All your [docs in the cloud] are belong to us.

FBI agents targeting alleged criminal spammers last year obtained a trove of incriminating documents from a suspect’s Google Docs account, in what appears to be the first publicly acknowledged search warrant benefiting from a suspect’s reliance on cloud computing.

The warrant, issued August 21 in the Western District of New York, targeted Levi Beers and Chris de Diego, the alleged operators of a firm called Pulse Marketing, which was suspected of launching a deceptive e-mail campaign touting a diet supplement called Acai Pure. The warrant demanded the e-mail and “all Google Apps content” belonging to the men, according to a summary in court records.

Google provided the files 10 days later.
[…]
Privacy advocates have long warned that law enforcement agencies can access sensitive files stored on services like Google Docs with greater ease than files stored on a target’s hard drive. In particular, the 1986 Stored Communications Act allows the government to access a customer’s data whenever there are “reasonable grounds” to believe the information would be relevant in a criminal investigation — a much lower legal standard than the “probable cause” required for a search warrant.
[…]
The cloud, though, undoubtedly makes things easier for the feds. If the alleged spammers had kept their files strictly on their local hard drives, the FBI would have had no choice but to serve the warrants in person, seize the computers or image their contents, and leave the suspects with a copy of the search warrant and a written inventory of everything taken.




  1. Greg Allen says:

    Can’t the documents be encrypted on the “cloud” server and decrypted, locally, by your browser?

    … at least as an option.

    Seems like an fairly easy fix.

  2. bobbo, what?--no misleading tease? says:

    Just the way we all should want it to be.

    The unintended consequenes–I now know I have 10 days to get out of town “if” the google sends me notice my info was subpoenaed? That notification requirement seems variable for the targeted owner of the info to be able to go to court to protect his privacy==maybe it doesn’t apply at all to criminal actions, just civil?

    Close enough. Indeed, Clouds should be free and transparent.

  3. Animby says:

    Just as there is no doctor-patient privilege when a third person is present, once you freely give your documents to someone else to hold, you must expect to lose the illusion of privacy.

  4. nobody says:

    @# 1 Greg Allen
    Then the cloud server couldn’t make money from ad targeting – so you would need to pay for the cloud service

    Organized crime and drug smuggling is so unprofitable that apparently it needs to pirate movies to fund it’s other activities (according to my DVD trailer) so they couldn’t pay for non-free cloud computing

  5. qb says:

    Several things you need to check. Is there encryption across the wire and on disk? What is the provider’s privacy policy? What there storage options? etc.

    For example, you can use RackSpace who provide encryption, SAS70 compliance, a clearly written privacy policy (notification, etc), and options for EU and Asia storage. All for a few dollars per month.

    If you’re stupid enough to throw information you care about into something unknown because it’s free then the FBI is the least of your worries.

  6. Dale says:

    “If the alleged spammers had kept their files strictly on their local hard drives, the FBI would have had no choice but to serve the warrants in person, seize the computers or image their contents, and leave the suspects with a copy of the search warrant and a written inventory of everything taken.”

    I’m thinking they probably confiscated his hardware also..the Google docs being bonus evidence – and more convenient for the authorities to access.

  7. dusanmal says:

    This is just another aspect pointing to much better “cloud” solution – “personal cloud”. You store and provide your own data over the web to yourself remotely or to anyone you want to share with. There are already such services both with “middleman” and without. With dirt cheap storage and fairly fast network, why would you give your data to Google or anyone else to store?

  8. qb says:

    #7 dusanmal

    I agree. That’s another good option if you willing to invest sweat labor. Again it’s inexpensive but not free.

    I’m stunned that people expect that their information will be backed up, managed, secured and protected for free.

  9. Improbus says:

    Just assume anything you put on the Internet is open book to people with money and power. If you don’t want them seeing it don’t put it online. Duh.

  10. Godfish says:

    This is what it has always been about *Google=CIA* Memory and Hard-drives are so cheep for them and us, if you don’t think your being watched your a fool.

  11. ECA says:

    1. If you think encryption will protect you, you are an idiot.
    2. HOW did they find the account?
    3. The cloud isnt JUST data. Its programs..Ask those people with Net books.
    4. PART of the CIA and its requirements is to have the ability to VIEW/HEAR anything. Thats their job. If you think DIGITAL cellphones have security..you are a fool.

  12. deowll says:

    If you encrypt your data correctly before you store it with an on line company then maybe they can’t crack it or at least such an event would be non trivial and might require access to something you own or know. Call it a key.

    I consider Google Doc’s to be medium secure. It isn’t all that likely some kid is going to grab it but I never expected them to say no to what amounts to a search warrant.

    I would hope they would tell me they had turned the information over to third party but I wouldn’t count on that.

    I consider email to be more or less the same thing as a post card.

  13. qb says:

    Encryption is only one part of an overall strategy to manage your data. The only way to truly protect your data and devices is to never connect them to a network. An even better strategy is to never turn them on and keep them in a sealed vault.

    And after a couple of decades in the IT business I’ve learned that the vast majority of data leaks are due to people with print outs in their bags or USB sticks in their pockets.

  14. KMFIX says:

    nothing is private on the internet.

  15. JimD says:

    “Duh !” or “I’m Shocked ! Shocked !!” NOT !!!

  16. JimD says:

    And of course, the old saw: “If you want to talk to the CIA/NSA, pick up any phone!!!” – But we all knew that, right ? Why would the ‘Net be any different ? And you must have heard the ATT Tech who blew the whistle on ATT and the FEDs, with that “Secret Closet” where all the ‘Net feeds were tapped ??? See the Fed NEVER GET SHOES DIRTY TAPPING A LINE, that’s only in the movies !!!

  17. BubbaRay says:

    ECA said, on April 17th, 2010 at 12:35 pm
    1. If you think encryption will protect you, you are an idiot.

    There are several encryption algorithms which, when combined with a random 64 byte key, are virtually unbreakable, even by the NSA. There’s not enough compute time in the universe to obtain a solution by trial and error, which is the only way to unlock the text. Algorithms Blowfish and AES256 come to mind.

    In June 2003, the U.S. Government announced that AES may be used to protect classified information.

    Here’s some interesting information on AES and passwords, including a password generator.

    No, I’m not an idiot. You may want to brush up on your encryption information.

  18. ECA says:

    #12..
    CONSIDER THAT THE AVAILABILITY of having Access to an account..from anywhere..
    Gives access to anyone, ANYWHERE.
    It also gives ANYONE, the ability to SIT and Play with your password.
    no more secure then a DVD sitting around your house, and someone breaks in and takes it.

    #16,
    CORRECT.
    Your best encryption is to create your own.
    You want a program that will let you insert your OWN combination’s, and is changeable.

    You want more then a Name, password..
    You want more then 10 numbers, 52 letters..
    You want to be able to insert ANy of 256-400+ characters from the keyboard.

  19. Cursor_ says:

    First rule of crime.

    Keep it between yourselves and NO ONE ELSE. Got it?

    That means no documents or anything like that. Face to face, no phones, no letters, nothing. Noisy locations or secluded private property without line of sight or easy to bug areas.

    These people deserved to get caught.

    Cursor_


0

Bad Behavior has blocked 9400 access attempts in the last 7 days.