클라우드컴퓨팅 서비스의 이용자 정보 압수·수색에 관한 고찰

Cloud computing is computing that utilizes Internet technology to provide virtualized information technology (IT) resources as a service. Users of cloud computing services can store information in the IT resources of those who provide cloud computing services, and if the Internet is available, they can freely manage information anytime, anywhere through mobile devices. According to Gartner, the market size of cloud computing in 2021 is expected to be $278.3 billion, up 91.5% from 17 years ago, and the domestic public cloud market is also expected to reach 3.44 trillion won by 2021. Cloud computing services have already become quite common not only to companies dealing with big data but also to the general public. And at the same time, cybercrime using cloud computing as a means is soaring. In fact, a massive investigation was conducted in March last year into the distribution of illegal sexual exploitation using Mega Cloud, which has a server in New Zealand. As the cloud industry becomes active, the need and importance of information in the cloud as evidence will grow further under the criminal law. However, it is insufficient to explain the search and seizure of information in cloud computing services only by discussing the search and seizure of conventional electronic information. This is because of the unique characteristics of cloud computing services. Assuming the search and seizure of user information on cloud computing services, the following issues should be considered: First of all, whether user information can be confiscated and searched in the cloud computing service, whether it is possible to confiscate or search user information in the cloud computing service, and whether it is possible to guarantee the participation rights and preserve evidence. Furthermore, the information is physically stored on the cloud computing service provider's server, and it is a problem whether it can be confiscated and searched remotely and offshore. However, remote and offshore confiscation and search are virtually impossible without cooperation, such as providing passwords for access to information, ⑤ it is possible to impose a cooperative obligation on users or providers, and ⑥ Furthermore, it is possible to request user information directly from cloud computing service providers. ⑦ And finally, there is a need for proper treatment of seized information or surviving sources to be discussed. The above issues may be resolved by discourse on conventional digital evidence, but there are also many issues that need to be newly discussed. Therefore, the purpose of this paper is to comprehensively review the existing discussions on each issue, current discussions on enactments and amendments, and overseas legislation regulations for the search and seizure of user information on cloud computing services.