Politics

Congress Slips CLOUD Act Into Lengthy Omnibus Spending Bill, Granting Authorities Even More Surveillance Power

No featured image available

House Republicans voted 256 to 167 to pass a $1.3 trillion, 2,232-page spending bill Thursday, which includes deep within the abyss of the bureaucratic legalese, a law that eases law enforcement’s ability to collect people’s information that is stored abroad.

Known as the Clarifying Lawful Overseas Use of Data (CLOUD) Act, the bill (page 2,201) is supported by big players in the larger tech industry, as well as certain lawmakers and the larger intelligence community.

“The CLOUD Act paves the way for the United States to enter modern bilateral agreements for effective investigations of cross-border crime and terrorism –without international legal conflicts — and ensures that customers and data holders are protected by their own nation’s privacy laws,” Democratic Rep. Hakeem Jeffries of New York said in an early February press release that accompanied support from fellow cosponsors like Republican Doug Collins of Georgia.) and Darrell Issa, a Republican from California.

But it’s also opposed by multiple privacy rights groups that argue granting agencies with an already formidable surveillance apparatus increased powers could further erode the trust between people within, as well as outside of, America, and the U.S. government.

“What would happen if the Turkish government asked the U.S. government for the Facebook messages of Turkish human rights activists that were stored on a server in the United States?” Neema Singh Guliani, legislative counsel for the ACLU, asked in an op-ed for The Hill published earlier in the week. “Current U.S. law would help to protect against disclosure of information that is likely to be used to commit human rights abuses, like detention or torture. This is key given Turkey’s troubling human rights record.”

Using her prior work experience in the Department of Homeland Security, Singh continued:

That’s because there is a robust process in place to ensure that the U.S. government only shares such information in cases where these requests have been closely vetted by the Department of Justice and a U.S. judge, who ensures that individuals’ rights are being protected.

But legislation is being introduced now that would allow countries’ to bypass these safeguards and give Attorney General Jeff Sessions and presumptive Secretary of State Mike Pompeo extensive and nearly unchecked power over global digital privacy rights.

Essentially, the provisions within the CLOUD Act make it so that U.S. law enforcement entities, such as the FBI, can lawfully request access to data stored on computer servers stored overseas. Tech companies like Microsoft — which is currently fighting the Department of Justice in a Supreme court battle over the issue — were long worried, at least ostensibly, that American federal agencies are forcing them to not comply with another country’s law (in this case Ireland). The appended legislation would require tech companies to surrender the electronic communications kept abroad when presented with an official warrant, and effectively decide the Supreme Court case before its culmination.

David Ruiz of the Electronic Frontier Foundation calls the CLOUD Act “A New Backdoor Around the Fourth Amendment” because it will allow “police at home and abroad to seize cross-border data without following the privacy rules where the data is stored.” Put differently, Ruiz argues that if data is being communicated or conveyed across country border lines — which is very often due to the natural seamlessness of the internet — then personal information like emails, chat logs, and online content like photos, can be scooped up by U.S. authorities regardless of where it is stored.

Brad Smith, Microsoft’s president, applauded the decision to embed the CLOUD Act within the Omnibus bill because it adds clarity to what is allowed, and is supported by federal entities like the White House and the DOJ as well as “a broad cross section of technology companies.” Also, according to Smith it helps “foreign governments frustrated about their inability to investigate crimes in their own countries” by purportedly fostering an environment where they can more expediently obtain pertinent information for investigations.

“The status quo is untenable,” Jennifer Daskal, an assistant professor of law for American University, and Peter Swire, another influential law professor, wrote in a Lawfare blog post. “The mutual legal assistance (MLA) process through which foreign governments request communications content held by U.S. providers is under unprecedented strain because the number of requests for digital evidence is growing exponentially.”

Daskal and Swire argue that foreign nations for the most part do not have the time to “to convince a distant U.S. judge that the evidence is needed” nor the “plausible budget increase” to “fix the the inevitable delays or sufficiently respond to the growing demand.”

Including Microsoft, Apple, Facebook, Google and Oath (Verizon subsidiary that makes up AOL and Yahoo), wrote a letter in February to select members of Congress expressing their support for the CLOUD ACT.

But some, like Singh, see the resolution as “a dangerous abdication of responsibility by the U.S. government and technology companies” specifically over Americans’ and people around the world’s personal privacy. In other words, she implies that tech companies will no longer be held accountable, at least as much so, for protecting users’ data from law enforcement entities, including police departments.

How much that — knowing there is a relatively diminished required justification threshold for authorities obtaining customer data — could hurt business won’t be clear for some time. Partners, for example, may opt for Amazon data storage offerings, a company that did not include itself in the aforementioned tech companies’ letter of advocation.

Follow Eric on Twitter

Send tips to [email protected].

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact [email protected].