William Jeremy Robison has a Note in the April issue of the Georgetown Law Journal, “Free at What Cost?: Cloud Computing Privacy Under the Stored Communications Act.” From the Introduction:
Scott McNealy, the Chairman and former CEO of Sun Microsystems, caused an uproar in 1999 when he dismissed online privacy concerns and proclaimed, “You have zero privacy anyway. Get over it.” Was he right? Within the realm of cloud computing, he may have been uncomfortably close to the truth. The
Stored Communications Act (SCA), a component of the broader Electronic Communications Privacy Act (ECPA), is the primary federal source of online privacy protections, but it is more than twenty years old. Despite the rapid evolution of computer and networking technology since the SCA’s adoption, its language has remained surprisingly static. The resulting task of adapting the Act’s language to modern technology has fallen largely upon the courts. In coming years, however, the courts will face their most difficult task yet in
determining how cloud computing fits within the SCA’s complex framework.
This Note ultimately concludes that the advertising supported business model embraced by many cloud computing providers will not qualify for the SCA’s privacy protections. In exchange for “free” cloud computing services, customers are authorizing service providers to access their data to tailor contextual and targeted advertising. This quid pro quo violates the SCA’s requirements and many customers will find that their expectations of privacy were illusory.