Lost in the Cloud
69 STAN. L. REV. 867 (2017)
873
Different types of storage providers offer a range of different services. This
Note addresses cloud storage services like Dropbox,
18
Carbonite,
19
and Google
Drive,
20
which allow users to create an account and upload files to the cloud for
perpetual storage (so long as the account remains open). Many services also
offer collaboration tools that allow users to, for example, share files or extend
invitations to edit files within the service.
21
Importantly, while nearly all cloud storage accounts are password protect-
ed,
22
most cloud storage services do not encrypt information uploaded by users
in a manner that prevents the provider from accessing the content stored on its
servers.
23
Even Apple, which famously encrypts iMessage data from end to
end,
24
also backs up those messages by default on its iCloud servers in a manner
that makes the content accessible to the company.
25
Usually, cloud storage providers retain access to user data due to concerns
about security, stability, and control of their networks.
26
Cloud storage
services employ different types of automated and human scanning. For
18. See DROPBOX, https://www.dropbox.com (last visited Mar. 3, 2017).
19. See CARBONITE, https://www.carbonite.com (last visited Mar. 3, 2017).
20. See GOOGLE DRIVE, https://www.google.com/drive (last visited Mar. 3, 2017).
21. See Kia Kokalitcheva & Jordan Novet, Dropbox Takes on Google Drive with
Collaboration Tools for Microsoft Office, V
ENTUREBEAT (Apr. 9, 2014,
12:44 PM), http://venturebeat.com/2014/04/09/dropbox-takes-on-google-drive-with
-collaboration-tools-for-ms-office; see also Collaborate with Shared Folders, D
ROPBOX,
https://www.dropbox.com/guide/business/share/collaborate (last visited Mar. 3,
2017).
22. See, e.g., Dropbox Login Page, DROPBOX, https://www.dropbox.com/login (last visited
Mar. 3, 2017); Google Accounts Sign In Page, G
OOGLE, https://accounts.google.com/
login#identifier (last visited Mar. 3, 2017); see also Is Dropbox Safe to Use?, supra note 11
(“You can also take advantage of two-step verification, a login authentication feature
which you can enable to add another layer of security to your account.”).
23. See Peterson, supra note 14, at 397 (noting that providers have not been quick to
implement large security changes such as encrypting stored data).
24. “End-to-end encryption” means that providers cannot access the content of messages
because the messages are encrypted when sent and are only decrypted upon reaching
the intended recipient’s device. See Privacy, A
PPLE, http://www.apple.com/privacy/
approach-to-privacy (last visited Mar. 3, 2017) (“Apple has no way to decrypt iMessage
and FaceTime data when it’s in transit between devices.”).
25. Kavita Iyer, Apple Can Still Read Your End-to-End Encrypted iMessages, TECHWORM
(Jan. 25, 2016), http://www.techworm.net/2016/01/apple-can-still-read-end-end
-encrypted-imessages.html.
26. See, e.g., Google Privacy Policy, supra note 7 (“We use the information we collect from all
of our services to provide, maintain, protect and improve them, to develop new ones,
and to protect Google and our users.”); see also Gibbs, supra note 7 (reporting that
Google, a cloud storage provider, updated its terms of service to detail that it performs
automated scanning of e-mails for purposes such as “customised search results, tailored
advertising, and spam and malware detection”).