Digital Media Lawyer Blog

As data storage moves from equipment controlled by its authors into the "cloud" -- storage on equipment controlled by third parties -- there is an increased risk that unauthorized third parties will access this data and use it for nefarious purposes. The Stored Communications Act ("SCA", 18 U.S.C. § 2701 et seq.) is widely thought to provide protection from disclosure for emails and other private data that are in such electronic storage. However, a less-known loophole in the SCA can permit stored information to be accessed without the author's permission and then divulged to competitors, to adversaries, to strangers, or to the general public, without liability under the SCA.

The SCA provides that any person who intentionally accesses stored electronic communications without authorization or beyond the scope of his authorization is subject to civil and criminal penalties. 18 U.S.C. § 2701(a), (b). However, there are two important exceptions to this protection:

Even if an author of a communication has not authorized a third party to access that communication, the SCA provides that this unauthorized third party is immune from liability if he/she was authorized to gain access by the provider of the electronic communications service --such as the ISP or the business the operates the network. The SCA further provides that an unauthorized third party is also immune if he/she has been given permission to access the communication by a user of the service on which the communication is stored -- such as a member of a private website, such as a MySpace page.

This means that even if the author has not consented for anyone except for the recipients to access his/her private emails, a lot of people could still be looking at them, copying them and doing whoknowswhatelse to them -- with SCA-immunity.

That sounds bad enough. However, the next section in the SCA -- Section 2702 -- opens the door to unauthorized disclosure even wider.

Continue reading "Will Cloud Computing Create a Thunderstorm?: Loophole Permits Private Emails and other Digital Data Stored by Third Parties to Be Divulged to the Public without Stored Communications Act Liability" »

On May 29, 2009, the U.S. Department of Justice, submitted an amicus curiae brief which requested that the U.S. Supreme Court not accept certiorari in the case Cable News Network, Inc. v. CSC Holdings. The Cable News Network case is critical because it is one of the first to deal with the copyright infringement problems implicit in user-controlled remote data storage services. While the service at issue is a remote DVR service, the ruling could have a major impact on copyright issues faced by cloud computing services, as well.

Cloud computing is an umbrella term for computer services that permit user programs or data files to be stored remotely and then accessed via the Internet. A well-known example is the expected Google G-Drive, which has been described as "online file backup and storage" that will provide "reliable storage for [user] files, including photos, music and documents" and "allow [ users] to access [their] files from anywhere, anytime, and from any device - be it from [their] desktop, web browser or cellular phone.

The problem with remote data storage services is that computer storage necessarily requires making copies of program and data files -- copying that could run afoul of the Copyright Act. The Copyright Act gives the copyright owner the right to "reproduce" its copyrighted work "in copies or phonorecords" 17 U.S,C. § 106(1). "Copies" are defined as "material objects . . . in which a work is fixed by any method . . . and from which a work can be perceived, reproduced or otherwise communicated. 17 U.S.C. § 101. A work is "fixed" when "its embodiment in a copy . . . is sufficiently permanent or stable to permit it to be perceived, reproduced, or otherwise communicated for a period of more than a transitory duration." Id.

Based on these sections, many Circuit Courts have held that making even temporary copies of files, such as occurs when a computer program is downloaded into the random access memory (RAM) of a personal computer (PC), constitutes copying for purposes of the Copyright Act. See MAI Systems Corp., 991 F.2d 511 (9th Cir. 1993); Stenograph LLC v. Bossard Assoc., Inc., 144 F.3d 96 (D.C. Cir. 1998); Storage Technology Corp. v. Custom Hardware Engineering & Consulting, Inc., 421 F.3d 1307 (Fed. Cir. 2005). This is sometimes called the "RAM copy" doctrine.

Continue reading "DOJ Asks U.S. Supreme Court Not to Hear Case with Potential Major Impact on Cloud-Computing Copyright Issues" »