communications Privacy Act (“ECPA”) of 1986. [9] ECPA needs an update since those who enacted this legislation could not have possibly foreseen the global effect the internet would have had from its infancy. [10] The Stored Communications Act is part of ECPA, and authorizes the government to seek the contents of stored communications that are more than 180 days old, using a subpoena or a warrant. [11] Recent efforts to update this legislation include a proposal that the U.S. Government be required to obtain a warrant before it can access emails overseas involving a U.S. person, and those who are not U.S. persons require the government to obtain this information through the multinational Mutual Legal Assistance Treaty.
In the private sector, there is the possibility of a new angle to push an online storage service called “Box”, which allows businesses to control their encryption keys (tools that keep data safe), which will also help quell fears about the government infiltrating one’s data. [12] Dropbox, Box’s largest competitor, is also considering user-control to attract new customers. Generally, new encryption technologies from Google and Apple have headed with the Federal Bureau of Investigation, but they have also geared toward ensuring consumer privacy, and the recent legislation may or may not help extinguish the need. The future is indeed murky, but this issue involves us all as one must pay attention to it moving forward. [13]