Apple-supported CLOUD Act passes Congress, will change how governments share data
The Clarifying Lawful Overseas Use of Data (CLOUD) Act, a piece of legislation that would change international rules about sharing of data among governments, passed Congress Thursday, as part of the omnibus spending bill, and the president signed it into law.
The spending bill -- the text of which runs more than 2,000 pages -- is mostly significant because it adds domestic and military spending prioritized by both parties, while also averting a government shutdown at least until September. But another part of the bill is the CLOUD Act (S. 2383 and H.R. 4943), a measure pushed by Apple and other tech industry giants but strongly opposed by privacy advocates. It was originally a separate bill but has been folded into the larger spending measure.
President Trump, despite using his Twitter account Friday morning to threaten a veto of the bill because of its lack of a solution on DACA and because Trump's border wall was not fully funded, signed the bill later in the day.
The bill would give the executive branch, specifically the Department of Justice, new powers to enter into information-sharing agreements with foreign governments. As of now, if a foreign law enforcement entity wishes to obtain data from a U.S.-based tech company, that government must have a specific mutual legal assistance treaty (MLAT) with the U.S., the kind that must be ratified by Congress. The CLOUD Act removes that provision, while also no longer requiring the need for a judge to sign off on such requests. It would allow the DOJ to enter into such agreements without the approval of Congress or the courts.
Apple had pushed for the CLOUD Act, signing a letter to its four Senate cosponsors last month along with tech giants Facebook, Google, Microsoft and Oath (the Verizon subsidiary that owns AOL and Yahoo.) The letter, to Sens. Orrin Hatch (R-UT), Lindsey Graham (R-SC), Sheldon Whitehouse (D-RI) and Christopher Coons (D-CT), states that the legislation "reflects a growing consensus in favor of protecting Internet users around the world and provides a logical solution for governing cross-border access to data. Introduction of this bipartisan legislation is an important step toward enhancing and protecting individual privacy rights, reducing international conflicts of law and keeping us all safer."
The bill would also institute "mechanisms to notify foreign governments when a legal request implicates their residents, and to initiate a direct legal challenge when necessary," the letter said.
Part of the impetus for the bill was US v. Microsoft, a case that was argued last month in the U.S. Supreme Court. In the case, law enforcement sought the emails of someone who had a Microsoft email account that was hosted on servers located in a data center in Ireland, and Microsoft took the position that law enforcement would need Ireland's permission to access it. The case concerns a more than 30-year-old law called the Stored Communications Act. The Supreme Court has not yet issued its ruling on the case.
However, some privacy and civil liberties advocates have registered their strong opposition to the measure. The Electronic Frontier Foundation (EFF) has denounced the CLOUD Act as "a new, proposed backdoor to our data, which would bypass our Fourth Amendment protections to communications privacy." The American Civil Liberties Union (ACLU) calls it "a sinister piece of legislation" that "threatens activists abroad, individuals here in the U.S., and would empower Attorney General Sessions in new disturbing ways." The ACLU also argued that the bill could allow foreign governments to more easily crack down on political opponents, especially marginalized people.
The bill is opposed by a coalition that includes more than 20 groups, including the EFF, ACLU, Amnesty International USA, the People for the American Way, Human Rights Watch and National Association of Criminal Defense Lawyers. A letter from the coalition also alleges that the bill, for the first time, would "allow foreign governments to obtain the assistance of U.S. companies for obtaining real-time intercepts of their users' communications."
The EFF, ACLU and other groups opposing the bill had warned for weeks that the CLOUD Act would be passed without markup, committee hearings or debate and folded into a must-pass spending bill, which is indeed exactly what happened.
Microsoft, Apple and the other firms pushing for the CLOUD Act are supporting it in order to make it easier for them to do business worldwide, in part by not putting the tech companies at odds with foreign governments. The letter from Apple and the other companies stated that the CLOUD Act "would require baseline privacy, human rights and rule of law standards in order for a country to enter into an agreement" and would "ensure customers and data holders are protected by their own laws and that those laws are meaningful."
The bill passed the same week that the mishandling of data by Facebook, in regards to Cambridge Analytica, led to a major brouhaha that set off rage beyond the realm of privacy activists and sent the company into damage control mode.
The omnibus spending bill was passed quickly and with limited debate in the House, by a vote of 256-167, while the Senate passed it late Thursday night by a vote of 65-32. There was no vocal opposition raised in Congress to the CLOUD Act portion of the bill, although Sen. Rand Paul (R-KY) objected to many of the spending provisions, and Jim Risch (R-ID) threatened to block the bill because of a provision that would have named a wilderness area in Idaho after a longtime political enemy of his.
The spending bill -- the text of which runs more than 2,000 pages -- is mostly significant because it adds domestic and military spending prioritized by both parties, while also averting a government shutdown at least until September. But another part of the bill is the CLOUD Act (S. 2383 and H.R. 4943), a measure pushed by Apple and other tech industry giants but strongly opposed by privacy advocates. It was originally a separate bill but has been folded into the larger spending measure.
President Trump, despite using his Twitter account Friday morning to threaten a veto of the bill because of its lack of a solution on DACA and because Trump's border wall was not fully funded, signed the bill later in the day.
