Today, the House of Representatives passed controversial legislation that would clarify and expand how data held overseas can be obtained by law enforcement in the United States. The change is part of the massive omnibus spending bill, and it incorporates measures first submitted earlier this year as the CLOUD Act.
The 2,200-plus-page omnibus bill, which deals with $1.3 trillion in spending, is the result of last-minute wrangling ahead of a government shutdown deadline at the end of the week. It will now move ahead to the Senate, where it is expected to be less contentious. President Trump has pledged to sign the bill.
The legislation deals with how governments and courts request data kept outside national borders, where no single country’s court system would have a clear jurisdiction. It’s an increasingly urgent issue as cloud networks spread data across international servers. This came to a head this year in a Supreme Court case considering a US request for data held on a Microsoft server in Ireland.
Right now, those requests are governed by international agreements called “mutual legal assistance treaties,” in which one country will agree to abide by another country’s court system under certain conditions. But CLOUD Act proponents say that system has become unsustainable, as foreign countries grow frustrated with invoking international diplomacy to prosecute local crimes involving iCloud or Gmail.
A number of nonprofit groups oppose the bill on privacy grounds, including the American Civil Liberties Union, Electronic Frontier Foundation, Amnesty International, and the Open Technology Institute. The harshest criticism focuses on the new powers granted to the attorney general, who can enter into agreements with foreign countries unilaterally. Those agreements could potentially circumvent the protections of US courts. The act also wouldn’t require users or local governments to be notified when a data request is made, making meaningful oversight significantly harder.
“The CLOUD Act represents a major change in the law — and a major threat to our freedoms,” ACLU legislative counsel Neema Gulani wrote earlier this month. “Congress should not try to sneak it by the American people by hiding it inside of a giant spending bill.”
The Electronic Frontier Foundation also voiced displeasure in a tweet, saying the decision to include the CLOUD Act was “[b]ecause of failures by some lawmakers to review and markup legislation in a responsible manner.”
BREAKING: Because of failures by some lawmakers to review and markup legislation in a responsible manner, the dangerous cross-border data bill the CLOUD Act was just approved by the House of Representatives in a 256-167 vote for a massive omnibus spending bill.— EFF (@EFF) March 22, 2018
Microsoft president Brad Smith, however, tweeted before the vote that the move was a “critical step forward” for clarifying the law. “The proposed CLOUD Act creates a modern legal framework for how law enforcement agencies can access data across borders,” he said in the statement.