Bonum Certa Men Certa

EPO and Microsoft Collude to Break the Law -- Part IV: The US CLOUD Act Passes Without Public Debate

Previous parts:



Cloudwashing law
Congress quietly slips cloud-spying powers into page 2,201 of emergency spending bill



Summary: "In 2013, the DoJ demanded that Microsoft grant it access to emails related to a narcotics case from a Hotmail account hosted in Ireland."

When Edward Snowden blew the whistle on the National Security Agency's PRISM program in 2013 and revealed what many had suspected – namely that US intelligence agencies were collecting vast amounts of data not only from US citizens, but from all around the world – public opinion received a badly needed wake-up call about the dangers of mass surveillance.



In the wake of these revelations, many countries became increasingly concerned about who could access their national information and the potential implications of cross-border data transfers. These concerns provided a catalyst for discussions focussing on the topic of what has come to be called "digital sovereignty" and/or "data sovereignty".

Another incident that put these topics into the spotlight was a dispute between Microsoft and the US Department of Justice (DoJ) which started in 2013.

"Despite having a major impact on how tech companies can be obliged to share user data with US and foreign governments, the CLOUD Act was passed by Congress without any public debate on 21 March 2018 and entered into force two days later."In 2013, the DoJ demanded that Microsoft grant it access to emails related to a narcotics case from a Hotmail account hosted in Ireland. Microsoft refused, arguing that a warrant issued under Section 2703 of the Stored Communications Act could not compel US companies to produce data stored in servers outside the US and that compliance with the requested transfer would result in the company breaking EU data protection law.

The initial ruling was in favour of the DoJ, with the presiding judge concluding that American companies “must turn over private information when served with a valid search warrant from US law enforcement agencies". Microsoft appealed to the US Second Circuit Court of Appeals which ruled in its favour in 2016 and invalidated the warrant. In response, the DoJ appealed to the US Supreme Court.

In March 2018, while the case was pending before the US Supreme Court, the US Congress passed the Clarifying Lawful Overseas Use of Data (CLOUD) Act which amended and extended the ECPA (Electronic Communications Privacy Act) and the SCA (Stored Communications Act).

"This highly controversial measure was buried on page 2,201 of a voluminous 2,232-page spending bill - the Consolidated Appropriations Act of 2018 - which was tabled and adopted as an emergency measure to prevent an impending government shutdown."Following agreement from both the DoJ and Microsoft, the US Supreme Court determined that the case had been rendered moot by the passage of the CLOUD Act and the issuing of a new warrant under the terms of the new legislation.

Despite having a major impact on how tech companies can be obliged to share user data with US and foreign governments, the CLOUD Act was passed by Congress without any public debate on 21 March 2018 and entered into force two days later.

This highly controversial measure was buried on page 2,201 of a voluminous 2,232-page spending bill - the Consolidated Appropriations Act of 2018 - which was tabled and adopted as an emergency measure to prevent an impending government shutdown.

Senators Rand Paul from Kentucky and Ron Wyden from Oregon raised procedural objections to the manner in which the CLOUD Act had been sneaked in as an appendage to the spending bill but ultimately they failed to block or stall the bill's adoption.

Ron Wyden on CLOUD Act
Ron Wyden complained about the CLOUD Act but failed to block its adoption



Privacy advocates at groups like the American Civil Liberties Union, the Center for Democracy and Technology and the Electronic Frontier Foundation criticized the legislation as “a new backdoor around the Fourth Amendment" which permitted the circumvention of constitutional protections against unreasonable searches by law enforcement agencies. They also argued that it could lead the US to send user data to police in countries known for abusing the human rights of their citizens.

"Privacy advocates at groups like the American Civil Liberties Union, the Center for Democracy and Technology and the Electronic Frontier Foundation criticized the legislation as “a new backdoor around the Fourth Amendment" which permitted the circumvention of constitutional protections against unreasonable searches by law enforcement agencies."On the other hand, US tech giants such as Microsoft, Google, Facebook, Apple, and Oath, applauded the legislation and sent a joint letter to the US Senate proclaiming that the CLOUD Act represented “notable progress to protect consumers’ rights".

The main effect of the CLOUD Act was to strengthen the powers of US law enforcement and intelligence agencies to access data held by US companies on foreign soil.

In a nutshell, the CLOUD Act amounted to a consolidation and expansion of the arrangements established by the earlier 2001 PATRIOT Act which had significantly extended the government's powers of access to data held by US-based global providers, irrespective of the storage location of that data.

This might help to explain why those pushing for the adoption of the measure preferred to avoid public debate by sneaking it in as a hidden appendage to an emergency spending bill.

On the other side of the Atlantic, the passage of the CLOUD Act gave a new impulse to the ongoing political debate about "digital sovereignty".

A year after the passage of the Act, an article in the French paper Les Echos reported that "[m]any observers feel that American justice could be deploying [the Cloud Act] for purposes of economic espionage.”

"In a nutshell, the CLOUD Act amounted to a consolidation and expansion of the arrangements established by the earlier 2001 PATRIOT Act which had significantly extended the government's powers of access to data held by US-based global providers, irrespective of the storage location of that data."The French politician Ms Laure de la Raudiere who co-chairs a parliamentary cyber-security and sovereignty committee described the CLOUD Act as "a wakeup call for Europe to accelerate its own sovereign capabilities in the data sector".

In response to the concerns articulated by various political and business leaders, the French government called upon French companies to rely on "CLOUD-Act-safe" data providers.

In the meantime, on 25 May 2018, a few months after the adoption of the CLOUD Act by the US Congress, the General Data Protection Regulation (GDPR) entered into effect. In the next part of this series we will look at the GDPR and its implications for transatlantic data traffic between the EU and the US.

Recent Techrights' Posts

Comparing U.E.F.I. to B.I.O.S. (Bloat and Insecurity to K.I.S.S.)
By Sami Tikkanen
New 'Slides' From Stallman Support (stallmansupport.org) Site
"In celebration of RMS's birthday, we've been playing a bit. We extracted some quotes from the various articles, comments, letters, writings, etc. and put them in the form of a slideshow in the home page."
Thailand: GNU/Linux Up to 6% of Desktops/Laptops, According to statCounter
Desktop Operating System Market Share Thailand
António Campinos is Still 'The Fucking President' (in His Own Words) After a Fake 'Election' in 2022 (He Bribed All the Voters to Keep His Seat)
António Campinos and the Administrative Council, whose delegates he clearly bribed with EPO budget in exchange for votes
Adrian von Bidder, homeworking & Debian unexplained deaths
Reprinted with permission from Daniel Pocock
 
Sainsbury's: It Takes Us Up to Two Days to Respond to Customers Upon Escalation (and Sometimes Even More Than Two Days)
It not only does groceries but also many other things, even banking
People Don't Just Kill Themselves (Same for Other Animals)
And recent reports about Boeing whistleblower John Barnett
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 18, 2024
IRC logs for Monday, March 18, 2024
Suicide Cluster Cover-up tactics & Debian exposed
Reprinted with permission from Daniel Pocock
Gemini Links 19/03/2024: A Society That Lost Focus and Abandoning Social Control Media
Links for the day
Matthias Kirschner, FSFE: Plagiarism & Child labour in YH4F
Reprinted with permission from Daniel Pocock
Linux Foundation Boasting About Being Connected to Bill Gates
Examples of boasting about the association
Alexandre Oliva's Article on Monstering Cults
"I'm told an earlier draft version of this post got published elsewhere. Please consider this IMHO improved version instead."
[Meme] 'Russian' Elections in Munich (Bavaria, Germany)
fake elections
Sainsbury's to Techrights: Yes, Our Web Site Broke Down, But We Cannot Say Which Part or Why
Windows TCO?
Plagiarism: Axel Beckert (ETH Zurich) & Debian Developer list hacking
Reprinted with permission from Daniel Pocock
Links 18/03/2024: Putin Cements Power
Links for the day
Flashback 2003: Debian has always had a toxic culture
Reprinted with permission from Daniel Pocock
Sainsbury’s Epic Downtime Seems to be Microsoft's Fault and Might Even Constitute a Data Breach (Legal Liability)
one of Britain's largest groceries (and beyond) chains
[Meme] You Know You're Winning the Argument When...
EPO management starts cursing at everybody (which is what's happening)
Catspaw With Attitude
The posts "they" complain about merely point out the facts about this harassment and doxing
'Clown Computing' Businesses Are Waning and the Same Will Happen to 'G.A.I.' Businesses (the 'Hey Hi' Fame)
decrease in "HEY HI" (AI) hype
Free Software Needs Watchdogs, Too
Gentle lapdogs prevent self-regulation and transparency
Matthias Kirschner, FSFE analogous to identity fraud
Reprinted with permission from Daniel Pocock
Gemini Links 18/03/2024: LLM Inference and Can We Survive Technology?
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 17, 2024
IRC logs for Sunday, March 17, 2024
Links 17/03/2024: Microsoft Windows Shoves Ads Into Third-Party Software, More Countries Explore TikTok Ban
Links for the day
Molly Russell suicide & Debian Frans Pop, Lucy Wayland, social media deaths
Reprinted with permission from Daniel Pocock
Our Plans for Spring
Later this year we turn 18 and a few months from now our IRC community turns 16
Open Invention Network (OIN) Fails to Explain If Linux is Safe From Microsoft's Software Patent Royalties (Charges)
Keith Bergelt has not replied to queries on this very important matter
RedHat.com, Brought to You by Microsoft Staff
This is totally normal, right?
USPTO Corruption: People Who Don't Use Microsoft Will Be Penalised ~$400 for Each Patent Filing
Not joking!
The Hobbyists of Mozilla, Where the CEO is a Bigger Liability Than All Liabilities Combined
the hobbyist in chief earns much more than colleagues, to say the least; the number quadrupled in a matter of years
Jim Zemlin Says Linux Foundation Should Combat Fraud Together With the Gates Foundation. Maybe They Should Start With Jim's Wife.
There's a class action lawsuit for securities fraud
Not About Linux at All!
nobody bothers with the site anymore; it's marketing, and now even Linux
Links 17/03/2024: Abuses Against Human Rights, Tesla Settlement (and Crash)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 16, 2024
IRC logs for Saturday, March 16, 2024
Under Taliban, GNU/Linux Share Nearly Doubled in Afghanistan, Windows Sank From About 90% to 68.5%
Suffice to say, we're not meaning to imply Taliban is "good"
Debian aggression: woman asked about her profession
Reprinted with permission from Daniel Pocock
Gemini Links 17/03/2024: Winter Can't Hurt Us Anymore and Playstation Plus
Links for the day