Getting to know the CLOUD Act
The CLOUD Act part, according to the text in its Senate version, would "improve law enforcement access to data stored across borders, and for other purposes." At issue is what happens in the increasingly frequent instance in which law enforcement in one country is seeking data held on a cloud server in another country.The bill would give the executive branch, specifically the Department of Justice, new powers to enter into information-sharing agreements with foreign governments. As of now, if a foreign law enforcement entity wishes to obtain data from a U.S.-based tech company, that government must have a specific mutual legal assistance treaty (MLAT) with the U.S., the kind that must be ratified by Congress. The CLOUD Act removes that provision, while also no longer requiring the need for a judge to sign off on such requests. It would allow the DOJ to enter into such agreements without the approval of Congress or the courts.
Apple had pushed for the CLOUD Act, signing a letter to its four Senate cosponsors last month along with tech giants Facebook, Google, Microsoft and Oath (the Verizon subsidiary that owns AOL and Yahoo.) The letter, to Sens. Orrin Hatch (R-UT), Lindsey Graham (R-SC), Sheldon Whitehouse (D-RI) and Christopher Coons (D-CT), states that the legislation "reflects a growing consensus in favor of protecting Internet users around the world and provides a logical solution for governing cross-border access to data. Introduction of this bipartisan legislation is an important step toward enhancing and protecting individual privacy rights, reducing international conflicts of law and keeping us all safer."
The bill would also institute "mechanisms to notify foreign governments when a legal request implicates their residents, and to initiate a direct legal challenge when necessary," the letter said.
Part of the impetus for the bill was US v. Microsoft, a case that was argued last month in the U.S. Supreme Court. In the case, law enforcement sought the emails of someone who had a Microsoft email account that was hosted on servers located in a data center in Ireland, and Microsoft took the position that law enforcement would need Ireland's permission to access it. The case concerns a more than 30-year-old law called the Stored Communications Act. The Supreme Court has not yet issued its ruling on the case.
The Opposition
However, some privacy and civil liberties advocates have registered their strong opposition to the measure. The Electronic Frontier Foundation (EFF) has denounced the CLOUD Act as "a new, proposed backdoor to our data, which would bypass our Fourth Amendment protections to communications privacy." The American Civil Liberties Union (ACLU) calls it "a sinister piece of legislation" that "threatens activists abroad, individuals here in the U.S., and would empower Attorney General Sessions in new disturbing ways." The ACLU also argued that the bill could allow foreign governments to more easily crack down on political opponents, especially marginalized people.
The bill is opposed by a coalition that includes more than 20 groups, including the EFF, ACLU, Amnesty International USA, the People for the American Way, Human Rights Watch and National Association of Criminal Defense Lawyers. A letter from the coalition also alleges that the bill, for the first time, would "allow foreign governments to obtain the assistance of U.S. companies for obtaining real-time intercepts of their users' communications."
The EFF, ACLU and other groups opposing the bill had warned for weeks that the CLOUD Act would be passed without markup, committee hearings or debate and folded into a must-pass spending bill, which is indeed exactly what happened.
Microsoft, Apple and the other firms pushing for the CLOUD Act are supporting it in order to make it easier for them to do business worldwide, in part by not putting the tech companies at odds with foreign governments. The letter from Apple and the other companies stated that the CLOUD Act "would require baseline privacy, human rights and rule of law standards in order for a country to enter into an agreement" and would "ensure customers and data holders are protected by their own laws and that those laws are meaningful."
The bill passed the same week that the mishandling of data by Facebook, in regards to Cambridge Analytica, led to a major brouhaha that set off rage beyond the realm of privacy activists and sent the company into damage control mode.
What Comes Next
The passage of the CLOUD Act has various potential implications for Apple users. If they're in a foreign country and use Apple devices or messaging in any type of anti-government manner, the bill is likely not good news for them. That's also the case for those generally distrustful of the present government, future governments, or governments in general.The omnibus spending bill was passed quickly and with limited debate in the House, by a vote of 256-167, while the Senate passed it late Thursday night by a vote of 65-32. There was no vocal opposition raised in Congress to the CLOUD Act portion of the bill, although Sen. Rand Paul (R-KY) objected to many of the spending provisions, and Jim Risch (R-ID) threatened to block the bill because of a provision that would have named a wilderness area in Idaho after a longtime political enemy of his.
Comments
Most of us are here because we love Apple products and by-and-large Apple as a company. But that does not mean we ought to submit ourselves in blind worship. We can indeed enjoy and sing the praises of the superiority of Apple's design aesthetic and device functionality, but we must always keep both eyes open. Apple's protection of you ends when that protection conflicts with their business interests. This remains true despite Tim Cook's own words about privacy and about never giving "back door access" away, even to law enforcement. This is not merely a guess or personal opinion. The article itself is proof of it.
The individual is handicapped by coming face-to-face with a conspiracy so monstrous he cannot believe it exists. The American mind simply has not come to the realization of the evil which has been introduced into our midst. He rejects even the assumption that human creatures could espouse a philosophy which must ultimately destroy all that is good and decent. – J. Edgar Hoover