Yesterday, the US Congress put its bi-annual spending bill - the 2018 Omnibus Spending Bill - to the Senate, outlining its plans for $1.3tn of government spending over the next six months.

It has now been voted through successfully, but unbeknown to most, at the tail end of the 2,232 page document, is the long awaited Clarifying Lawful Overseas Use of Data (CLOUD) Act - the bipartisan bill which proposes to “improve law enforcement access to data stored across borders.”

The cavalier approach

The CLOUD Act was put to the Senate earlier this year, and was welcomed by US technology companies, wich sent a joint congratulatory letter addressing the senators behind the document.

The bill offered to legislate the storing of US citizens’ data on cloud servers abroad - which, in the past, has resulted in legal incidents like the one pitting Microsoft against the DoJ, following the latter’s request for incriminating emails stored in the company’s Irish data centers.

In practice, the act makes it legal for US authorities to request domestic courts’ permission to gain access to data stored abroad, placing the burden of the decision on a US court judge.

Somewhat worryingly, the bill also sets out the framework for bilateral agreements between the US government and foreign countries, whereby selected nations could request their own citizens’ data stored on US soil.

The international repercussions of such legislation are significant, as they give free reign to whichever countries the US administration sees fit, letting them seize people’s private data in US facilities. And yet, the bill was passed with little, if any oversight. 

Prior the Senate vote, Brad Smith, Microsoft’s chief legal officer, applauded its progress:

Civil liberties non-profit, the Electronic Frontier Foundation, however, took another standpoint: