The FBI raided at least two Texas data centers last week

<snip>
The articles report that the FBI raided at least two Texas data centers last week, serving search-and-seizure warrants for computing equipment, including servers, routers and storage. The FBI was seeking equipment that may have been involved in fraudulent business practices by a handful of small VoIP vendors.

The problem is that they didn't just grab the systems belonging to the VoIP vendors, but also hundreds of servers that served a wide variety of businesses, the vast majority of which had never dealt with or even heard of the companies under investigation, according to Threat Level. Companies interviewed complained of losing millions of dollars in lost revenue and equipment with no warning whatsoever.

One company, auto vendor marketing and inventory management vendor Liquid Motors, filed suit in a U.S. district court seeking a restraining order against the FBI that would force the return of the company's servers.

In what has to be one of the most scary verdicts for cloud users everywhere, the district court sided with the FBI and supported its probable-cause argument for holding on to the servers. Although the FBI was kind enough to copy the disk drives for Liquid Motors (on drives Liquid Motors had to provide), the precedent set here sends a shiver down my spine.
<snip>
http://news.cnet.com/8301-19413_3-10220786-240.html

Well, somebody needs to sort out the rights of 'cloud users.' Don't leave it to Congress or Inhofe will be out looking at the fluffy things in the sky.

They can copy those disks while still letting them continue working. This is just arrogant buffoonery on the part of badge holders.

If a business part rented space to 100 businesses, and one of them might have committed a crime, that doesn't give the FBI the right to seize everything from every business in the entire business park. They have to get a warrant that specifies which rental unit they want to invade inside that shared space.

It should be the same inside digital shared space. If one company is doing something wrong you can't seize the property of every other company that is also hosted there. That's just ridiculous!

:grr:

This should be established in the appellate courts if the lawyers can be brought up to speed.

-Hoot

yes it sucks for liquid motors, and i disagree with the judges decision -- but now there is a court legal precedent to challenge, if they (liquid motors or other "cloudies") mount a successful appeal (and its carried through SCOTUS) we could have a definitive legal answer.

http://news.cnet.com/8301-19413_3-10436425-240.html

I just had the pleasure of reading an extremely well-written note in the June 2009 edition of the Minnesota Law Review titled "Defogging the Cloud: Applying Fourth Amendment Principles to Evolving Privacy Expectations in Cloud Computing (PDF)." Written by David A. Couillard, a student at the University of Minnesota Law School expected to graduate this year, the paper is a concise but thorough outline of where we stand with respect to the application of Fourth Amendment law to Internet computing. It finishes by introducing a highly logical framework for evaluating the application of the Fourth Amendment to cases involving cloud-based data.

According to Coulliard, we aren't very far along at all today:

Under a rubric of "reasonable expectations of privacy," the Court has since defined the contours of the Fourth Amendment's application in varying circumstances. But technology and society's expectations are evolving faster than the law. Although statutory schemes exist, some argue that these laws are outdated. Meanwhile, the Supreme Court has not even addressed the Fourth Amendment's application to e-mail, let alone the expanding uses of cloud-computing platforms. Thus, Fourth Amendment law needs a framework that will adapt more quickly in order to keep pace with evolving technology.

Much of the legal confusion in cases involving any form of data or transaction on the Internet since has revolved around considering whether storing your data in a third-party data center is in fact subject to the so-called "third-party doctrine." This includes cases like Smith v. Maryland, in which the courts argued that people generally gave up an expectation of privacy with regard to their phone records simply through the act of dialing their phone--as the phone company receives and processes the phone numbers, thereby becoming a party in the transaction.

The actual raid happened April 7, 2009. http://www.wired.com/threatlevel/2009/04/data-centers-ra/