Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era

66 Pages Posted: 18 Jun 2009 Last revised: 27 Oct 2012

See all articles by Christopher Soghoian

Christopher Soghoian

Yale University - Yale Information Society Project

Date Written: August 17, 2009


Over the last few years, consumers, corporations and governments have rushed to move their data to “the cloud,” adopting web-based applications and storage solutions provided by companies that include Amazon, Google, Microsoft and Yahoo.

Unfortunately the shift to cloud computing needlessly exposes users to privacy invasion and fraud by hackers. Cloud based services also leave end users vulnerable to significant invasions of privacy by the government, resulting in the evisceration of traditional Fourth Amendment protections of a person’s private files and documents. These very real risks associated with the cloud computing model are not communicated to consumers, who are thus unable to make an informed decision when evaluating cloud based services.

This paper will argue that the increased risk that users face from hackers is primarily a result of cost-motivated design decisions on the part of the cloud providers, who have repeatedly opted to forgo strong security solutions already used in other Internet based industries.

With regard to the intrusion upon user privacy performed by government agencies, fault for this privacy harm does not lie with the service providers; but the inherently coercive powers the government can flex at will. The third party doctrine, which permits government agents to obtain users’ private files from service providers with a mere subpoena, is frequently criticized by privacy scholars. However, this paper will argue that this doctrine becomes moot once encryption is in use and companies no longer have access to their customers’ private data. The real threat to privacy lies with the fact that corporations can and have repeatedly been forced to modify their own products in ways that harm end user privacy, such as by circumventing encryption.

Keywords: cloud computing, privacy

Suggested Citation

Soghoian, Christopher, Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era (August 17, 2009). 8 J. on Telecomm. and High Tech. L. 359, Berkman Center Research Publication No. 2009-07, Available at SSRN:

Christopher Soghoian (Contact Author)

Yale University - Yale Information Society Project ( email )

127 Wall Street
New Haven, CT 06511
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics