Bonum Certa Men Certa

EPO and Microsoft Collude to Break the Law -- Part IV: The US CLOUD Act Passes Without Public Debate

Previous parts:



Cloudwashing law
Congress quietly slips cloud-spying powers into page 2,201 of emergency spending bill



Summary: "In 2013, the DoJ demanded that Microsoft grant it access to emails related to a narcotics case from a Hotmail account hosted in Ireland."

When Edward Snowden blew the whistle on the National Security Agency's PRISM program in 2013 and revealed what many had suspected – namely that US intelligence agencies were collecting vast amounts of data not only from US citizens, but from all around the world – public opinion received a badly needed wake-up call about the dangers of mass surveillance.



In the wake of these revelations, many countries became increasingly concerned about who could access their national information and the potential implications of cross-border data transfers. These concerns provided a catalyst for discussions focussing on the topic of what has come to be called "digital sovereignty" and/or "data sovereignty".

Another incident that put these topics into the spotlight was a dispute between Microsoft and the US Department of Justice (DoJ) which started in 2013.

"Despite having a major impact on how tech companies can be obliged to share user data with US and foreign governments, the CLOUD Act was passed by Congress without any public debate on 21 March 2018 and entered into force two days later."In 2013, the DoJ demanded that Microsoft grant it access to emails related to a narcotics case from a Hotmail account hosted in Ireland. Microsoft refused, arguing that a warrant issued under Section 2703 of the Stored Communications Act could not compel US companies to produce data stored in servers outside the US and that compliance with the requested transfer would result in the company breaking EU data protection law.

The initial ruling was in favour of the DoJ, with the presiding judge concluding that American companies “must turn over private information when served with a valid search warrant from US law enforcement agencies". Microsoft appealed to the US Second Circuit Court of Appeals which ruled in its favour in 2016 and invalidated the warrant. In response, the DoJ appealed to the US Supreme Court.

In March 2018, while the case was pending before the US Supreme Court, the US Congress passed the Clarifying Lawful Overseas Use of Data (CLOUD) Act which amended and extended the ECPA (Electronic Communications Privacy Act) and the SCA (Stored Communications Act).

"This highly controversial measure was buried on page 2,201 of a voluminous 2,232-page spending bill - the Consolidated Appropriations Act of 2018 - which was tabled and adopted as an emergency measure to prevent an impending government shutdown."Following agreement from both the DoJ and Microsoft, the US Supreme Court determined that the case had been rendered moot by the passage of the CLOUD Act and the issuing of a new warrant under the terms of the new legislation.

Despite having a major impact on how tech companies can be obliged to share user data with US and foreign governments, the CLOUD Act was passed by Congress without any public debate on 21 March 2018 and entered into force two days later.

This highly controversial measure was buried on page 2,201 of a voluminous 2,232-page spending bill - the Consolidated Appropriations Act of 2018 - which was tabled and adopted as an emergency measure to prevent an impending government shutdown.

Senators Rand Paul from Kentucky and Ron Wyden from Oregon raised procedural objections to the manner in which the CLOUD Act had been sneaked in as an appendage to the spending bill but ultimately they failed to block or stall the bill's adoption.

Ron Wyden on CLOUD Act
Ron Wyden complained about the CLOUD Act but failed to block its adoption



Privacy advocates at groups like the American Civil Liberties Union, the Center for Democracy and Technology and the Electronic Frontier Foundation criticized the legislation as “a new backdoor around the Fourth Amendment" which permitted the circumvention of constitutional protections against unreasonable searches by law enforcement agencies. They also argued that it could lead the US to send user data to police in countries known for abusing the human rights of their citizens.

"Privacy advocates at groups like the American Civil Liberties Union, the Center for Democracy and Technology and the Electronic Frontier Foundation criticized the legislation as “a new backdoor around the Fourth Amendment" which permitted the circumvention of constitutional protections against unreasonable searches by law enforcement agencies."On the other hand, US tech giants such as Microsoft, Google, Facebook, Apple, and Oath, applauded the legislation and sent a joint letter to the US Senate proclaiming that the CLOUD Act represented “notable progress to protect consumers’ rights".

