TOP STORIES — Introduction of the CLOUD Act
On February 6, the U.S. Senate and House introduced the Clarifying Lawful Overseas Use of Data Act (the “CLOUD Act”; S.2383, H.R.4943). The CLOUD Act represents a crucial step in addressing the digital privacy concerns of businesses and consumers while also enabling law enforcement to engage in actions that protect public safety.
This CLOUD Act will:
- Provide clear rules for U.S. government access to data stored abroad.
- Provide legal clarity that strengthens personal and business privacy protections for the cloud computing era.
- Strengthen trust in cloud computing in the U.S. and overseas.
- Encourage government-to-government cooperation to protect privacy while enabling law enforcement to pursue investigations.
VFI supports the CLOUD ACT. Please let your members of Congress know you do too!
There were multiple news stories on the introduction that I have included below and throughout the executive briefing.
- Axios; What’s in the CLOUD Act for international data warrants
- Bloomberg; Tech Giants Back U.S. Bill Governing Cross-Border Data Searches
- Just Security; New Bill Would Moot Microsoft Ireland Case — And Much More!
- Lawfare; The CLOUD Act: A Welcome Legislative Fix for Cross-Border Data Problems;
- Politico: May Urges Trump to Support Data Sharing Bill
- The Hill; Hatch introduces bipartisan bill to clarify cross-border data policies
- The Telegraph; Theresa May and Donald Trump discuss North Korea in latest talks – but avoid president’s attack on NHS;
- “In today’s world of email and cloud computing, where data is stored across the globe, law enforcement and tech companies find themselves encumbered by conflicting data disclosure and privacy laws. We need a commonsense framework to help law enforcement obtain critical information to solve crimes while at the same time enabling email and cloud computing providers to comply with countries’ differing privacy regimes. The CLOUD Act creates such a framework and will also help set a precedent for our allies as they deal with this problem too.”
- “They discussed the Clarifying Lawful Overseas Use of Data (Cloud) Act, due to be considered by the US Senate later this month… The Prime Minister [Theresa May] stressed the great importance of the legislation to the UK authorities in investigating criminal and terrorist activity in the UK. The Prime Minister and President Trump agreed the passage of the act through the US legislative system was vital for our collective security.”
Oregon US senators Ron Wyden and Greg Walden are pushing for rural broadband development by requesting billions of dollars in federal funding and advocating for the removal of roadblocks to siting new broadband infrastructure, respectively. Microsoft’s rural broadband efforts are noted in article.
As part of the ongoing symposium series about Microsoft’s warrant case, SCOTUSblog published three contributed posts by Benjamin Battles, solicitor general of Vermont, CDT senior counsel Greg Nojeim and University of Kentucky professor Andrew Keane Woods.
- Battles criticizes the Second Circuit decision in Microsoft’s warrant case highlights how the decision has hampered child exploitation investigations after other providers, notably Google and Yahoo, began to not comply with SCA warrants for data connected to local investigations.
- Nojeim highlights that the amicus briefs filed in the case raise four important questions the Supreme Court should consider in its ruling, most notably if forced disclosures will violate GDPR and whether a decision in favor of the DOJ will invite reciprocal demands.
- Woods’ piece suggests that, no matter how the Supreme Court rules, the world will likely continue to see conflicts related to court-made internet policy, internet privacy, and state sovereignty. Woods describes how these issues will remain because of continued fallout from the Snowden revelations as well as the increasingly globalized nature of technology. He briefly references the CLOUD Act as a bill that could render moot Microsoft’s warrant case.
Deb Socia is the executive director of Next Century Cities, a nonprofit membership org. consisting of 180+ mayors and municipal leaders committed to expanding access to high-quality broadband for all Americans. She notes that while the federal government has taken steps to prioritize rural broadband expansion, they have not yet taken meaningful action. Socia calls for three actions from President Trump, Congress and the FCC to improve broadband access in rural America. These include maintaining accurate information about broadband availability, encouraging local solutions like internet co-ops, and maintaining access to the 3.5GHz band.
The city of Seattle, Washington, claims that Facebook has been violating its 1977 campaign finance law, which states that those who accept advertising dollars from political campaigns be transparent with the public about the “exact nature and extent of the advertising services,” as reported by Fast Company. If Facebook is found to be at fault, it could be liable for $5,000 per violation. The issue began last December, when Seattle newspaper The Stranger attempted to request 2017 state election ad data from Facebook. Unsuccessful, Wayne Barnett, the executive director of the Seattle Ethics and Elections Commission, then sent Facebook a letter saying the company had until January 2nd to comply. Facebook requested a 30-day extension, which was granted.
