Another eleventh-hour spending bill passed through the U.S. Congress and was signed into law on March 23, 2018. This time, however, there was a certain earmark that may work to erode individual privacy protection around the globe. The new law, called the Clarifying Lawful Overseas Use of Data (or CLOUD) Act, amends the Stored Communications Act of 1986 and gives unelected American officials extensive powers over global digital privacy rights.
The law allows U.S. officials, and those nations that the U.S. deems worthy, to extend their reach when they are looking to obtain digital information that isn’t hosted in the United States. With overwhelming support of both the U.S. Department of Justice and major technology companies, Congress didn’t waiver and pushed it through with the spending omnibus only a day after it was given to legislators.
What Does This Mean?
For the individual, this law is seemingly a major loss. Now governments from all around the world have fewer impediments when conducting criminal and civil investigations. The new law allows them access to see an individual’s personal information or their interpersonal communications with others. Traditionally, when foreign governments requested content information from U.S.-based technology companies, it wasn’t always a formality that the American companies would comply. Since the U.S. deals with many nations, if information is requested by a foreign government, they would typically decide whether the nation that is requesting the data had a prior record of human rights abuses, and then decided whether they will put pressure on the company to comply with said government. In fact, the U.S. is a member of the Mutual Legal Assistance Treaty (MLAT), and largely dealt with them exclusively to avoid giving information that could put human lives at risk.
With the passage of the CLOUD Act, the executive branch of the U.S. Government, led by President Donald Trump and Attorney General Jeff Sessions, will be able to determine who to share this information with, and who to deny it to. In essence it undoes the protections that were in place to ensure that data wouldn’t be used as a bargaining chip by the executive branch. By removing the protection of legislative and judicial oversight, a lot of power has been placed in the hands of appointees in high-profile executive cabinet positions, even though none of these positions were directly elected.
Now, U.S. and foreign law enforcement will have powerful new mechanics at their disposal. They can seize data for any purpose. This puts everyone’s private messages, email, social media activity--some of the most personal moments of a person’s life--on the table, without the process of getting a warrant. Previously, warrants were required, but with the passage of this law, prosecutors are given all the teeth they need to subpoena the records they need.
Here is a short recap of the CLOUD Act. It will:
One organization that has criticized the new law is the Electronic Frontier Foundation. In a public statement, they called it a “dangerous expansion of police snooping” and that it would “erode privacy protections around the globe.” They go on to state:
“Legislation to protect the privacy of technology users from government snooping has long been overdue in the United States, but the CLOUD Act does the opposite, and privileges law enforcement at the expense of the people’s privacy. EFF strongly opposes the bill.”
At Marin Technologies, we think data privacy is important. Unfortunately, a large number of the elected officials in the U.S. Congress apparently aren’t inclined to agree. To ensure that your data stays private, instituting data protections such as encryption is important. What are your thoughts on the CLOUD Act? Could it be beneficial to the United States? Should individuals’ privacy concerns be addressed? Leave your thoughts in the comments section below.