The main effect of the CLOUD Act was to strengthen the powers of US law enforcement and intelligence agencies to access data held by US companies on foreign soil.

In a nutshell, the CLOUD Act amounted to a consolidation and expansion of the arrangements established by the earlier 2001 PATRIOT Act which had significantly extended the government's powers of access to data held by US-based global providers, irrespective of the storage location of that data.

This might help to explain why those pushing for the adoption of the measure preferred to avoid public debate by sneaking it in as a hidden appendage to an emergency spending bill.

On the other side of the Atlantic, the passage of the CLOUD Act gave a new impulse to the ongoing political debate about "digital sovereignty".

A year after the passage of the Act, an article in the French paper Les Echos reported that "[m]any observers feel that American justice could be deploying [the Cloud Act] for purposes of economic espionage.”

"In a nutshell, the CLOUD Act amounted to a consolidation and expansion of the arrangements established by the earlier 2001 PATRIOT Act which had significantly extended the government's powers of access to data held by US-based global providers, irrespective of the storage location of that data."The French politician Ms Laure de la Raudiere who co-chairs a parliamentary cyber-security and sovereignty committee described the CLOUD Act as "a wakeup call for Europe to accelerate its own sovereign capabilities in the data sector".

In response to the concerns articulated by various political and business leaders, the French government called upon French companies to rely on "CLOUD-Act-safe" data providers.

In the meantime, on 25 May 2018, a few months after the adoption of the CLOUD Act by the US Congress, the General Data Protection Regulation (GDPR) entered into effect. In the next part of this series we will look at the GDPR and its implications for transatlantic data traffic between the EU and the US.

Recent Techrights' Posts

IBM Red Hat on "era of cloud computing", pushing "hey hi" (AI) hype in Microsoft Azure
LLM slop might actually be more benign than Microsoft promotion
Corruption and Rule-Breaking Prevail at the European Patent Office (EPO), Europe's Second-Largest Institution
The law does not really exist at the EPO; it can be perceived as merely a "recommendation"
404 Media Says "Workers at NASA Told to Drop Everything to Scrub Mentions of Indigenous People, Women from Its Websites" But There's Also Accessibility in the Firing Line
In the case of abandoning accessibility, everyone stands to be hurt and proprietary software can be brought in to replace standards
Just Because People on Top of the Microsoft Pyramid Made a Lot of Money Doesn't Mean Microsoft is Wealthy
The bigger they are the harder they fall
 
