The statute has generated little case law, and it doesn’t explicitly cover journalists publishing at online-only outlets. Many commentators have argued that it does, citing the clause “other similar form of public communication.” But the only case to present that issue to a court failed to resolve it: Steve Jackson Games, Inc. v. United States Secret Service, decided in 1994 by the U.S. Court of Appeals for the Fifth Circuit.

In that case, the Secret Service searched the offices of a computer bulletin board operator and seized computers, disks, and other materials. While the court held that the agents violated the PPA, it based its holding on the fact that the company also published books and magazines, which are explicitly covered by the PPA. The statute should be amended to cover—explicitly—people who use the Internet to communicate with the public.

The cloud raises other PPA questions, too. The act’s protection is countenanced in terms of possession, rather than, say, location. So who “possesses” the stuff in the cloud? There’s no case law directly on point, but it seems logical that if a journalist stored a document in the cloud, then the document would be hers. The cloud would act as a digital desk drawer, and the presence of the cloud provider—a mere intermediary, without control of the document’s content—would not destroy the journalist’s possession.

Plus, making a general claim that people don’t possess things in the cloud could put the government in a strange position. Consider this hypothetical: in one case, prosecutors want to argue that a journalist doesn’t possess a story draft in the cloud, and in a different case prosecutors want to nail someone for possessing child pornography in the cloud.

For these reasons, the PPA should be amended to protect—in terms of possession—the data that journalists and other public communicators store online. But if Congress decides that users don’t “possess” their cloud-based data, in turn allowing the government to request the data from the provider, then the PPA should be amended to require the government to give notice to journalists before doing so. That would give them a chance to challenge the subpoena—and to sue for damages if the government failed to give notice. Also, to address any concerns the government might have about a provider destroying or withholding evidence after receiving a subpoena, the statute could make it absolutely clear that the provider would be required to preserve the data pending the outcome of the challenge.

The cloud might never be the best place for journalists to store sensitive information, because of technical security risks. But for non-sensitive information, at least, it’s going to play an increasingly important role at news organizations. It wouldn’t make sense for the PPA to protect journalists who use local computer servers but not journalists who use the cloud. In short, the PPA needs to keep up by acknowledging changes in technology and the reality that today many people, including journalists, create and store things online. We no longer live in the 1980-world where the PPA was passed. It needs to enter the digital era.

If you'd like to get email from CJR writers and editors, add your email address to our newsletter roll and we'll be in touch.

Jonathan Peters is CJR's press freedom correspondent. An attorney, he is an assistant professor of journalism at the University of Kansas, where he teaches and researches media law and policy, with an affiliate research position exploring big data and Internet governance in the KU Information & Telecommunication Technology Center. Peters has blogged on free expression for the Harvard Law & Policy Review, and he has written on legal issues for Esquire, The Atlantic, Slate, The Nation, Wired, and PBS. Follow him on Twitter @jonathanwpeters.