A recent draft report by the Department of Homeland Security urges authorities to conduct long-term surveillance of Sunni Muslim immigrants with “at-risk” demographic profiles. The report, compiled in January for U.S. Customs and Border Protection acting commissioner Kevin K. McAleenan and published Monday by Foreign Policy magazine, looks at the people behind 25 terrorist attacks in the United States from October 2001 to December 2017 and, based on their demographics, recommends Muslim immigrants be monitored on a “long-term basis.”
One persistent critique of Republicans holds that they are hypervigilant about protecting the powerful, yet blind or unresponsive to injustices suffered by most Americans. At times, the critique is unfair; but it does describe the GOP’s posture toward Donald Trump versus most everyone else who deals with the FBI or U.S. intelligence. President Trump gets the benefit of hyper-vigilance. In the telling of politicians like Representative Devin Nunes and commentators like Sean Hannity (who marshal more outrage and obfuscation than evidence for their claims), the Trump campaign was subjected to improper government surveillance. They attribute the impropriety to FBI agents who allowed their political views to color their actions; to warrant applications that misled the FISA court; and FISA judges who failed to perceive and prevent those abuses.
THINK TANK/TECH TRADE ASSOCIATION HIGHLIGHTS
BSA | The Software Alliance
- Filing on intellectual property trade protections: BSA “highlighted foreign countries that maintain market access barriers to software services, and also emphasized the need for the proper protection and enforcement intellectual property rights” in its annual 301 filing. “The filing stresses the importance of eliminating market access barriers that hamper the flow of data across borders, which is essential to the ability of US companies to keep innovating, creating American jobs, and powering the growth of the digital economy.” (BSA PRESS RELEASE – BSA Calls for Removal of Market Access Barriers and Stronger Intellectual Property Enforcement in Special 301 Trade Filing, February 8, 2018)
- Press release and letter to Congress on CLOUD Act: BSA welcomed the Clarifying Lawful Overseas Use of Data (CLOUD) Act and “organized a multi-association letter with other industry leaders urging members of the House and Senate Judiciary Committee to support the CLOUD Act.” Moreover, the letter argued, “the bill will improve cooperation and dialogue among countries and continue to modernize US privacy laws to reflect current realities.” Signees of the letter included the Internet Association, the Information Technology Industry Council and the US Chamber of Commerce. (BSA PRESS RELEASE – BSA Joins Industry Leaders to Push for Congressional Support of the CLOUD Act, February 6, 2018)
Competitive Enterprise Institute (CEI)
- Blog post on tech competition: Intern Ryan Khurana wrote, “Facebook competes not only against other social media sites like Snap, but also against the likes of Google, Apple, and Microsoft in various domains.” He added, “Consumers are by and large happy with their services. None of the Big Five tech companies—Alphabet, Amazon, Microsoft, Apple, and Facebook—have an approval rating below 60 percent. These companies may be large, but competition among them is as fierce as ever, incentivizing them to consistently innovate and provide consumers with new and better services.” (CEI BLOG – Competition in Tech is More Vibrant than It Looks, By Ryan Khurana, February 8, 2018)
The Federalist Society
- Blog post on the CLOUD Act and the Microsoft search warrant case: ARTIS Research director of energy and natural resources Michael J. Barton argued, “The lawyers representing Microsoft are entirely correct in their assessment that the forum for this debate should not be in the courts but in Congress.” He added, “Congress rather than the courts ought to write our laws and the CLOUD Act is the only piece of legislation under consideration that can resolve the issues at hand and prevent the act of legislation from the bench that would likely ensue if Microsoft’s case proceeds.” (FEDERALIST SOCIETY BLOG – Congress Should Write the Laws Before the Courts Do – United States v. Microsoft Corp., By Michael James Barton, February 6, 2018)
Information Technology Industry Council (ITI)
- Press release on CLOUD Act: ITI “applauded the introduction of the Clarifying Lawful Overseas Use of Data (CLOUD) Act of 2018,” noting that the “bill seeks to incentivize bilateral government cooperation to address conflicts of laws that impede cross-border criminal investigations, while balancing the interests of individuals, communications service providers, and law enforcement to reduce international conflicts.” (ITI PRESS RELEASE – Tech Industry Supports International Data Access Bill, February 5, 2018)
Information Technology & Innovation Foundation (ITIF)
