The CLOUD Act, or to give it full nomenclature, the Clarifying Lawful Overseas Use of Data Act, has been passed into law by POTUS 45. This little act has been touted as an update to the ECPA, or Electronic Communications Privacy Act, and ostensibly, this is the case. What is worrying, though, is the way that it has been signed into law as a part of the Omnibus Spending Bill, without the oversight that a base privacy law should have been given. It feels like it has been smuggled through.
This is an act that has been praised by technology companies. The below is an outtake from a joint letter from Apple, Google, Facebook, Microsoft, and Oath (the new name for Yahoo).
The new Clarifying Lawful Overseas Use of Data (CLOUD) Act reflects a growing consensus in favor of protecting Internet users around the world and provides a logical solution for governing cross-border access to data. Introduction of this bipartisan legislation is an important step toward enhancing and protecting individual privacy rights, reducing international conflicts of law and keeping us all safer.
And vilified by privacy and civil rights organizations. This is an outtake of what the ACLU thinks of the law.
The CLOUD Act represents a major change in the law — and a major threat to our freedoms. Congress should not try to sneak it by the American people by hiding it inside of a giant spending bill. There has not been even one minute devoted to considering amendments to this proposal. Congress should robustly debate this bill and take steps to fix its many flaws, instead of trying to pull a fast one on the American people.
- Includes a weak standard for review that does not rise to the protections of the warrant requirement under the 4th Amendment.
- Fails to require foreign law enforcement to seek individualized and prior judicial review.
- Grants real-time access and interception to foreign law enforcement without requiring the heightened warrant standards that U.S. police have to adhere to under the Wiretap Act.
- Fails to place adequate limits on the category and severity of crimes for this type of agreement.
- Fails to require notice on any level – to the person targeted, to the country where the person resides, and to the country where the data is stored. (Under a separate provision regarding U.S. law enforcement extraterritorial orders, the bill allows companies to give notice to the foreign countries where data is stored, but there is no parallel provision for company-to-country notice when foreign police seek data stored in the United States.)
- The CLOUD Act also creates an unfair two-tier system. Foreign nations operating under executive agreements are subject to minimization and sharing rules when handling data belonging to U.S. citizens, lawful permanent residents, and corporations. But these privacy rules do not extend to someone born in another country and living in the United States on a temporary visa or without documentation.
It seems that there are two sides to this story, and they are diametrically opposed. Why would the technology companies be on one side of the fence, and the civil rights organisations on the other? Especially considering Google’s mantra of “Do no Evil.” The wordings of legal documents often cause this type of result. Their intention is to be clear and leave little to no wriggle room for interpretation, but as you can see, the act has been read completely differently.
This post was previously published on http://www.tvpstrategy.com
—– Read More —–