Rider To Omnibus Legislation Gives US Govt Access to Citizens’ Data Stored on Servers in Foreign Nations
While the American public has focused on groups attacking the right to keep and bear arms and the monstrous “Crummibus” budget bill spending, Sen. Orrin Hatch (R-UT) introduced a rider to the budget bill that is known as the CLOUD Act (Clarifying Lawful Overseas Use of Data Act). According to CNET.com, this piece of legislation, attached to the spending bill to avoid the usual floor debates, “makes it easier for law enforcement agencies to demand online access to online information no matter what country the data is stored in.” It also works in reverse with other nations whose law enforcement officers want to access online information on their citizens if the data is stored on servers in the united States.
In Section 2 of the CLOUD Act, attached as a rider to the Omnibus spending legislation, the Congressional findings outline the reasons for its creation.
Timely access to electronic data held by communications-service providers is an essential component of government efforts to protect public safety and combat serious crime, including terrorism.
Such efforts by the United States Government are being impeded by the inability to access data stored outside the United States that is in the custody, control, or possession of communications service providers that are subject to jurisdiction of the United States.
Foreign governments also increasingly seek access to electronic data held by communications service providers in the United States for the purpose of combating serious crime.
Communications-service providers face potential conflicting legal obligations when a foreign government orders production of electronic data that United States law may prohibit providers from disclosing.
Foreign law may create similarly conflicting legal obligations when chapter 121 of title 18, United States Code (commonly known as the “Stored Communications Act”), requires disclosure of electronic data that foreign law prohibits communications-service providers from disclosing.
International agreements provide a mechanism for resolving these potential conflicting legal obligations where the United States and the relevant foreign government share a common commitment to the rule of law and the protection of privacy and civil liberties.
In other words, if a US communications-service provider stores information on US citizens overseas in a foreign country, US law enforcement can access that information without going through the MLAT (mutual legal assistance treaty) process.
Lawmakers added the CLOUD Act (PDF), which stands for Clarifying Lawful Overseas Use of Data Act, to the spending bill before the final House and Senate votes Thursday. It updates the rules for criminal investigators who want to see emails, documents and other communications stored on the internet. Now law enforcement won’t be blocked from accessing someone’s Outlook account, for example, just because Microsoft happens to store the user’s email on servers in Ireland.
The law also lets the US enter into agreements to send information from US servers to criminal investigators in other countries with limited case-by-case review of requests.
The CLOUD Act offers an alternative to the current process for sharing internet user information between countries, called MLAT, or a mutual legal assistance treaty. Both law enforcement agencies and tech companies say using such a treaty to request data is cumbersome and slow. The fix has the technology sector divided though. Tech companies, such as Microsoft, favor the change. But privacy advocates say it could help foreign governments that abuse human rights by aiding their access to online data about their citizens.
This piece of legislation, passed under the umbrella of the budget bill, combats the difficulty the US government had in obtaining a Microsoft customer’s email data, under a FISA court warrant, when the data was stored in Ireland. It makes it lawful for communications-service providers to hand the information over to the US government and/or foreign governments upon request, bypassing the “probable cause” and warrant necessary to obtain information on private citizens stored on data servers around the world. Communications-service providers only have a “good faith determination” an order was obtained by the foreign government requesting this information. Moreover, impunity is granted to these communications-service providers in passing this information to governments. This not only affects united States citizens but citizens in foreign nations as well, as long as the foreign government has an agreement with the US.
At this point in our history, citizens should know by now that it matters not what “law” is passed that supposedly has limits on when government can or cannot access private data and communications on citizens. The Constitution for the united States of America declares in the Fourth Amendment that the people are to be secure in their person, place and effects and no warrant is to be issued without probable cause that specifically states the places to be searched and things to be seized. Too many “no-knock, no warrant” raids are conducted against citizens with impunity. Roadside searches, including body cavity searches, and asset seizures occur based solely on assumption, not probable cause and without a warrant, by law enforcement officers across the republic.
Sen. Orrin Hatch, a Republican from Utah who introduced the CLOUD Act, said in February that the bill balances user privacy with the need for an updated framework for giving law enforcement the information it needs.
“The CLOUD Act bridges the divide that sometimes exists between law enforcement and the tech sector by giving law enforcement the tools it needs to access data throughout the world while at the same time creating a commonsense framework to encourage international cooperation to resolve conflicts of law,” Hatch said.
But privacy advocates at groups like the ACLU and the Electronic Frontier Foundation criticized the change, saying it lets law enforcement bypass constitutional protections against unreasonable searches. It also could lead the US to send user data to police in countries known for abusing the human rights of their citizens, they argue.
The result, advocates say, is that tech companies will have to decide whether to comply with legal demands for their users’ information.
The law “threatens human rights, jeopardizes the Fourth Amendment interests of individuals inside the US, and provides an alarming level of discretion to the executive branch at the expense of congressional authority,” representatives of the ACLU wrote in a letter to lawmakers Thursday.
Sen. Ron Wyden, a privacy-oriented Democrat from Oregon, said in a letter last week (PDF) that while the MLAT process needs to be updated, the CLOUD Act has a big problem in the way it lets the executive branch hash out individual agreements with foreign companies on data sharing. That “places far too much power in the President’s hands and denies Congress its critical oversight role,” Wyden wrote.
Neema Singh Guliani, legislative counsel at the ACLU, said the bill doesn’t account for the fact that a foreign country’s government might have a good human rights record one day, but start eroding those rights after coming to a data sharing agreement with the US. “Human rights are not static,” she said.
Tech companies can refuse to hand over the data through these agreements, instead asking foreign law enforcement agencies to use the MLAT process, Singh Guliani said. But this puts tech companies in the position of needing to know when a country may be asking for data as part of crackdowns on dissidents or journalists, rather than for legitimate law enforcement purposes. That’s a lot to ask of the companies, she said.
“The public is going to be largely reliant on those companies,” Singh Guliani said.
Where there is a will, there is a way. The US government wanted information on citizens these companies may store on servers in foreign countries or citizens using servers in foreign countries to route information. With this rider on the spending bill, they got it. Remember, it lets the president decide and negotiate data sharing with foreign entities, without oversight. One can see this is a recipe for disaster, depending on the political stance of the executive occupying the White House.
Article posted with permission from Freedom Outpost