- Statement on CLOUD Act: “The CLOUD Act is a welcome compromise to reforming the current system that would address these problems while protecting consumer privacy, enhancing the capabilities of law enforcement, and preserving international comity,” stated Vice president Daniel Castro. “However, the bill is not perfect. The CLOUD Act would extend the reach of U.S. warrants and legal processes to data stored overseas…A better approach is to continue the hard work of establishing international legal standards for resolving conflicts when multiple countries have jurisdiction over data.” (ITIF STATEMENT – CLOUD Act Brings Congress Closer to Resolving Problem of Cross-Border Data Access, But Changes Needed to Avoid Jurisdictional Conflicts, February 6, 2018)
New America Foundation
- Press release opposing CLOUD Act: Sharon Bradford Franklin, the Open Technology Institute director of surveillance and cybersecurity policy, stated, “Congress is long overdue in updating our laws regarding law enforcement access to electronic data, but the CLOUD Act would move the law in the wrong direction, by sacrificing digital rights.” She added, “This bill creates new privacy threats by allowing real-time surveillance by foreign governments for the first time, and fails to include fundamental safeguards like a requirement for prior independent judicial review of data requests.”(NEW AMERICA BLOG – OTI Opposes the CLOUD Act, February 6, 2018)
- Statement on CLOUD Act: “Innovations in cloud computing have fueled innovation and growth in the U.S. and around the world, but our online privacy laws were developed in 1986 and have failed to keep up with the digital age,” said president and CEO Linda Moore. She added, “Passing the CLOUD Act would be a critical step to safeguard our citizens’ privacy rights, ensure law enforcement has the tools they need to protect us, and enhance cooperation between governments.” (TECHNET STATEMENT – TechNet Urges Congress to Pass The CLOUD Act, February 6, 2018
- “The Senate appears poised to meet that need with the recent release of the CLOUD Act of 2018. That bill may moot the present case, but it will not resolve larger questions about institutional competence in crafting global technology policy… And although courts can be criticized for making policy incrementally, one case at a time, this can be just as much a feature as it is a bug. Legislators are slow to act, and when they finally do act, they often attempt to fix many things at once and far into the future. But in an area involving rapid technological change, big one-time, far-reaching regulatory acts — especially those that are hard to reverse — may not always be preferable to smaller, case-by-case incremental changes to the existing rules.”
- “The Boston Police Department should never conduct surveillance targeting political speech or religious expression, but that’s exactly what their own records show they did when they used this social media monitoring software.”
- “Measured by the number of amicus briefs, if nothing else, Rosenkranz has the upper hand so far. Twenty-three briefs side with Microsoft, while only one backs the government. Seven other briefs were filed “in support of neither side,” nominally, at least, though some are fairly helpful to Microsoft.”
- “[The CLOUD Act] does not resolve the cross-border data problem but it is good start. Privacy and human rights groups will argue that the bill offers insufficient protections for foreign-held data. If you compare the due process protections in this bill with those provided under the Fourth Amendment, it is likely less-privacy protective—meaning that foreign governments will get access to more information than they do currently. But that is not the right comparison. We are heading towards a world in which a growing number of foreign governments force providers to store data locally in order to comply with local orders, regardless of whatever strictures apply under U.S. law. As compared to that world, this bill—which might forestall or prevent localization efforts—offers privacy advocates quite a lot.”
- “The current legal situation is bad for public safety, bad for companies and bad for privacy. To put it bluntly, we will all be less safe, and crimes will continue… The tech companies have worked with us to do all they can within current U.S. legislation. They want us to succeed in public protection and to play their part. But they are constrained by this conflict of laws. That is why they are supporting this legislation.”
- “The most troubling aspect of the 2nd Circuit’s decision, however, is the unnecessary and artificial obstacles it creates for legitimate law enforcement investigations. In its brief to the Supreme Court, the United States explained how SCA warrants are a critical tool in federal criminal investigations, including cases involving terrorism and other threats to national security. The vast majority of criminal investigations, however, are conducted by state and local law enforcement agencies. These cases range from drug trafficking and burglary to murder and child sexual exploitation. State and local law enforcement routinely use SCA warrants to obtain key evidence in these investigations. And prior to the 2nd Circuit’s decision, providers routinely complied with these requests without protest.”
- “The question before the Supreme Court is whether the U.S. government can compel a company in the United States to produce records located outside the United States simply because the company has the “ability” to produce them, irrespective of actual ownership, privacy rights or location of the records. The practical ability test blurs the lines of discovery and corporate information governance. Global companies will need to understand the rules of the road after Microsoft including how they could be compelled to produce data no matter where it is stored.”
- “Legislation to protect the privacy of technology users from government snooping has long been overdue in the United States. But the CLOUD Act does the opposite, and privileges law enforcement at the expense of people’s privacy. EFF strongly opposes the bill. Now is the time to strengthen the MLAT system, not undermine it.”
SOCIAL MEDIA HIGHLIGHTS
- @BradSmi: To help protect Internet users, we’ve long argued for the US Congress to modernize laws. The new, bipartisan CLOUD Act is an important step toward enhancing & protecting privacy while reducing international legal conflicts.
- @EFF: A new piece of U.S. legislation threatens the data privacy of the entire world. The CLOUD Act is a terrible solution to how law enforcement agencies get their hands on data stored outside their borders.
- @reason: Immigration authorities want to be part of the intelligence community and get access to all that sweet surveillance data. That should end well.
- @ShopFloorNAM: The CLOUD Act supports the digital age and modernizes dated privacy laws –>
- @TimJohnson4: As court weighs #Microsoft case, rest of world feels a big stake in #privacy ruling
- @CenDemTech: .@GregNojeim tackles four important questions the #SupremeCourt should address in US v Microsoft, on @SCOTUSblog:
- @connortryan: ACLU alleges Boston police used social media to spy on black and Muslim protesters
- @PolicingProject: Senators introduce CLOUD act to clarify legislative authorization for warranted acquisition of data from foreign servers, the issue in Microsoft case. This is what was needed all along. #DemocraticPolicing @just_security
- @RepRutherfordFL: I’m proud to cosponsor of H.R. 4943, the CLOUD Act. This bipartisan bill will bring our nation’s data laws into the 21st Century, improve data sharing for law enforcement, and protect citizens’ privacy rights. For more details click here:
- @SCOTUSblog: Three “tectonic themes” before #SCOTUS in US v. Microsoft case – court-made internet policy, privacy on the internet and state sovereignty — @andrewkwoods of @universityofky breaks down these issues in our latest post
- @dinabass: Bipartisan lawmakers yday introed another bill to deal with cross-border data requests like the one at issue in the Microsoft Irish data center case before the Supreme Court. It has the backing of Microsoft, Google, Apple etc.… (By @BenBrodyDC)
- @googlepubpolicy: Today, the US Senate introduced the CLOUD Act, a new bipartisan bill that modernizes electronic privacy laws to reflect the internet the world uses today. We’ve joined our colleagues across the tech industry in support of this new legislation:
- @granick: Some academics at Lawfare and Just Security are lauding the CLOUD Act which would make it easier for governments to access our private info cross border. Meanwhile experts at CDT & OTI are warning that the bill is dangerous. https://cdt.org/press/cloud-act-would-erode-trust-in-privacy-of-cloud-storage/ … The NGOs are right.
- @jendaskal Symposium: Justices can, and should, pay attention to the CLOUD ACT and write nuanced ruling to balance competing interests in Microsoft Ireland case. via @scotusblog
- @josephax: That huge Microsoft privacy case everyone’s watching at #SCOTUS started way back in April 2014 with a magistrate judge’s ruling on a warrant application https://www.reuters.com/article/us-usa-tech-warrants/u-s-judge-rules-search-warrants-extend-to-overseas-email-accounts-idUSBREA3O24P20140425 … @Reuters
- @KevinBankston.@AccessNow, @CenDemTech & @OTI are all gravely concerned about how the new CLOUD Act would weaken online privacy around the world, see …, and
- @UpSearchSQL: We support @vfiorg in advancing 21st Century Tech Policies, including the CLOUD ACT. Yesterday, members of the U.S. Senate and House introduced the Clarifying Lawful Overseas Use of Data Act (the “CLOUD Act”). The Senate and House versions of the bill are identical.