Abstract

Cloud computing is generally favored for its provision of flexible on demand computing
services. This is rendered possible by its multi-tenant and elastic properties based on which various
virtual resources, all hosted on the same physical machine and allocated based on demand, are
shared among numerous users unknown to one another. Within public clouds, this infrastructure
exposes users to the risk of having their data stored alongside that of criminals using the cloud to
store information relating to their illegal activities. As such, when law enforcement officers use
digital forensics to search and seize data regarding criminal activity from servers that host public
clouds, they may incidentally access the data of innocent cloud users in the process because there is
no segregation between innocent users’ information and that of the individual being investigated.
Using a comparative methodology, this Article argues that, while neither United States nor
Canadian law serves to provide a sufficient degree of protection to the private data of innocent
cloud users during cloud computing forensic investigations, safeguards offered in the United States
to this effect are somewhat more accentuated than those extended by its Canadian counterpart.
This is achieved by first outlining the privacy violations that innocent cloud users may be subject to
throughout cloud criminal investigations, and then proceeding to examine the manner that the laws
applicable to searches and seizures in each of these jurisdictions influence these incidental privacy
breaches.