Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

President Signs CLOUD Bill, Granting Access to Overseas Data

March 27, 2018

As Engadget reported, the president signed the 2,000-page Omnibus Spending Bill which included legislation making it easier for law enforcement to get access to data in other countries.

Officially known as Clarifying Lawful Overseas Use of Data Act, CLOUD was created to replace the current rules for cross-border access to data, which require requests for info to be ratified by the Senate and vetted by the DOJ. The new rules give the DOJ the power to obtain the data of US-based tech companies stored overseas, such as the Outlook e-mails Microsoft stores in Ireland. It also allows the agency to make agreements with foreign governments seeking data from US tech corporations even without approval from Congress or the courts.

Apple, Google, Microsoft, Facebook and Oath (Engadget's parent company) believe the CLOUD Act is better than its predecessor and sent a letter to the Senate in support of the bill. They said that it "would create a concrete path for the US government to enter into modern bilateral agreements with other nations that better protect customers."

Somehow, none of that makes any sense to me. I agree with the Electronic Frontier Foundation which has listed the reasons why it thinks the new set of regulations is "a dangerous expansion of police snooping on cross-border data." It said the bill is nearly identical to the US-UK Agreement for stored data and that lawmakers failed to address privacy advocates' issues.

The EFF also says the new set of rules includes a weak standard for review, grants real-time access to foreign law enforcement and doesn't place adequate limits on the severity of the crime it can apply to. Also, the privacy rules protecting data belonging to US citizens and lawful permanent residents don't apply to temporary visa holders and residents without documentation.

US tech companies can refuse to hand over data under the new regulations and can ask foreign countries seeking access to information to adhere to the older set of rules. They can do that, for example, if they believe those nations want to use the info they have to crack down on journalists and opposing politicians. As ACLU legislative counsel Neema Singh Guliani has said, though, that means the "public is going to be largely reliant on those companies."

You know what? The very fact that this significant legislation was buried in the spending bill suggests to me that the EFF is right.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson