Advertisement

As the CLOUD Act sneaks into the omnibus, big tech butts heads with privacy advocates

As the CLOUD Act sneaks into the omnibus, big tech butts heads with privacy advocates
From TechCrunch - March 22, 2018

As the House advances a 2,232-page spending bill meant to avert a government shutdown, privacy advocates and big tech companies arent seeing eye to eye about a small piece of legislation tucked away on page 2,212.

The Clarifying Lawful Overseas Use of Data Act, a.k.a. the CLOUD Act (H.R.4943,S.2383) aims to simplify the way that international law enforcement groups obtain personal data stored by U.S.-based tech platformsbut the changes to that process are controversial.

As it stands, if a foreign government wants to obtain that data in the course of an investigation, a series of steps are necessary. First, that government must have a Mutual Legal Assistant Treaty (MLAT) with the U.S. government in place, and those treaties are ratified by the Senate. Then it can send a request to the U.S. Department of Justice, but first the DOJ needs to seek approval from a judge. After those requirements are met, the request can move along to the tech company hosting the data that the foreign government is seeking.

The debate around the CLOUD Act also taps into tech company concerns that foreign nations may move to pass laws in favor of data localization, or the process of storing users personal data within the borders of the country of which they are a citizen. That trend would prove both costly for cloud data giants and difficult, upending the established model of cloud data storage that optimizes for efficiency rather than carefully sorting out what data is stored within the borders of which country.

In a February 6 letter, Microsoft,Apple, Google, Facebook and Oath (TechCrunchs parent company) co-authored a letter calling the CLOUD Act notable progress to protect consumers rights.

In a late February blog post, Microsoft Chief Legal Officer Brad Smith addressed the issue. The CLOUD Act creates both the incentive and the framework for governments to sit down and negotiate modern bi-lateral agreements that will define how law enforcement agencies can access data across borders to investigate crimes, Smith wrote. It ensures these agreements have appropriate protections for privacy and human rights and gives the technology companies that host customer data new statutory rights to stand up for the privacyrights of their customers around the world.

In a recent opinion piece, ACLU legislative counsel Neema Singh Guliani argues that the CLOUD Act sidesteps oversight from both the legislative and judicial branches, granting the attorney general and the state department too much discretion in choosing which governments the U.S. will enter into a data exchange agreement with.

The Center for Democracy and Technology also opposes the CLOUD Acton the grounds that it fails to protect the digital privacy of American citizens and the Electronic Frontier Foundation dismissed the legislation as a new backdoor around the Fourth Amendment. The Open Technology Institute also denounced the CLOUD Acts provision to allow qualifying foreign governments to enter into an executive agreement to bypass the human rights protective Mutual Legal Assistance Treaty (MLAT) process when seeking data in criminal investigations and to seek data directly from U.S. technology companies.

Advertisement

Continue reading at TechCrunch »