The United States Congress passed late last night a $1.3 trillion budget spending bill that also contained a piece of legislation that allows internal and foreign law enforcement access to user data stored online without a search warrant or probable cause.
The legislation is the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), a bill proposed in mid-February, this year (S. 2383 and H.R. 4943).
Lawmakers use toddler trick to pass controversial bill
US officials never discussed the bill, but merely appended it to the Omnibus budget spending bill (page 2201) they introduced in Congress on Wednesday night.
The budget bill was deemed a priority and officials were almost forced to approve it in its current form to avoid a complete US government shutdown starting next week.
The budget bill passed a day later, Thursday, with a 256-167 vote in the House of Representatives, and a 65-32 vote on the Senate floor, including with the embedded CLOUD Act that got zero discussion, feedback, or modifications from regulators.
What is the CLOUD Act?
The unaltered and now official CLOUD Act effectively gets rid of the need for search warrants and probable cause for grabbing a US citizen's data stored online.
US police only need to point the finger at some account, and tech companies must abide and provide all the needed details, regardless if the data is stored in the US or overseas.
Further, the bill recognizes foreign law enforcement and allows the US President to sign data-sharing agreements with other countries without congressional oversight. The CLOUD Act will then allow foreign law enforcement to require data on their own citizens stored in the US, also without obtaining a warrant or proving probable cause.
Privacy groups like the Electronic Frontier Foundation argue that in the US' hunt for criminals located in other countries, it might enter data-sharing agreements with countries known for human rights abuses and allow autocratic regimes easy access to their own citizen's data. Since there's no more need for a foreign law enforcement agency to obtain US warrants or prove probable cause, this opens the door wide open to political abuses.
But these data-sharing agreements might be a poisoned pill that could be employed for espionage and intelligence gathering as well. For example, foreign law enforcement could request data from their own citizens engaging in communications with US citizens. Tech companies will then be required to pass over that foreign citizens' entire communications, including his messages exchanged with the US person, potentially exposing details that an intelligence agency will consider valuable.
EFF: There was no need to backdoor the Fourth Amendment
Nonetheless, giving law enforcement access to data stored overseas could have been done by preserving the need for search warrants and proving probable cause, and without backdooring the Fourth Amendment, as EFF experts bluntly put it.
The reason why the CLOUD Act was proposed in the first place was to end any future litigations like the one put forward by Microsoft five years ago when it fought a US police's request to access a US citizen's data stored on a server in Ireland.
Regulators also argued the CLOUD Act will help with fighting terrorism, albeit its most important impact will be in going after ordinary criminals, like fraudsters, hackers, scammers, and more.
Comments
forum11 - 7 months ago
Using the referenced congress.gov links, S. 2383 and H.R. 4943 both still show as “Introduced” not passed by either the House or Senate. And looking up the omnibus budget spending bill (H.R. 1625 - Consolidated Appropriations Act, 2018), which as noted has the CLOUD Act on page 2201, congress.gov currently indicates it is in the “Resolving Differences” state. So at least according to the public facing online records this is not a done deal.
campuscodi - 7 months ago
Those pages take time to update. Give it time.
forum11 - 7 months ago
I figured as much. While I'm very familiar with the site as an official source, I don't think I've ever tried to query it for near real-time data as I did today. Clearly it's not suitable for that. You must have obtained more current data from some other source, but even the linked EFF article (dated March 13) was of course talking about it as just a proposal. Later on I found the following EFF article dated March 22: https://www.eff.org/deeplinks/2018/03/responsibility-deflected-cloud-act-passes
DavidLMO - 7 months ago
CLOUD was buried in the Monster Budget SHAM^H^H^H^H Bill. When Trump signed the embodying bill (the budget) the CLOUD was enacted. With ZERO hearings in Committees or the House or Senate. A total SHAM.
forum11 - 7 months ago
Any US citizen with a senator or house rep that voted for this (Yae) should be asking said official at least two questions: 1. Did you read the CLOUD Act text included in the spending bill? 2. If so, why did you vote for it?
Seriously people - These questions need to be asked. Let your Congress critters know you are paying attention!
DavidLMO - 7 months ago
And some real questions .... like just WHO put this POS in the Budget bill? WHO!!!! ?????
forum11 - 7 months ago
Well, the EFF article I referenced said "Congressional leadership—negotiating behind closed doors", but it's a safe bet that the CLOUD Act cosponsors (10 in the house, 10 in the senate - easy to look-up at congress.gov using the original links from CC) were part of this. The earlier EFF article called out senators Hatch, Graham, Coons, and Whitehouse as they were the first three senators back in early February to introduce the bill. Regardless, if your senator or rep voted for this under the spending bill (check the voting records on H.R. 1625), either intentionally or unintentionally, it's important to voice your displeasure.