A cybersecurity scholar argues that the power to subpoena information that consumers have stored in the cloud is overly broad

Who has copies of your emails? You do, of course, as do all the people you sent them to. But so does Google or Yahoo or whichever cloud email service you use. And emails are just the beginning: more and more of our communications and transactions are happening online and stored by someone for some amount of time.

In this new world, the rules that govern grand jury subpoenas may have troubling implications, argues Joshua Gruenspecht, a cybersecurity expert at the Center for Democracy and Technology, in the spring issue of the Harvard Journal of Law & Technology.

Grand jury subpoenas are used to collect evidence. Unlike warrants, subpoenas can be issued with less than probable cause. The reasoning for the lower bar is in part that if someone does not want to turn over the requested evidence, he or she can contest the subpoena in court. Grand juries can subpoena not only the person who created a document but any third parties who might be in possession of that document. Under the Stored Communications Act, a grand jury can subpoena certain types of data from third parties whose only role is storing that data.