CNET reports on the CLOUD Act being signed into law by President Trump, and how this legislation increases the US governments access to online data stored by US companies regardless of where the servers are located:
Lawmakers added the CLOUD Act (PDF), which stands for Clarifying Lawful Overseas Use of Data Act, to the spending bill before the final House and Senate votes Thursday. It updates the rules for criminal investigators who want to see emails, documents and other communications stored on the internet. Now law enforcement won’t be blocked from accessing someone’s Outlook account, for example, just because Microsoft happens to store the user’s email on servers in Ireland.
The law also lets the US enter into agreements to send information from US servers to criminal investigators in other countries with limited case-by-case review of requests.
The CLOUD Act offers an alternative to the current process for sharing internet user information between countries, called MLAT, or a mutual legal assistance treaty. Both law enforcement agencies and tech companies say using such a treaty to request data is cumbersome and slow. The fix has the technology sector divided though. Tech companies, such as Microsoft, favor the change. But privacy advocates say it could help foreign governments that abuse human rights by aiding their access to online data about their citizens.
This sounds all fine and dandy, but how effective will it really be? How will this law not be abused to collect data on individuals not necessarily accused of a crime?
Sen. Ron Wyden, a privacy-oriented Democrat from Oregon, said in a letter last week (PDF) that while the MLAT process needs to be updated, the CLOUD Act has a big problem in the way it lets the executive branch hash out individual agreements with foreign companies on data sharing. That “places far too much power in the President’s hands and denies Congress its critical oversight role,” Wyden wrote.
Neema Singh Guliani, legislative counsel at the ACLU, said the bill doesn’t account for the fact that a foreign country’s government might have a good human rights record one day, but start eroding those rights after coming to a data sharing agreement with the US. “Human rights are not static,” she said.
These are valid concerns that are more worrisome than not. How, and who, will prevent the global governments from abusing this capability?