A federal appeals court has ruled that state officials violated the Fourth Amendment when they orchestrated the covert retrieval of documents from a nonprofit’s Dropbox folder, an outcome that significantly strengthens legal protections for digital privacy in cloud-based environments.
In a 25-page decision issued May 28, 2025, the US Court of Appeals for the Fifth Circuit held that The Heidi Group, a Texas-based pro-life healthcare organization, had a reasonable expectation of privacy in its digital files and that a state investigator’s role in acquiring them without judicial authorization amounted to an unconstitutional search.
We obtained a copy of the decision for you here.
Writing for the court, Judge Andrew S. Oldham emphasized that the constitutional right to be free from unreasonable searches extends to “the content of stored electronic communications,” including files housed in commercial cloud platforms.
“Heidi has a reasonable expectation of privacy in its documents and files uploaded to Dropbox,” the opinion stated. “Heidi’s records are analogous to letters, phone calls, emails, and social media messages: Each contains information content transmitted through or stored with an intermediary that is not intended to ‘be broadcast to the world.’”
The controversy arose after Phyllis Morgan, a former employee of The Heidi Group, exploited her lingering access to the organization’s Dropbox folder for nearly a year after being terminated.
Rather than reporting the breach or seeking lawful channels to obtain the data, a senior investigator from the Texas Health and Human Services Commission’s Office of Inspector General (OIG), Gaylon Dacus, allegedly encouraged the ex-employee to continue accessing the nonprofit’s confidential materials and forward them to the state.
Hellbound and Down 