> If my wife has access to it, then I am not protected. If I live in an apartment, then the landlord has access.
Apartments and safe deposit boxes are actually an excellent example of my point. There are legal and cultural restrictions on how a landlord or bank may access your apartment or safe deposit box. So those are protected by the 4th amendment. There are no such restrictions when it comes to data hosted in the cloud. If your landlord or your bank routinely rifled through your apartment or safe deposit box, as internet companies do with your digital accounts, then they very well might not be protected by the 4th amendment.
> It's about your expectation of privacy. If you expect something to be private
No, it's about "reasonable" expectation of privacy. And it's about whether that expectation is objectively reasonable, not subjectively reasonable. The fact that people have access to your documents is not determinative of whether an expectation of privacy is objectively reasonable, but is a strong factor in the analysis. Your expectation of privacy is a lot more reasonable when you're talking about an apartment, which a landlord may enter without permission only in an emergency, then when you're talking about an online account your service provider routinely rifles through in order to target advertising.
> While the government can physically obtain such information, they are prohibited to do so by law. So it's not a fiction, it's the law.
Sure, the 4th amendment is a fiction in the sense that all law is a fiction. My point is that the boundaries of the law do not need to be coextensive with the social fiction. Just because many people treat Facebook accounts as "private" does not mean that doing so is objectively reasonable in light of how many people at Facebook have access to those accounts, and in light of Facebook's data mining of those accounts. The appropriate legal standard may well be higher. E.g. expectation of privacy is only objectively reasonable when online accounts are end-to-end encrypted and not routinely data-mined.
Uh, but this end-to-end encrypted stuff is exactly what happens: We use https to upload stuff to our amazon servers, and crunch the data, and bring it back to us using https.
Should there not be 4th amendment protection in that case? And if so, and if the NSA accessed such data, how could their access possibly have been legal? The Patriot Act is not allowed to contradict the Constitution, and if it does, the Constitution takes precedence.
Oh, forgot, since it's held by a third-party, of course the government can collect this. I bet they take "unscheduled" snapshots that don't show up in the console. The Amazon workers are told to "just do your job" by their legal department. Right? Prove me this is not happening already.
Also, it matters not if it's encrypted, on the way, because the NSA has the capability to compromise the machines that contain the private keys. (Hackers with keyboards or goons with guns in datacenters).
You not being sure one way or another does not mean they haven't. So you must assume they have. Which is what Europeans and Canadians are doing and keeping their stuff off the US cloud servers.
It's pointless to talk to someone who concludes that the NSA is willing to ignore the law simply by extrapolating from things it has done that demonstrate intent to stay within the law as understood.
Apartments and safe deposit boxes are actually an excellent example of my point. There are legal and cultural restrictions on how a landlord or bank may access your apartment or safe deposit box. So those are protected by the 4th amendment. There are no such restrictions when it comes to data hosted in the cloud. If your landlord or your bank routinely rifled through your apartment or safe deposit box, as internet companies do with your digital accounts, then they very well might not be protected by the 4th amendment.
> It's about your expectation of privacy. If you expect something to be private
No, it's about "reasonable" expectation of privacy. And it's about whether that expectation is objectively reasonable, not subjectively reasonable. The fact that people have access to your documents is not determinative of whether an expectation of privacy is objectively reasonable, but is a strong factor in the analysis. Your expectation of privacy is a lot more reasonable when you're talking about an apartment, which a landlord may enter without permission only in an emergency, then when you're talking about an online account your service provider routinely rifles through in order to target advertising.
> While the government can physically obtain such information, they are prohibited to do so by law. So it's not a fiction, it's the law.
Sure, the 4th amendment is a fiction in the sense that all law is a fiction. My point is that the boundaries of the law do not need to be coextensive with the social fiction. Just because many people treat Facebook accounts as "private" does not mean that doing so is objectively reasonable in light of how many people at Facebook have access to those accounts, and in light of Facebook's data mining of those accounts. The appropriate legal standard may well be higher. E.g. expectation of privacy is only objectively reasonable when online accounts are end-to-end encrypted and not routinely data-mined.