The contentious Cloud Act, a bill concerning the process of acquiring the data of both US citizens and foreign citizens from US companies, has passed into law.
The CLOUD Act (Clarifying Lawful Overseas Use of Data Act) -- a contentious last minute addition to the $1.3 trln federal spending bill that will allow the US government more access to Americans’ data for law enforcement purposes, as well as foreign governments access to US companies for data on their own citizens -- has been signed into law by President Donald Trump, GeekWire reports March 23.
The bill had been opposed by privacy advocates like the Electronic Frontier Foundation (EFF), which had written after the bill’s passing that “this final, tacked-on piece of legislation will erode privacy protections around the globe.”
The Cloud Act was added to the omnibus spending bill on Wednesday night, ahead of the voting on the 2,232-page bill that took place on Thursday. The bill passed 256-167 in the House, and 65-23 in the Senate.
Republic Senator Rand Paul had tweeted March 22, the day of the vote, that “Congress should reject the CLOUD Act because it fails to protect human rights or Americans’ privacy...gives up their constitutional role, and gives far too much power to the attorney general, the secretary of state, the president and foreign governments,” but adding the following caveat:
But guess what? Congress can’t vote to reject the CLOUD Act, because it just got stuck onto the Omnibus, with no prior legislative action or review. https://t.co/8b6W08goXm— Senator Rand Paul (@RandPaul) March 22, 2018
The bill had met previous opposition from several different US organizations, who saw the late addition as a lack of due process and the content of the bill itself as a backdoor to the Fourth Amendment.
The American Civil Liberties Union (ACLU) had posted a “Coalition Letter on Cloud Act” on March 12, writing that the bill, in their opinion, “undermines privacy and other human rights, as well as important democratic safeguards,” due to its bypassing Congress and the existing stored information request procedure and “[placing] authority in the hands of the executive branch.”
The content of the act allows for the US to make deals with foreign governments -- the EFF adds that the governments with human rights abuses are not excluded -- that would allow the governments to directly contact US companies for data requests, which “removes a layer of judicial review,” writes GeekWire.
On the other side of the argument for the bill, Apple, Facebook, Google, Microsoft, and Oath had written a joint letter on Feb. 6 supporting the Cloud Act, writing about the need for customer protection that the act would give:
“Our companies have long advocated for international agreements and global solutions to protect our customers and Internet users around the world. We have always stressed that dialogue and legislation - not litigation - is the best approach. If enacted, the CLOUD Act would be notable progress to protect consumers’ rights and would reduce conflicts of law.”
Microsoft again posted a letter supporting the bill on March 21, stating that the Cloud Act
“Creates a modern legal framework for how law enforcement agencies can access data across borders. It’s a strong statute and a good compromise that reflects recent bipartisan support in both chambers of Congress, as well as support from the Department of Justice, the White House, the National Association of Attorneys General and a broad cross section of technology companies [...] it gives tech companies like Microsoft the ability to stand up for the privacy rights of our customers around the world. The bill also includes a strong statement about the importance of preventing governments from using the new law to require that U.S. companies create backdoors around encryption, an important additional privacy safeguard.”
Bitcoin (BTC) advocate Andreas M. Antonopoulos posted on twitter after the Cloud Act passed that the public must now “go dark:”
The CLOUD Act passed. It destroys privacy globally, so it had to be snuck into the $1.3 trillion omnibus without debate.— Andreas M. Antonopoulos (@aantonop) March 23, 2018
Encrypt. Encrypt. Encrypt. Go Dark.
When privacy is criminalized, only criminals have privacy. We got sold out, again. pic.twitter.com/Ms5bm1opBo
Privacy of personal data has been a key point of the founding ideas of cryptocurrencies like Bitcoin. However, earlier this week NSA whistleblower Edward Snowden said that he believed that Bitcoin’s public ledger was “devastatingly public.”