As the CLOUD Act opens the door to enable “international law enforcement groups obtain personal data stored by U.S.-based tech platforms,” data privacy and having control of your and your customer’s data becomes even more crucial. SkyFlok puts you in the driver seat to control where in the world your data is stored, intelligently spreads your files over multiple providers of your choice, and prevents any single Cloud provider to disclose your data. Be ready to protect your privacy.
As the House advances a 2,232-page spending bill meant to avert a government shutdown, privacy advocates and big tech companies aren’t seeing eye to eye about a small piece of legislation tucked away on page 2,212.
The Clarifying Lawful Overseas Use of Data Act, a.k.a. the CLOUD Act (H.R.4943, S.2383) aims to simplify the way that international law enforcement groups obtain personal data stored by U.S.-based tech platforms — but the changes to that process are controversial.
As it stands, if a foreign government wants to obtain that data in the course of an investigation, a series of steps are necessary. First, that government must have a Mutual Legal Assistant Treaty (MLAT) with the U.S. government in place, and those treaties are ratified by the Senate. Then it can send a request to the U.S. Department of Justice, but first the DOJ needs to seek approval from a judge. After those requirements are met, the request can move along to the tech company hosting the data that the foreign government is seeking.
The debate around the CLOUD Act also taps into tech company concerns that foreign nations may move to pass laws in favor of data localization, or the process of storing users’ personal data within the borders of the country of which they are a citizen. That trend would prove both costly for cloud data giants and difficult, upending the established model of cloud data storage that optimizes for efficiency rather than carefully sorting out what data is stored within the borders of which country.
In a February 6 letter, Microsoft, Apple, Google, Facebook and Oath (TechCrunch’s parent company) co-authored a letter calling the CLOUD Act “notable progress to protect consumers’ rights.”
In a late February blog post, Microsoft Chief Legal Officer Brad Smith addressed the issue. “The CLOUD Act creates both the incentive and the framework for governments to sit down and negotiate modern bi-lateral agreements that will define how law enforcement agencies can access data across borders to investigate crimes,” Smith wrote. “It ensures these agreements have appropriate protections for privacy and human rights and gives the technology companies that host customer data new statutory rights to stand up for the privacy rights of their customers around the world.”
Today is an important day for privacy rights around the world, for international relations, and for building trust in the technology we all rely on every day. pic.twitter.com/9afiFXmzGn
In a recent opinion piece, ACLU legislative counsel Neema Singh Guliani argues that the CLOUD Act sidesteps oversight from both the legislative and judicial branches, granting the attorney general and the state department too much discretion in choosing which governments the U.S. will enter into a data exchange agreement with.
The Center for Democracy and Technology also opposes the CLOUD Act on the grounds that it fails to protect the digital privacy of American citizens and the Electronic Frontier Foundation dismissed the legislation as “a new backdoor around the Fourth Amendment.” The Open Technology Institute also denounced the CLOUD Act’s provision to “allow qualifying foreign governments to enter into an executive agreement to bypass the human rights protective Mutual Legal Assistance Treaty (MLAT) process when seeking data in criminal investigations and to seek data directly from U.S. technology companies.”
Both organizations acknowledge that improvements to the bill do partially address some of the human rights concerns associated with not requiring an MLAT in a data sharing agreement.
“While this version of the CLOUD Act includes some new safeguards, it is still woefully inadequate to protect individual rights,” OTI Director of Surveillance & Cybersecurity Policy Sharon Bradford Franklin said of the changes.
“Critically, the bill still would permit foreign governments to obtain communications data held in the United States without any prior judicial review, and it would allow foreign governments to obtain U.S.-held communications in real time without applying the safeguards required for wiretapping by the U.S. government. ”
The Consumer Technology Association voiced its support of the altered bill in a press release issued Thursday. “CTA thanks the House of Representatives for taking steps to empower America’s digital infrastructure for the 21st century. The inclusion of the CLOUD Act and RAY BAUM’S Act in today’s legislation ensures Americans can safely create, share and collect electronic data while providing them the resources to do so.”
While some changes made aspects of the bill more palatable to digital privacy watchdogs, some are objecting to the choice to tack it onto the omnibus spending bill.