US Government Says the 4th Amendment Doesn’t Apply to Online Storage


Earlier this year, a New York judge ruled that US search warrants applied to digital data, even if the data wasn’t stored domestically. The ruling came about after Microsoft was asked to hand over the user information and contested the warrant because the info was stored on servers located in Dublin, Ireland.

In the ongoing battle to protect users’s privacy, Microsoft has made their stance very clear. But so has the government with a brief filed last week.

In it, the US government countered Microsoft’s endeavors to keep data abroad safe from the prying eye of government officials, noting that according to the Stored Communications Act (SCA), any content stored online does not have the same rights as physical information, as protected by the Fourth Amendment.

Specifically, the brief states:

Overseas records must be disclosed domestically when a valid subpoena, order, or warrant compels their production. The disclosure of records under such circumstances has never been considered tantamount to a physical search under Fourth Amendment principles, and Microsoft is mistaken to argue that the SCA provides for an overseas search here. As there is no overseas search or seizure, Microsoft’s reliance on principles of extra-territoriality and comity falls wide of the mark.


Looking at it from both sides, the Justice Department says such a law is necessary in a time where electronic communications can be exploited by “hackers,” both domestically and abroad. This pertains to the case against Microsoft, as the individual whose information they were seeking out from the servers in Dublin was under investigation for drug-trafficking.

And while nobody reading this (we hope) is hiding drug trafficking info online, we’d bet a good number are storing their pictures online… apparently those are not protected by the Fourth Amendment the way, say, a physical photo album in your house would be.

(via Engadget)

Image credits: Server Room by Torkild Retvedt

  • Jason Yuen

    1) Don’t store sensitive data online.
    2) Use encryption on local storage.

    I think 1) would have been obvious by now, but encryption is something necessary for sensitive data. One problem with encryption is that implementation has not been very user friendly and can be resource intensive. Small price to pay for secure data though.

  • David Liang

    I understand both positions…I don’t think there’s a clear right or wrong in this, a lot of that judgement will depend on context and specific cases. This is one of those things where the laws are trying to catch up to technology, but obvious conflicts are the result. It’ll work itself out…but hopefully with few unintended consequences as possible(not likely).

  • Jim Johnson

    Before everyone goes tin hat over this.

    They are talking about legal, out in the open, court ordered searches. This not about people stealing data, or the NSA.

    This is dealing with how to apply a law written for the physical world to a virtual one. I mean, Microsoft claims that the data is stored on servers in Ireland, but data travels readily across borders in an instance, can be accessed anywhere (even space), and does not have a physical existence (unlike paper data). Yet, part of the US constitution’s fourth amendment specifically describes physical property as its examples.

    It’s an interesting conundrum, to say the least.

  • David Liang

    My philosophy is I’m not putting anything in the cloud I’m not prepared to lose, get stolen or looked at. It’s a convenience in terms of access and I use it as such. I think everyone should just invest in a NAS or similar storage solution for anything they want secured.

  • Johan Robertsson

    at what point does digital data stop having physical existence? When it’s stored on hard drives?. If the data was on its own spool of magnetic tape in a Microsoft owned warehouse in Ireland and when you called them they would send the data to you over the phone-line, would that somehow be different to the case at hand? What if the data was stored with ink on paper and kept inside an optical reading machine capable of turning the data into electric signals and sent to the user with a telegraph service?

  • Greg Heller

    First thing I would want to know is how did the feds get the knowledge that I have data stored on the cloud with msft in Ireland, was that knowledge in fact obtained legally? I do not use online storage for anything but user manuals for products that I might want to use at different locations, and maybe a few oddball photos, but the books for my vast drug empire is kept on a cassette tape connected to my TRS-80 at home.

  • MWisBest

    How the hell does a law bypass/override the constitution.

  • overhere2000

    The US Judicial branch is hell bent on destroying American businesses. Companies and job creators…again…are forced to seek solutions from non-American companies.

  • Matt

    I think you are incorrect in your assumptions of a ‘virtual’ world. It is all the real world we are talking about: our assets, our goods. Not a game. Not fiction. In fact, many so called virtual items are more real than ink. For example, fraudulent checks. Just because something is easily touched does not give it any more ligitimacy.
    I think people are staring to understand that, and the law will change as understanding grows.
    Personally I disagree with SCA in lowering the bar on access to remote data. It should be on the same level as any other personal item: A search warrant with probable cause. A free society should have no problem with attaining that level of jurisprudence. And we should work on fixing that mistake, not whine about it.