Ubuntu Desktop Director of Engineering Has Only One Blog Post. It Promotes Microsoft Windows.
Remember that even 15 years ago (more or less, maybe 16 years ago) Canonical appointed a a 'former' Microsoft manager (Spencer) to lead Ubuntu on the desktop
statCounter: More Countries Where Windows is Around 1% "Market Share" (People Have Moved to Android/Linux)
in some nations Windows is already 1% or less
When BetaNews Writes Real Articles About "Linux" They Promote Windows
The Web is in a bad state. We need to at least try to correct this.
Gemini Links 06/02/2025: Cynicism and "Real Magic on the C64"
Links for the day
Links 06/02/2025: New Sanctions, Layoffs, and Executive Orders
Links for the day
Distros and Desktop Environments, Devices
GNU/Linux focused
New Rumours of IBM Layoffs in 2025, IBM Consulting Still Struggles, Based on Management
"Hey hi" (AI) has been a common excuse for business failure
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 05, 2025
IRC logs for Wednesday, February 05, 2025
Links 05/02/2025: Kessler Syndrome and News Online
Links for the day
statCounter: Monaco Now 7% GNU/Linux ("Proper")
GNU/Linux, not counting Chromebooks, is on the rise
Many Parts of Google Lose Money
It's quite apparent that many parts of Google - even some that rely on ad revenue or push ads - aren't profiting
European Internet Forum (EIF) is Dominated by American Corporations and Microsoft Lobbyists, Staff Take the Lead
Should the officials over here or the European Parliament pay attention to these people?
Links 05/02/2025: Connection without Connectivity and Unionised Grocery Workers
Links for the day
Gemini Links 05/02/2025: Learning, Madman Ruling a Mad Country, Back in Geminispace
Links for the day
statCounter Shows "WIntel" Chasing a Dying Market
Microsoft acts as if it's running out of money
Free Software Foundation, Inc. (FSF) Still Raising Money, Richard Stallman Contributes
total exceeding $430k
A Lot of Stuff About "Linux" in Google News is LLM Slop, Fake 'Articles'
It seems to be getting worse
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 04, 2025
IRC logs for Tuesday, February 04, 2025
'Official' Debian Sites That Sell Proprietary and Surveillance
"Azure API throttling strikes back"
statCounter: Only 1 in ~40 Web Users in Ireland Uses Microsoft Browser, One in Six Uses Windows
When/if Windows market share goes down, so will Edge
Links 04/02/2025: Social Control Media Bans and US Fighting Its Allies, Not Russia
Links for the day
Links 04/02/2025: Birth of a Calf, FOSDEM, and More
Links for the day
Anti-Linux FUD Sites cybersecuritynews.com and gbhackers.com Turn Out to be LLM Slop, Even Plagiarism That Spreads Lies
Beware false headlines and fake text from cybersecuritynews.com and gbhackers.com
BetaNews Began Removing LLM Slop About "Linux", But More of It Keeps Coming From Guardian Digital, Inc (at linuxsecurity.com)
the other Serial Slopper, Guardian Digital, Inc
Mollamby, Suicide Cluster, not trademark, the real reasons for Debian legal expenses, evidence
Reprinted with permission from Daniel Pocock
Links 04/02/2025: Mass Layoffs at Salesforce, Economic Pressures, Trade Wars
Links for the day
The Latest Microsoft Layoffs Are a Wake-up Call: The Company is Running Low on Money
in most areas it is not even profitable
[Video] Richard Stallman Auctioning a GNU (Gnu) at Surathkal, India
clip is only a minute-long
Software Freedom Month at NITK Surathkal and Yesterday's Talk by Richard Stallman
the message being spread by the person who started it all
Richard Stallman Has Another Talk in India Tomorrow, at Least Fourth India Talk in Recent Days
In the past month he has given at least half a dozen talks
statCounter: GNU/Linux and ChromeOS Now Measured at 2.78% in Japan (It Used to be Less Than 0.5%)
really 'took off' half a decade ago
GNU/Linux Reaches All-Time High in the United States, Based on statCounter
Windows is the loser; GNU/Linux grows at its expense
LLM Hype (Chatbots Hyped and Wrongly Characterised as "Artificial Intelligence") Cause Net Inflation
Net as in Internet, not limited to the Web
It Looks Like BetaNews' Managing Editor Wayne Williams is Taking Over From Fagioli After Repeat Pattern of LLM Slop (State-of-the-Art Plagiarism) About "Linux"
The most plausible explanation is, Fagioli got caught or his conduct could no longer be ignored
statCounter Reckons Less Than 10% in Mexico Still Use Windows to Access to Web and GNU/Linux Surges to All-Time High (Plus, Microsoft's Latest Debt Crisis)
Looking at Mexico in isolation
From India to Italy: Richard Stallman's Next Talk is Next Week in Torino
Announced less than a day ago
Corporate Media is Intentionally Lying for Microsoft, There's Now a Hiring Freeze, No Replacements for Workers Laid Off in Two Mass Layoffs Last Month
Maybe the media - at least some of it - actually deserves doom. If it covers up for the powerful to muzzle and gaslight the oppressed, then what sort of media is that anyway?
Gemini Links 04/02/2025: Tolkien and New Job
Links for the day
Covering EPO Scandals in an Age of Mass Censorship (and Europe Being Afraid to Introspect, for It Might "Help Putin")
It was all along expected that "external enemies" would be invoked to suppress discussion about EPO crimes
Facebook Finally Admits That It Censored Linux and Banned People for Mentioning It; statCounter Shows Rapid Growth for GNU/Linux in Southeast Asia
So GAFAM is losing its power
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, February 03, 2025
IRC logs for Monday, February 03, 2025