A bipartisan bill put before the US Senate on Monday proposing to “improve law enforcement access to data stored across borders” has received public support from technology companies, including Microsoft, Apple, Google and Oath, who sent a joint letter addressing the senators behind the proposal.
Conveniently named to spell out the very thing it seeks to regulate, the Clarifying Lawful Overseas Use of Data (CLOUD) Act is an attempt at addressing issues involving data seizure requests by US authorities in foreign countries, but also the inverse, as, the text reads, foreign governments “increasingly seek access to electronic data held by communications service providers in the United States.”
Clean up your act
The hope is that the new bill will provide clear instructions on how to deal with such incidents on a case by case basis, by allowing US authorities to access data abroad if and only if it belongs to a US citizen.
The proposal states that if a request implicates a foreign individual, the person’s own government would be notified of the request, and thus would be free to challenge it.
Further, the bill would regulate the seizure of foreign data by foreign governments held in the US, and would allow for the elaboration of bilateral agreements between the US and other countries to arbitrate cases of requests involving suspected criminal (and terrorist) offenses - granted the country in question meets certain human rights and privacy standards.
In their letter to Senators Hatch, Coons and Graham, as well as The White House, the consortium commended the proposed bill, stating that “our companies have long advocated for international agreements and global solutions to protect our customers and Internet users around the world.”
”We have always stressed that dialog and legislation - not litigation - is the best approach. If enacted, the CLOUD Act would be notable progress to protect consumers’ rights and would reduce conflicts of law. We appreciate your leadership championing an effective legislative solution, and we support this compromise proposal.”
The most notorious example justifying the possible introduction of such a law is the ongoing lawsuit opposing Microsoft and the US DoJ.
In 2013, authorities demanded that the company hand over emails stored in its Irish data centers, a request Microsoft declined to follow through on, but it could still be forced to following a review of the case by the Supreme Court.
Public and private bodies, mainly from the US and the EU, have sided with the technology company and called upon legislators to update the decades old Electronic Communications Privacy Act, enacted in 1986.