  • Matt

    Yes, I agree, laws and processes will evolve. However, I think it is clear what is wrong. The idea that binary data is not real is wrong. The idea that any personal information is not protected by the 4th amendment is wrong. The idea that sending information over a network is akin to publicly publishing it is wrong. It may still be public material, but it depends on more factors than just transmission.
    However, that is not to say that all things on the internet are private and protected. Most are public, but some do have a reasonable expectation of privacy. If person does act to ensure their info is in private communications or encrypted, it must be protected by the 4th amendment. If a person does not do those things, then it is publicly available information, and no court oversight is needed.

  • Renato Murakami

    Correct me if I’m wrong, but the title seems to be overdoing it or plain misunderstanding what is happening there. The topic is sensitive so there needs to be some extra care about how it’s addressed here. I’d highly recommend changing it.

    The quote is addressing only where the 4th amendment would require specifically an overseas search for the data, not the entirety of the 4th amendment itself, which speaks about the requirement of probable cause for search and seizure.

    In this case, the Justice Department already has probable cause or judicial order. What’s in question here is whether the justice department also needs overseas search permission to have access to data stored in Dublin servers or not.

    This is far more reasonable. It’s not like US government is negating the 4th amendment for online storage – like the title says. It’s not about getting data without permission. This is a discussion on what should be considered the physical location of digital information.

    The servers might be in Dublin, but the corporation is in the US, and furthermore, the infrastructure is probably unified somewhere in the US too. If the justice department needs information on a suspect that is an US citizen, it would be quite hard for them to get anything if everytime they asked for it, the information could be stored just about in any country in the world Microsoft has servers in. So the discussion is at least reasonable.

  • MWisBest

    I think part of the argument is that the search warrant shouldn’t have been granted in the first place.

    If just because a company has a location in some place (e.x. USA) it should be governed by their (USA’s) laws EVERYWHERE, even in other COUNTRIES (e.x. Japan), there will be plenty of conflicting laws for companies that are as far reaching as Microsoft and Google for example.

    That is completely unreasonable.

  • Jim Johnson

    You misunderstand the term virtual as I use it here. Here it is virtual vs. physical (not virtual vs. “real”). Although it is not a technically accurate description, I think most people would get that.

  • MWisBest

    At some point though, it IS physical, which kinda kills your entire virtual vs. physical argument.

  • Jim Johnson

    Data has never been physical, but has always been constrained by its physical storage (paper, file cabinet, data tapes, hard drives).

    Digital data stopped being constrained by its physical storage device a while back and is now stored simultaneously (and often temporarily) in multiple places. Access it on your computer, and it is temporarily copied there. However, for search and seizure purposes, there is practically no way to know what machines have temporarily accessed it. Data may be permanently stored in Ireland, but it is probably moved around the world all day every day. That is the issue I’m talking about. Data knows no physical limitations and no borders, yet we still define our laws by physical possession and physical property. This is becoming an outmoded way of thinking.

    To say that the data is IN Ireland, is ridiculous as long as a laptop can access it from the Starbucks in Butte, Montana.

  • MWisBest

    In regards to the no borders thing:

    If just because a company has a location in some place (e.x. USA) it should be governed by their (USA’s) laws EVERYWHERE, even in other COUNTRIES (e.x. Japan), there will be plenty of conflicting laws for companies that are as far reaching as Microsoft and Google for example.
    If we’re going to work around that problem, it will require an international set of laws that are the. only. laws.

  • Jim Johnson

    Data has never been physical, it has only been constrained to particular physical devices. Data still has to be stored, but now those devices often constrain it for only seconds or minutes at a time.

    This was the problem the music industry has faced. They thought of their product as a physical one. They never considered it could be broken free into a constantly circulating data stream.

  • Jim Johnson

    That, I think, is the crux of the whole issue. How do you govern and write laws to regulate something that is not constrained to physical and political boundaries? We are playing catch up with this issue (legally speaking).

  • Korios

    So since sooner or later everything will be digital they essentially invalidated the 4th Amendment. Well done judge and US Gov. I do not think this would hold in the US Supreme Court.

  • MWisBest

    That I can agree to. +1

  • Carol Uren

    my co-worker’s
    step-mother makes $71 an hour on the computer . She has been laid off for 10
    months but last month her payment was $13158 just working on the computer for
    a few hours. go to website WWW.jObspup.ℂ­OM

  • yvonnerchandler

    my classmate’s aunt makes $68 every hour on the
    computer . She has been fired for 7 months but last month her paycheck was
    $15495 just working on the computer for a few hours. visit the site C­a­s­h­f­i­g­.­C­O­M­

