Site Color

Text Color

Ad Color

Text Color





Sign Up to Save Your Colors


It’s time to talk about the CLOUD Act by@cdurr

It’s time to talk about the CLOUD Act

Christopher Durr Hacker Noon profile picture

Christopher Durr

Research And Development Engineer

On March 23rd, 2018 President Donald Trump signed a $1.3 trillion government spending bill into law. This government spending bill included the Clarifying Overseas Use of Data (i.e. CLOUD) Act, which has ranging consequences which could have potentially deleterious effects on consumers’ privacy.

In the final pages of the massive 2,232 page omnibus bill, lawmakers were able to sneak in this piece of legislation that had nothing to do with budget cuts, government funding, paying government salaries, or anything related to spending.

According to the Electronic Frontier Foundation (EFF), the CLOUD Act was never reviewed nor marked up by a committee in either the House or the Senate, nor did it receive a hearing. Instead, congressional leadership seemingly sneaked in the CLOUD Act at the last minute.

So why is the CLOUD Act such a big deal?

The CLOUD Act would erode user privacy

The bill creates an explicit provision for U.S. law enforcement to access “the contents of a wire or electronic communication and any record or other information” regardless of where the person lives or where that information is located in the world. Furthermore, the bill would allow for the President of the U.S. to acquire users’ data stored in other countries, without following the other country’s privacy laws.

There are a wide-ranging number of negative consequences that could occur as a result of the increase in unilateral power that the CLOUD Act provides to law enforcement

First, U.S. police could compel a service provider (e.g. Facebook, Google, etc.) to hand over user’s content even if it is stored in a foreign country. This would allow U.S. police to bypass the foreign country’s privacy laws.

Secondly, a foreign country could potentially wiretap people located anywhere in the world as long as that person is not a U.S. person or located in the United States. This would allow foreign governments to bypass procedural safeguards for consumer’s privacy, such as a need for a warrant or noticing the U.S. government.

The CLOUD Act will:

  • Enable foreign police to collect and wiretap people’s communications from U.S. companies, without the need to obtain a U.S. warrant.
  • Allow foreign nations to demand personal data stored in the United States, without needing prior review from a judge.
  • Allow the U.S. president to enter “executive agreements” that empower police in foreign nations that have weaker privacy laws than the United States to seize data in the United States while ignoring U.S. privacy laws.
  • Allow police from foreign governments to collect someone’s data without notifying them about it.
  • Empower U.S. police to grab any data, regardless if it’s a U.S. person’s or not, no matter where it is stored.

An alternative to the CLOUD Act

There is an alternative that would address the issues that the CLOUD Act is attempting to solve, while at the same time respecting and protecting the privacy of consumers. The solution is to strengthen the existing system of Mutual Legal Assistance Treaties (MLAT), which allows police who need data that is stored abroad to obtain the data through cooperation with the nation that hosts the data.

MLAT would strengthen data privacy, as it would require that foreign governments/police adhere to the fourth amendment’s warrant requirements before obtaining data stored in the U.S.

Moreover, MLAT would require the U.S to follow the data privacy rules of the countries where the data is stored when U.S. police seek data abroad.

Who is opposing the CLOUD Act?

EFF opposes the CLOUD Act

Several United States privacy-focused groups are opposing the CLOUD Act’s expansion of unilateral powers that the bill provides to U.S. and foreign law enforcement, including the EFF.

The Open Technology Institute opposes the CLOUD Act, stating that “This bill creates new privacy threats by allowing real-time surveillance by foreign governments for the first time, and fails to include fundamental safeguards like a requirement for prior independent judicial review of data requests”.

The Center for Democracy and Technology opposes the CLOUD Act, stating that “the CLOUD Act omits the requirement of a warrantthe CLOUD Act will erode trust in the privacy of data stored in the cloud.”

Access Now opposes the CLOUD Act, stating that “This proposal might be the worst attempt yet to modify the existing system.”. Access Now further expands on this point by stating, “the proposed legislation would extend the reach of U.S. law enforcement without updating the law to require a warrant for content”

In Conclusion

Unfortunately, what the CLOUD Act does is provide more unilateral power for law enforcement in exchange for users’ personal privacy. I agree with the EFF that the MLAT system should be strengthened, not demolished by the CLOUD Act. I oppose the CLOUD Act, as it undermines the current system we have now and erodes personal privacy.

The public should have had more of an opportunity to debate the pros and cons of the CLOUD Act to examine its wide-ranging consequences and implications on users’ data privacy. The fact that this did not occur is disappointing, to say the least.

I believe that the CLOUD Act is not talked about that much for several reasons. First, the consequences of the CLOUD Act are somewhat difficult to understand. Secondly, the CLOUD Act is supported by several large tech companies (Microsoft, Apple, Google, Facebook) and in general people think that if they support a bill then it must be good. However, in reality the CLOUD Act only privileges these behemoth tech companies while comprosing the data privacy of individual users for those platforms.

Did you like this article?

Give my article 50 claps if you enjoyed it, and share my article with others!

Follow me on Medium to get the best insights in technology.

You can support my writing by donating Ethereum or other ERC20 tokens here: 0x0BcB78d67D8d929dc03542a5aEdef257f378e513