03.13.21

Gemini version available ♊︎

EPO and Microsoft Collude to Break the Law — Part IV: The US CLOUD Act Passes Without Public Debate

Posted in Europe, Law, Microsoft, Patents at 10:38 am by Dr. Roy Schestowitz

Previous parts:

Cloudwashing law
Congress quietly slips cloud-spying powers into page 2,201 of emergency spending bill

Summary: “In 2013, the DoJ demanded that Microsoft grant it access to emails related to a narcotics case from a Hotmail account hosted in Ireland.”

When Edward Snowden blew the whistle on the National Security Agency’s PRISM program in 2013 and revealed what many had suspected – namely that US intelligence agencies were collecting vast amounts of data not only from US citizens, but from all around the world – public opinion received a badly needed wake-up call about the dangers of mass surveillance.

In the wake of these revelations, many countries became increasingly concerned about who could access their national information and the potential implications of cross-border data transfers. These concerns provided a catalyst for discussions focussing on the topic of what has come to be called “digital sovereignty” and/or “data sovereignty”.

Another incident that put these topics into the spotlight was a dispute between Microsoft and the US Department of Justice (DoJ) which started in 2013.

“Despite having a major impact on how tech companies can be obliged to share user data with US and foreign governments, the CLOUD Act was passed by Congress without any public debate on 21 March 2018 and entered into force two days later.”In 2013, the DoJ demanded that Microsoft grant it access to emails related to a narcotics case from a Hotmail account hosted in Ireland. Microsoft refused, arguing that a warrant issued under Section 2703 of the Stored Communications Act could not compel US companies to produce data stored in servers outside the US and that compliance with the requested transfer would result in the company breaking EU data protection law.

The initial ruling was in favour of the DoJ, with the presiding judge concluding that American companies “must turn over private information when served with a valid search warrant from US law enforcement agencies”. Microsoft appealed to the US Second Circuit Court of Appeals which ruled in its favour in 2016 and invalidated the warrant. In response, the DoJ appealed to the US Supreme Court.

In March 2018, while the case was pending before the US Supreme Court, the US Congress passed the Clarifying Lawful Overseas Use of Data (CLOUD) Act which amended and extended the ECPA (Electronic Communications Privacy Act) and the SCA (Stored Communications Act).

“This highly controversial measure was buried on page 2,201 of a voluminous 2,232-page spending bill – the Consolidated Appropriations Act of 2018 – which was tabled and adopted as an emergency measure to prevent an impending government shutdown.”Following agreement from both the DoJ and Microsoft, the US Supreme Court determined that the case had been rendered moot by the passage of the CLOUD Act and the issuing of a new warrant under the terms of the new legislation.

Despite having a major impact on how tech companies can be obliged to share user data with US and foreign governments, the CLOUD Act was passed by Congress without any public debate on 21 March 2018 and entered into force two days later.

This highly controversial measure was buried on page 2,201 of a voluminous 2,232-page spending bill – the Consolidated Appropriations Act of 2018 – which was tabled and adopted as an emergency measure to prevent an impending government shutdown.

Senators Rand Paul from Kentucky and Ron Wyden from Oregon raised procedural objections to the manner in which the CLOUD Act had been sneaked in as an appendage to the spending bill but ultimately they failed to block or stall the bill’s adoption.

Ron Wyden on CLOUD Act
Ron Wyden complained about the CLOUD Act but failed to block its adoption

Privacy advocates at groups like the American Civil Liberties Union, the Center for Democracy and Technology and the Electronic Frontier Foundation criticized the legislation as “a new backdoor around the Fourth Amendment” which permitted the circumvention of constitutional protections against unreasonable searches by law enforcement agencies. They also argued that it could lead the US to send user data to police in countries known for abusing the human rights of their citizens.

“Privacy advocates at groups like the American Civil Liberties Union, the Center for Democracy and Technology and the Electronic Frontier Foundation criticized the legislation as “a new backdoor around the Fourth Amendment” which permitted the circumvention of constitutional protections against unreasonable searches by law enforcement agencies.”On the other hand, US tech giants such as Microsoft, Google, Facebook, Apple, and Oath, applauded the legislation and sent a joint letter to the US Senate proclaiming that the CLOUD Act represented “notable progress to protect consumers’ rights”.

The main effect of the CLOUD Act was to strengthen the powers of US law enforcement and intelligence agencies to access data held by US companies on foreign soil.

In a nutshell, the CLOUD Act amounted to a consolidation and expansion of the arrangements established by the earlier 2001 PATRIOT Act which had significantly extended the government’s powers of access to data held by US-based global providers, irrespective of the storage location of that data.

This might help to explain why those pushing for the adoption of the measure preferred to avoid public debate by sneaking it in as a hidden appendage to an emergency spending bill.

On the other side of the Atlantic, the passage of the CLOUD Act gave a new impulse to the ongoing political debate about “digital sovereignty”.

A year after the passage of the Act, an article in the French paper Les Echos reported that “[m]any observers feel that American justice could be deploying [the Cloud Act] for purposes of economic espionage.”

“In a nutshell, the CLOUD Act amounted to a consolidation and expansion of the arrangements established by the earlier 2001 PATRIOT Act which had significantly extended the government’s powers of access to data held by US-based global providers, irrespective of the storage location of that data.”The French politician Ms Laure de la Raudiere who co-chairs a parliamentary cyber-security and sovereignty committee described the CLOUD Act as “a wakeup call for Europe to accelerate its own sovereign capabilities in the data sector”.

In response to the concerns articulated by various political and business leaders, the French government called upon French companies to rely on “CLOUD-Act-safe” data providers.