  • Matt

    No, that is not correct as well. It is always physical. Allways, no exception. If it were not physical we could not use it in any fashion. It could not be transmitted, it could not be stored, it could not exist.
    Your argument about music industry is not correct either. The traditional music industry is having problems because of distribution. In the old technology they had a much tighter control over distribution, tapes started to loosen that grip. The issue has nothing to do with physical properties. It has to do with being able to distribute, and duplicate, to thousands of others effortlessly. The reduction in effort has caused many to ignore copyright laws. They no longer have control that they once had, so they need to change how they do business. It use to be a good paying gig to move music from the artist to individules, now that can be done by anyone. But, in contrast look at itunes. They are making a LOT of money.
    Being physical has no bearing on anything really. A contract is a binding agreement, but it is not the ink and paper that makes it an agreement. It is the ethical behaviour of the parties that enter into the contact. The paper and ink just provide a record for the settlement of disputes. That contract can be just as easily be recorded electronically. Just because you can touch the contract does not mean that it is enforceable or valid.
    Electronic, or binary, data is the exact same as paper and ink. It represents agreements between people. We agree that our bank balances are represented by data, just like a ledger. We agree that our health records are data, just like we agree that they can be represented by ink on paper. Laws are stored electronically, does that make them less enforceable? No, of course not.

    I agree that there is a lot of misunderstanding in the current law and we need to fix that. Unfortunately it will take a long time.

  • MWisBest

    I think both you and Jim have good points. As we’ve all been able to agree to, the law just isn’t able to handle something like this. And at this point, I think that could be stretched to humans aren’t able to handle something like this.

  • Jack Roberts

    Sure the company that looks after your data end of day has access to it and you can not stop them from looking at it. Saying that they can then sell your data or allow a third party to look at the data, is a completely different thing and something that is definitely covered by the fourth amendment.

    This is just authoritarian propaganda. The state uses guns and the threat of violence and the threat of impending doom or the transfer of liability as a mechanism to manipulate companies to breach their rights. End of the state is crossing the line.

  • Clutchologi

    The law is fine. The Fourth Amendment covers this. We’re dealing with a Leviathan who is completely ignoring the entire foundation it was founded upon. As expected.

  • The_only

    “They are talking about legal, out in the open, court ordered searches.” You should read the article before posting, actually the title would have sufficed. From the title “US GOVERNMENT SAYS THE 4TH AMENDMENT DOESN’T APPLY TO ONLINE STORAGE” The claim is that no search warrant is necessary. No ‘court ordered’ search, just a search; no probable cause applied. We live in a physical world, the data is represented as zeros and ones, charged states on a disk or flash drive ARE ABSOLUTELY physical. What is the difference of writing ‘1’ on a piece of paper with pencil and charging the state on a flash drive to show one bit? They represent the same thing in different languages. If someone writes something in a language that you don’t understand, does that give you the right to steal or copy it without the expressed permission of the owners of such language?

  • Jim Johnson

    “when a valid subpoena, order, or warrant compels their production”

    You might want to read the article as well.

  • The_only

    FULL QUOTE “Overseas records must be disclosed domestically when a valid subpoena, order, or warrant compels their production.” Yes, however they are arguing that they do not require it, the following reveals: “The disclosure of records under such circumstances has never been considered tantamount to a physical search under Fourth Amendment principles” See link to 4th amendment in article if desired. I further argue that their argument is invalid, as everything is physical.

  • Richard Ford

    Is this the USA or North Korea?

  • ryfter

    Here is my confusion. The Gov’t got the warrant. This is not a random search and seizure. The contention is that it is hosted on a server out of the country, but owned by a company in our country.

    Unless I missed something about the warrant being placed for this data, how is this breaking the 4th amendment?

  • Keith Silvas

    This is insane. So many people back up their entire computers on secure servers. If you’re one of them that uses carbonite or any other cloud storage system, the government can now access your personal data, no warrant needed. R.I.P. 4th amendment.

  • Matt

    I am pretty sure no warrant was issued. The SCA says none are needed for this type a situation. A subpoena or just prior notice is all that is needed to access the information, and the access is not restricted to law enforcement. That implies it is public information,
    So, it breaks the 4th Amendment because no search warrant or probabile cause is needed. They do not even need a reason.
    IMO this is a problem.

    If the govement was requried to have a warrant, and got one. Then IMO it would not a problem.

  • ryfter

    I agree with you. But, this is the 2nd line: “The ruling came about after Microsoft was asked to hand over the user information and contested the warrant because the info was stored on servers located in Dublin, Ireland.”

    It SOUNDS like there was a warrant. But the issue was that the physical data was stored in Dublin. If a warrant was used, then I don’t see this as a 4th amendment “issue”.

    I’m really not trying to be obstinate. Either the article is misleading, or I am missing something.

  • Mel S

    Well then they should be able to go right into Sonasoft and get Lois Lehner’s emails. No subpoena needed.

  • asw

    Why does our government think it can do what it wants by making laws and “acts” that support it’s position? When the government makes the rules and then hides behind them, something is really wrong. We have a constitution, they swore to uphold it. End of story.