A watershed moment exists around the role of third party data, the expectation of privacy, and government reach. Being a constitutional republic, the law of the land still originates from a piece of parchment that was crafted decades before the world’s first photograph. But these classical liberal ideals continue to come under attack by changing technology, reactive politics, and SCOTUS’s prudentialism.
The CLOUD (Clarifying Lawful Overseas Use of Data) Act was introduced by Senator Orrin Hatch of Utah and Representative Doug Collins of Georgia in February as a way to change existing rules of how foreign governments access data on private US citizen from tech companies. The bill also seeks to address how the US government can access data stored on servers in foreign countries, which became a major stink after Microsoft refused the US government access to one of its foreign servers in July, 2016.
The CLOUD Act seeks to clarify these rules, which Microsoft and the Department of Justice have both supported. Although, the bill has raised many concerns from privacy advocacy groups, such as the ACLU. Even more, the bill is expected to be packed into an omnibus spending bill this week, which has added even more fuel to the fire.
Privacy Concerns Raised
Under current law, if a foreign government requests data on a US citizen relating to the commision of a crime, they have to go through a Mutual Legal Assistance (MLA) process, which is essentially a diplomatic request. Essentially, the Department of Justice must acquire a warrant to access the data from tech companies on behalf of a foreign nation. All around, most people agree that the process is cumbersome and slow.
Under the CLOUD Act, the president could establish executive orders to authorize cross-border communication with foreign governments relating to the content of the investigation of an international crime.
Therein, lies the issue. The bill would strip away judicial review, unless contested by a tech company, giving great latitude to the executive branch. This would leave requests of this kind rife with corruption, as it would only require the president or DOJ to agree to hand over private data to foreign governments that diplomats are all too willing to appease.
Now, this can only occur when a long series of qualifications are met and the process would only apply to non-US citizens whose data is stored on US tech company servers. For requests of US citizen data, the MLA process would still remain the standard.
The Case for the CLOUD Act
On the other hand, many have argued that the CLOUD ACT strengthens privacy by setting up a review process for foreign data requests, which currently doesn’t exist.
It’s no secret that many foreign governments have become frustrated with the MLA system, especially when applied to foreign nationals who commit crimes in their own nation. With streamlined data transfers, foreign governments would be better equipped to prevent international crimes from occuring.
The cloud has done a lot to strengthen accountability and transparency in government and the CLOUD Act would be a necessary step to strengthen accountability of foreign governments. Of course, does this come at the cost of upending our own judicial processes in exchange for ease?