In the meantime, on 25 May 2018, a few months after the adoption of the CLOUD Act by the US Congress, the General Data Protection Regulation (GDPR) entered into effect. In the next part of this series we will look at the GDPR and its implications for transatlantic data traffic between the EU and the US.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. [Meme] EPO Budget Tanking?

    While the EPO‘s António Campinos incites people (and politicians) to break the law he’s also attacking, robbing, and lying to his own staff; thankfully, his staff isn’t gullible enough and some MEPs are sympathetic; soon to follow is a video and publication about the EPO’s systematic plunder (ETA midnight GMT)



  2. EPO.org (Official EPO Site) Continues to Promote Illegal Agenda and Exploit Ukraine for PR Stunts That Help Unaccountable Crooks

    epo.org has been turned into a non-stop propaganda machine of Benoît Battistelli and António Campinos because the EPO routinely breaks the law; it’s rather tasteless that while Ukrainians are dying the EPO’s mob exploits Ukraine for PR purposes



  3. [Meme] EPO Applicants Unwittingly Fund the War on Ukraine

    As we’ve just shown, António Campinos is desperately trying to hide a massive EPO scandal



  4. EPO Virtue-Signalling on the Ukrainian Front

    António Campinos persists in attention-shifting dross and photo ops; none of that can change the verifiable facts about the EPO’s connections to Lukashenko’s 'science park' in Minsk



  5. Links 19/05/2022: PostgreSQL 15 Beta 1 and Plasma 5.25 Beta

    Links for the day



  6. A Libera.Chat Anniversary and Happy Birthday (Maybe the Last) to 'Leenode'

    What became known as the so-called ‘Leenode’ is a cautionary tale, but maybe it is also a blessing in disguise because IRC as a whole seem to have become a lot more decentralised (as everything should be)



  7. Links 19/05/2022: The Gradual Fall of Netflix/DRM

    Links for the day



  8. IRC Proceedings: Wednesday, May 18, 2022

    IRC logs for Wednesday, May 18, 2022



  9. Links 18/05/2022: Qt Company Loses Chief; OpenSUSE Leap Micro 5.2 and RHEL 9 Final

    Links for the day



  10. Jim Zemlin's Wife is Funded by Puppies (Microsoft)

    Jim Zemlin — like his wife — is bagging millions from Microsoft, but that’s clearly a conflict of interest for the Linux Foundation



  11. Links 18/05/2022: More Defections From WordPress to Gemini

    Links for the day



  12. Links 18/05/2022: PikaScript and cURL's Annual User Survey

    Links for the day



  13. IRC Proceedings: Tuesday, May 17, 2022

    IRC logs for Tuesday, May 17, 2022



  14. Phoronix: Microsoft and Phoronix Sponsor (and Close Microsoft Partner) AMD All Over the Place

    When you’re taking massive 'gifts' from AMD (and also some from Microsoft) maybe it’s not surprising that editorial decisions change somewhat…



  15. EPO Has No F-ing Oversight

    Earlier today SUEPO mentioned this new article demonstrating that EPO President António Campinos can very obviously and blatantly violate the Code of Conduct of the Office without facing any consequences; there are translations too, so the report is now available in four languages



  16. [Meme] Linux-Rejecting Foundation

    The Linux Foundation never really leads by example; by default, it uses proprietary software



  17. Linux Foundation Almost Never uses Open Source

    The Linux Foundation uses proprietary software (look where they hire and take money from) and be sure they're probably not even aware of it



  18. Links 17/05/2022: Many More Games on GNU/Linux, YaST Development Report

    Links for the day



  19. Links 17/05/2022: Rocky Linux 8.6 and Budgie Desktop in Fedora

    Links for the day



  20. Patent Examiners Rising Up Against EPO Abuse

    Unhappy with the law-breaking autocracy (the EPO‘s management breaks the law as a matter of routine), fast-deteriorating working conditions and rapidly-decreasing quality of work (or lack of compliance with the law), workers have escalated further, topping off strikes and industrial actions with a large-scale petition



  21. [Meme] What Managers (Really) Mean by Acting Professionally

    The myth of 'professionalism' needs to die along with the façade of conformity as prerequisite for employment (Linus Torvalds can work just fine in a bathrobe in his own home)



  22. Internal Poll: 93% of European Patent Office (EPO) Workers Are Unhappy With the EPO

    On top of strike/s and industrial action/s there are now also petitions; at the EPO, almost all staff is "disgruntled" because of utterly corrupt and defunct leadership



  23. Links 17/05/2022: OpenSUSE Leap 15.4 Release Candidate

    Links for the day



  24. IRC Proceedings: Monday, May 16, 2022

    IRC logs for Monday, May 16, 2022



  25. Links 16/05/2022: FreeBSD 13.1 and Inkscape 1.2 Released

    Links for the day



  26. Archiving Latest Posts in Geminispace (Like a Dated Web Directory But for Gemini)

    Earlier today we saw several more people crossing over from the World Wide Web to Gemini; we're trying to make a decent aggregator and archive for the rapidly-expanding Geminispace, which will soon have 2,500 capsules that are known to Lupa alone



  27. Microsoft Vidal Does Not Want to Listen (USPTO is Just for Megacorporations)

    Microsoft Vidal knows her real bosses. They’re international corporations (multinationals like Microsoft), not American people.



  28. Links 16/05/2022: China Advances on GNU/Linux and Maui 2.1.2 is Out

    Links for the day



  29. Jim Zemlin: Chief Revenue Officer in 'Linux' Seat-Selling Foundation

    Board seats in the Linux Foundation are basically a product on sale, based internal documents



  30. Reminder: Linux Foundation's Last IRS Filing is Very Old (Same Year the CFO Left)

    People really need to ask the Linux Foundation, directly, why its filings are years behind; this seems like a sensitive subject


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts