03.13.21

EPO and Microsoft Collude to Break the Law — Part IV: The US CLOUD Act Passes Without Public Debate

Posted in Europe, Law, Microsoft, Patents at 10:38 am by Dr. Roy Schestowitz

Previous parts:

Cloudwashing law
Congress quietly slips cloud-spying powers into page 2,201 of emergency spending bill

Summary: “In 2013, the DoJ demanded that Microsoft grant it access to emails related to a narcotics case from a Hotmail account hosted in Ireland.”

When Edward Snowden blew the whistle on the National Security Agency’s PRISM program in 2013 and revealed what many had suspected – namely that US intelligence agencies were collecting vast amounts of data not only from US citizens, but from all around the world – public opinion received a badly needed wake-up call about the dangers of mass surveillance.

In the wake of these revelations, many countries became increasingly concerned about who could access their national information and the potential implications of cross-border data transfers. These concerns provided a catalyst for discussions focussing on the topic of what has come to be called “digital sovereignty” and/or “data sovereignty”.

Another incident that put these topics into the spotlight was a dispute between Microsoft and the US Department of Justice (DoJ) which started in 2013.

“Despite having a major impact on how tech companies can be obliged to share user data with US and foreign governments, the CLOUD Act was passed by Congress without any public debate on 21 March 2018 and entered into force two days later.”In 2013, the DoJ demanded that Microsoft grant it access to emails related to a narcotics case from a Hotmail account hosted in Ireland. Microsoft refused, arguing that a warrant issued under Section 2703 of the Stored Communications Act could not compel US companies to produce data stored in servers outside the US and that compliance with the requested transfer would result in the company breaking EU data protection law.

The initial ruling was in favour of the DoJ, with the presiding judge concluding that American companies “must turn over private information when served with a valid search warrant from US law enforcement agencies”. Microsoft appealed to the US Second Circuit Court of Appeals which ruled in its favour in 2016 and invalidated the warrant. In response, the DoJ appealed to the US Supreme Court.

In March 2018, while the case was pending before the US Supreme Court, the US Congress passed the Clarifying Lawful Overseas Use of Data (CLOUD) Act which amended and extended the ECPA (Electronic Communications Privacy Act) and the SCA (Stored Communications Act).

“This highly controversial measure was buried on page 2,201 of a voluminous 2,232-page spending bill – the Consolidated Appropriations Act of 2018 – which was tabled and adopted as an emergency measure to prevent an impending government shutdown.”Following agreement from both the DoJ and Microsoft, the US Supreme Court determined that the case had been rendered moot by the passage of the CLOUD Act and the issuing of a new warrant under the terms of the new legislation.

Despite having a major impact on how tech companies can be obliged to share user data with US and foreign governments, the CLOUD Act was passed by Congress without any public debate on 21 March 2018 and entered into force two days later.

This highly controversial measure was buried on page 2,201 of a voluminous 2,232-page spending bill – the Consolidated Appropriations Act of 2018 – which was tabled and adopted as an emergency measure to prevent an impending government shutdown.

Senators Rand Paul from Kentucky and Ron Wyden from Oregon raised procedural objections to the manner in which the CLOUD Act had been sneaked in as an appendage to the spending bill but ultimately they failed to block or stall the bill’s adoption.

Ron Wyden on CLOUD Act
Ron Wyden complained about the CLOUD Act but failed to block its adoption

Privacy advocates at groups like the American Civil Liberties Union, the Center for Democracy and Technology and the Electronic Frontier Foundation criticized the legislation as “a new backdoor around the Fourth Amendment” which permitted the circumvention of constitutional protections against unreasonable searches by law enforcement agencies. They also argued that it could lead the US to send user data to police in countries known for abusing the human rights of their citizens.

