One key reason that privacy advocates and some legislators are trying to update the ECPA this year is that the current law treats data stored on a server for more than 180 days as abandoned. This statutory assumption is a vestige of a time when servers held data only briefly before shunting it off to a local computer. Furthermore, the law's definition of such data is vague enough to cover not just email messages -- a popular target of law enforcement agencies -- but (potentially) other kinds of data stored on servers. Now that so much data resides on servers owned by cloud-based services, and so many people keep content in the cloud for years, a lot of long-stored files that people haven't abandoned could be fair game for Big Brother.
Law-enforcement agencies are requesting cloud-based data with increasing (and unsettling) frequency. Google's Transparency Report graphs a 70 percent increase in such requests over a span of three years, from 12,539 requests in the last six months of 2009 to 21,389 requests in the last six months of 2012.
Cloud services aren't just rolling over, though. For example, Google might comply with a subpoena to reveal the name, contact information, and login records of a Gmail subscriber. But Google would insist that the requesting authority obtain a court order requiring Google to provide greater levels of detail, such as the mail header for a message. In addition, Google would demand to see a search warrant before giving government investigators access to actual email content. Tellingly, the percentage of information requests that Google has fulfilled has dropped slightly over time, from about 75 percent in 2010 to about 66 percent in 2012. Twitter's transparency reporting site offers similarly enlightening reading.
Law-enforcement interests have scuttled past attempts to update ECPA, so it's hard to say whether the current efforts will get any farther. "The only true protection is to understand that anything you put up there can be accessed by somebody else," says Consumer Watchdog's Simpson. "If you don't want that to happen, don't put it in the cloud."
#3: Location data betrayal
Call it the end of the easy alibi: Location data will make it increasingly difficult for you to wander around the world without someone knowing exactly where you are at any given time. Your cell phone is the primary tattletale, but the location data you post to social networking sites are revealing sources, too. Pinpointing your whereabouts will get easier still as other location-beaming devices come online, from smarter cars to smarter watches to Google Glass.
"When you leave your house and go to a friend's house, run errands, go to work, visit a lover -- whatever it is you do -- if your geolocation is tracked and recorded, that's a lot of information about you," says senior policy analyst Jay Stanley, of ACLU's Speech, Privacy and Technology Program.
Armed with this data, advertisers might (for example) send you promotions for nearby businesses, wherever you are. The result could be a nice surprise -- or not. According to a 2011 report by Gartner, "forty-one percent of consumers say they would be concerned about privacy if they were to use mobile location services so that they can receive more targeted offers through advertising or loyalty programs."