How the CLOUD Act Will Affect Your Security
On March 23rd, 2018, the United States Congress passed another spending bill that could potentially limit individual privacy protection all over the world. This bill included a provision called the Clarifying Lawful Overseas Use of Data (or CLOUD) Act, which makes changes to the Stored Communications Act of 1986 and provides unelected American officials a considerable amount of power over digital privacy rights.
The basic gist of this law is that U.S. officials and others involved with them could potentially obtain digital information that isn’t hosted on their home turf. This law garnered overwhelming support from both the U.S. Department of Justice and major technology companies, prompting Congress to push it through.
What Does This Mean?
At a glance, this law represents a significant loss for the individual. It’s now easier than ever before to conduct criminal and civil investigations. Part of this law also allows for access to personal information and communication as well. Prior to the passing of this law, foreign governments would have to go through the proper channels in order to access information from U.S.-based technology companies.
Naturally, these companies wouldn’t necessarily consent so easily. Due to the multitude of nations that the United States deals with on a regular basis, before submitting to a request for information from a foreign entity, there would be much thought put into factors such as records of human rights abuses and other pressures placed on the company to make the decision. As a member of the Mutual Legal Assistance Treaty, or MLAT, the United States is hesitant to provide any information that could place human lives at risk, but the CLOUD Act can potentially shake these responsibilities up.
In the wake of this new law, the executive branch of the United States government will be able to control who this information is shared with, as well as who it’s not shared with. At the helm of such decisions are U.S. President Donald Trump and Attorney General Jeff Sessions. Data can now effectively be used as bargaining chips by the executive branch. Consequently, there has been a lot of power placed in the hands of appointees that haven’t necessarily been directly elected to positions of authority.
The United States and other law enforcement agencies around the globe will have powerful new ways to seize data for any express purpose. Therefore, the average user’s private messages via email or social media can now be confiscated and looked upon without a search warrant. This puts the personal information of so many users right in the crosshairs of people who now have a legal right to view it.
Below is a short explanation for what changes the CLOUD Act will bring about:
- Enable foreign police to collect and wiretap people’s interpersonal communications without obtaining a warrant to do so.
- Allows foreign nations to demand records saved and stored by American companies.
- Allows the U.S. President to enter “executive agreements” designed to help foreign police agencies obtain data regardless of that regime’s human rights record.
- Allows foreign police to obtain and collect data without notifying the party.
- Gives U.S. police the right to grab data anyplace, no matter where it is stored.
The Electronic Frontier Foundation has been a particular opponent of this new law. They issued a public statement that decreed it a “dangerous expansion of police snooping” and that it would “erode privacy protections around the globe.” They go on to state:
“Legislation to protect the privacy of technology users from government snooping has long been overdue in the United States, but the CLOUD Act does the opposite, and privileges law enforcement at the expense of the people’s privacy. EFF strongly opposes the bill.”
Clearly any act that limits the privacy of any technology is going to be to be controversial. Where does your business stand? Let us know in the comments below.