“Privacy advocates at groups like the American Civil Liberties Union, the Center for Democracy and Technology and the Electronic Frontier Foundation criticized the legislation as “a new backdoor around the Fourth Amendment” which permitted the circumvention of constitutional protections against unreasonable searches by law enforcement agencies.”On the other hand, US tech giants such as Microsoft, Google, Facebook, Apple, and Oath, applauded the legislation and sent a joint letter to the US Senate proclaiming that the CLOUD Act represented “notable progress to protect consumers’ rights”.

The main effect of the CLOUD Act was to strengthen the powers of US law enforcement and intelligence agencies to access data held by US companies on foreign soil.

In a nutshell, the CLOUD Act amounted to a consolidation and expansion of the arrangements established by the earlier 2001 PATRIOT Act which had significantly extended the government’s powers of access to data held by US-based global providers, irrespective of the storage location of that data.

This might help to explain why those pushing for the adoption of the measure preferred to avoid public debate by sneaking it in as a hidden appendage to an emergency spending bill.

On the other side of the Atlantic, the passage of the CLOUD Act gave a new impulse to the ongoing political debate about “digital sovereignty”.

A year after the passage of the Act, an article in the French paper Les Echos reported that “[m]any observers feel that American justice could be deploying [the Cloud Act] for purposes of economic espionage.”

“In a nutshell, the CLOUD Act amounted to a consolidation and expansion of the arrangements established by the earlier 2001 PATRIOT Act which had significantly extended the government’s powers of access to data held by US-based global providers, irrespective of the storage location of that data.”The French politician Ms Laure de la Raudiere who co-chairs a parliamentary cyber-security and sovereignty committee described the CLOUD Act as “a wakeup call for Europe to accelerate its own sovereign capabilities in the data sector”.

In response to the concerns articulated by various political and business leaders, the French government called upon French companies to rely on “CLOUD-Act-safe” data providers.

In the meantime, on 25 May 2018, a few months after the adoption of the CLOUD Act by the US Congress, the General Data Protection Regulation (GDPR) entered into effect. In the next part of this series we will look at the GDPR and its implications for transatlantic data traffic between the EU and the US.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2021/03/13/epoleaks-report-march-2021-part-4/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 14/5/2021: FreeBSD on the Pine H6, Red Hat Hiring

    Links for the day



  2. Protecting Freenode is Protecting the Free Software Movement

    Freenode may seem like a negligible corner of the Internet, which media never bothers mentioning at all; but Freenode, which many have come to take for granted, is core infrastructure for many Free software projects and protecting the network is essential for the Free Software Movement



  3. EPO Justice

    Justice in Europe's second-largest institution, where the law itself is a second-class citizen



  4. IRC Proceedings: Thursday, May 13, 2021

    IRC logs for Thursday, May 13, 2021



  5. Understanding How Freenode (IRC) Works -- or Doesn't Work -- in 2021

    There is a conflict going on behind the scenes at Freenode, but there are also sincere and well-meaning attempts to undo the damage and get back to normal



  6. [Meme] Judges the Office Cannot Control Are Just Nazis With Weapons in Their Office...

    The EPO hasn’t been run by grown-ups for over ten years; Benoît Battistelli, António Campinos and their confidants cannot grasp the concept of law, just blind loyalty



  7. The EPO's War on Justice and Assault on the Law -- Part 5: Battistelli's “Swedish Chef”

    The EPO's 'courts' are controlled by the people whom they're supposed to judge on; this has been the case for at least half a decade



  8. Links 14/5/2021: KDE Plasma 5.22 Beta and GNOME 40 in Gentoo

    Links for the day



  9. Audio: “Unjust Computing Clamps Down” by Richard Stallman

    The FSF has finally uploaded the LibrePlanet talk of Richard Stallman



  10. Links 13/5/2021: KDE Gear 21.04.1 and LibreOffice 7.0.6

    Links for the day



  11. The EPO's War on Justice and Assault on the Law -- Part 4: The President of the Boards of Appeal

    A deeper look into the ‘sausage factory’ that is EPO tribunals certainly helps us understand the inherent bias of many decisions, including a recent decision on European software patents like a controversial simulation patent



  12. Judging the Judges

    Today we shall take a closer look at Carl Josefsson, a person who shall become a figure of interest if he sends EPO courts to the United States in clear violation of the EPC (looking to rubber-stamp an unlawful decision already made before this case even started)



  13. When EU Authorities Tell You to Complain to the EPO Itself About EPO Privacy Violations...

    “Kafkaesque” at the EPO; Kafka could do a whole novel about the flirtations with or affairs of ‘justice’ at the EPO



  14. The Need for Reliable Governance at Freenode

    Why the current and high-profile (albeit somewhat covert) owner of the network, who seems to care about Free software (it has made him very wealthy), should put the whole thing in reliable hands and not attempt to 'monetise' it in any way



  15. IRC Proceedings: Wednesday, May 12, 2021

    IRC logs for Wednesday, May 12, 2021



  16. Andrew Lee of Private Internet Access/London Trust Media Increasingly Owns and Controls Freenode (Updatedx2)

    The details about Freenode ownership and control are explained in a resignation letter urging users to move to another network



  17. [Meme] eBPF is Not Microsoft's, But It's Certainly Googlebombed by Microsoft

    eBPF isn't Microsoft's. But sites that work closely with Microsoft keep mentioning that term as if Microsoft created it and champions it (typical tactics).



  18. Links 13/5/2021: OpenSUSE Leap 15.3 on Finer Hardware, AMI Dabbling in Free Firmware

    Links for the day



  19. The EPO's War on Justice and Assault on the Law -- Part 3: The Current Line-up

    The composition of the Enlarged Board for case no. G 1/21



  20. System76’s First Keyboard Packs in Plenty of Surprises

    Putting the genie back in the bottle is hard, and moreover the corrective post from Joey Sneddon may cause a bit of a 'Streisand Effect'



  21. Links 12/5/2021: HAProxy Data Plane API 2.3 and Mousepad 0.5.5

    Links for the day



  22. IBM is Destroying Red Hat, Squeezing Red Hat's Work for Cash, Laying Off Staff, and Asking Staff to Resign

    Layoffs are not a new thing at IBM (hardly so in the past couple of decades or more), but they're oversensitive about the Red Hat agenda



  23. [Meme] Longing for the Original IP Kat...

    It would be nice to see more posts critical of injustice at the EPO, as we've just noted



  24. The EPO's War on Justice and Assault on the Law -- Part 2: Just Another Pro Forma Rubber-Stamping Exercise?

    Half a decade after Benoît Battistelli ‘kidnapped’ and then defamed judges (it started in 2014) António Campinos has done nothing to restore lawfulness at the EPO, as controversial referral case G 1/21 shows; in fact, they recently approved European software patents after pressure from Campinos himself



  25. Why I'm Using Just a Landline and Recalling My Richard Stallman (RMS) Interview on Working Locally or How the Signal Processor in Phones is a De Facto Back Door

    A longer-than-expected rant about what mobile phones have turned into and a look back at (or listen to) what Richard Stallman (RMS) told me way back in 2013



  26. The European Campinos Award

    The campinos (peasants) of Europe shall gather around for another ceremony championing farmers and nurses... or not



  27. Personal Thoughts About the EPO 'Kangaroo Court' Scandal

    Some unscripted and unedited thoughts about the current EPO scandal/series, which shows intervention such as stacking by António Campinos, continuing the tradition of Benoît Battistelli with his attacks on justice itself



  28. Doing Justice by Reporting Injustice

    Europe's second-largest institution, helped by Europe's largest, is engaging in a massive attack on the very concept of the Rule of Law and incredibly enough the so-called 'press' (or 'media') doesn't report on it



  29. IRC Proceedings: Tuesday, May 11, 2021

    IRC logs for Tuesday, May 11, 2021



  30. Links 12/5/2021: New Audacity and Musescore Owner Named, Microsoft May Lose "JEDI" (Trump's 'Bailout Package')

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts