Bonum Certa Men Certa

EPO and Microsoft Collude to Break the Law -- Part IV: The US CLOUD Act Passes Without Public Debate

Previous parts:



Cloudwashing law
Congress quietly slips cloud-spying powers into page 2,201 of emergency spending bill



Summary: "In 2013, the DoJ demanded that Microsoft grant it access to emails related to a narcotics case from a Hotmail account hosted in Ireland."

When Edward Snowden blew the whistle on the National Security Agency's PRISM program in 2013 and revealed what many had suspected – namely that US intelligence agencies were collecting vast amounts of data not only from US citizens, but from all around the world – public opinion received a badly needed wake-up call about the dangers of mass surveillance.



In the wake of these revelations, many countries became increasingly concerned about who could access their national information and the potential implications of cross-border data transfers. These concerns provided a catalyst for discussions focussing on the topic of what has come to be called "digital sovereignty" and/or "data sovereignty".

Another incident that put these topics into the spotlight was a dispute between Microsoft and the US Department of Justice (DoJ) which started in 2013.

"Despite having a major impact on how tech companies can be obliged to share user data with US and foreign governments, the CLOUD Act was passed by Congress without any public debate on 21 March 2018 and entered into force two days later."In 2013, the DoJ demanded that Microsoft grant it access to emails related to a narcotics case from a Hotmail account hosted in Ireland. Microsoft refused, arguing that a warrant issued under Section 2703 of the Stored Communications Act could not compel US companies to produce data stored in servers outside the US and that compliance with the requested transfer would result in the company breaking EU data protection law.

The initial ruling was in favour of the DoJ, with the presiding judge concluding that American companies “must turn over private information when served with a valid search warrant from US law enforcement agencies". Microsoft appealed to the US Second Circuit Court of Appeals which ruled in its favour in 2016 and invalidated the warrant. In response, the DoJ appealed to the US Supreme Court.

In March 2018, while the case was pending before the US Supreme Court, the US Congress passed the Clarifying Lawful Overseas Use of Data (CLOUD) Act which amended and extended the ECPA (Electronic Communications Privacy Act) and the SCA (Stored Communications Act).

"This highly controversial measure was buried on page 2,201 of a voluminous 2,232-page spending bill - the Consolidated Appropriations Act of 2018 - which was tabled and adopted as an emergency measure to prevent an impending government shutdown."Following agreement from both the DoJ and Microsoft, the US Supreme Court determined that the case had been rendered moot by the passage of the CLOUD Act and the issuing of a new warrant under the terms of the new legislation.

Despite having a major impact on how tech companies can be obliged to share user data with US and foreign governments, the CLOUD Act was passed by Congress without any public debate on 21 March 2018 and entered into force two days later.

This highly controversial measure was buried on page 2,201 of a voluminous 2,232-page spending bill - the Consolidated Appropriations Act of 2018 - which was tabled and adopted as an emergency measure to prevent an impending government shutdown.

Senators Rand Paul from Kentucky and Ron Wyden from Oregon raised procedural objections to the manner in which the CLOUD Act had been sneaked in as an appendage to the spending bill but ultimately they failed to block or stall the bill's adoption.

Ron Wyden on CLOUD Act
Ron Wyden complained about the CLOUD Act but failed to block its adoption



Privacy advocates at groups like the American Civil Liberties Union, the Center for Democracy and Technology and the Electronic Frontier Foundation criticized the legislation as “a new backdoor around the Fourth Amendment" which permitted the circumvention of constitutional protections against unreasonable searches by law enforcement agencies. They also argued that it could lead the US to send user data to police in countries known for abusing the human rights of their citizens.

"Privacy advocates at groups like the American Civil Liberties Union, the Center for Democracy and Technology and the Electronic Frontier Foundation criticized the legislation as “a new backdoor around the Fourth Amendment" which permitted the circumvention of constitutional protections against unreasonable searches by law enforcement agencies."On the other hand, US tech giants such as Microsoft, Google, Facebook, Apple, and Oath, applauded the legislation and sent a joint letter to the US Senate proclaiming that the CLOUD Act represented “notable progress to protect consumers’ rights".

The main effect of the CLOUD Act was to strengthen the powers of US law enforcement and intelligence agencies to access data held by US companies on foreign soil.

In a nutshell, the CLOUD Act amounted to a consolidation and expansion of the arrangements established by the earlier 2001 PATRIOT Act which had significantly extended the government's powers of access to data held by US-based global providers, irrespective of the storage location of that data.

This might help to explain why those pushing for the adoption of the measure preferred to avoid public debate by sneaking it in as a hidden appendage to an emergency spending bill.

On the other side of the Atlantic, the passage of the CLOUD Act gave a new impulse to the ongoing political debate about "digital sovereignty".

A year after the passage of the Act, an article in the French paper Les Echos reported that "[m]any observers feel that American justice could be deploying [the Cloud Act] for purposes of economic espionage.”

"In a nutshell, the CLOUD Act amounted to a consolidation and expansion of the arrangements established by the earlier 2001 PATRIOT Act which had significantly extended the government's powers of access to data held by US-based global providers, irrespective of the storage location of that data."The French politician Ms Laure de la Raudiere who co-chairs a parliamentary cyber-security and sovereignty committee described the CLOUD Act as "a wakeup call for Europe to accelerate its own sovereign capabilities in the data sector".

In response to the concerns articulated by various political and business leaders, the French government called upon French companies to rely on "CLOUD-Act-safe" data providers.

In the meantime, on 25 May 2018, a few months after the adoption of the CLOUD Act by the US Congress, the General Data Protection Regulation (GDPR) entered into effect. In the next part of this series we will look at the GDPR and its implications for transatlantic data traffic between the EU and the US.

Recent Techrights' Posts

Last Week's Public Talk by Richard Stallman Well Attended and Covered in Technical News Sites
and we're looking at about 60,000 Microsoft layoffs in 3 years
What Happened to the Open Source Initiative (OSI) Elections: Missed Deadline
they helped expose a number of other scandals
Red Hat's Owner is Called "America's Worst Tech Company" (IBM) and Microsoft's Liabilities Grow
Microsoft has about a quarter of a trillion (yes, trillion with a "T") in liabilities
 
2025 Will be a Big Year For GNU/Linux on Desktops/Laptops
with an economy like this, people who don't live in rich countries won't turn to Apple
Signs of Trouble: Microsoft Job Openings for Jobs That Do Not Exist!
Keeping up appearances?
"Special Place in Hell" for Women Who Help Violent Microsofters From Another Continent Attack Local Women Who Did Nothing Wrong, They Just Got Bullied and Deserve Sympathy or Compensation
Nothing says "Brat" like men who attack women, right?
The Numbers Game: 50,000-60,000 Microsoft Workers Laid Off in 2.5 Years? And Debt Still Tripled Under Nadella.
under Nadella Microsoft's debt trebled
The Slow Death of Windows Will Mean the Inevitable Demise of Microsoft
Once people stop using Windows, it'll be hard for Microsoft to sell anything to them
Gemini Links 13/05/2025: Shopping is an Exasperating Nightmare and Making Phones Minimal
Links for the day
23,000 More Microsoft Layoffs by the End of June If the Estimates Are Correct (In Addition to About 6,000 Layoffs So Far This Year)
There's no questions about many layoffs happening this month. It got leaked already. The only question is when (and also how many).
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 12, 2025
IRC logs for Monday, May 12, 2025
Major Microsoft Layoffs This Week (Discussed Online)
later we can expect a lot of spin, even misinformation
Links 12/05/2025: Measles Rising and Taliban Outlaws Chess in Afghanistan
Links for the day
Gemini Links 12/05/2025: Advice, Iorist Ethics, and Touchscreens
Links for the day
The Finances of GAFAM Aren't as They Seem
MICROSOFT FINANCIAL PYRAMID revisited
Links 12/05/2025: US Brain Drain and Reminder That "Microsoft's Lobbying Efforts Eclipsed Enron" (Fraud Coverup)
Links for the day
The Enshittification of Royal Mail (Post Office/Postal Services) Continues
Enshittification is a thing, not only in the digital realm
If the Gossip is True, Today Microsoft Has "Large M1 Meetings" to Discuss Almost 30,000 More Microsoft Layoffs in 2025
the claim is that Microsoft is preparing to lay off 10% of its staff
Microsoft Has a Long and Proven History of Funding Meritless Lawsuits Against Rivals and Critics (It Always Backfires)
It also looks like the solicitor used by two Microsofters to SLAPP us is being urgently replaced
Links 12/05/2025: Gardens and Kitchens
Links for the day
Links 12/05/2025: Media Being Attacked (New Forms of Attack on the Press), Many Data Breaches
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 11, 2025
IRC logs for Sunday, May 11, 2025
Links 11/05/2025: Pyotr Wrangel and Kubernetes With FreeBSD
Links for the day
What Happened to the Open Source Initiative (OSI) Elections: A Moment of Silence and Revisionism Amid US Government Investigation and Community Uproar
Not a word this month
Microsoft Florian Becomes Patent Troll, Arranges to Sue Companies (Extorting Money Out of Them)
From campaigner against software patents to paid Microsoft shill to "FOSS patents" (actually attacking FOSS) to revisionism as "books" (for Microsoft)... and now this
How the SLAPPs From Microsoft Staff Are Connected to the Corrupt OSI, Whose Majority of Money Comes From Microsoft for Openwashing, LLM Hype, and Whitewashing GPL Violations During Class Action Trial
Let's explain how some of these things are connected
Links 11/05/2025: China's Fentanylware (TikTok) Tells Kids to Vandalise Schools' Chromebooks and Increased Censorship in India
Links for the day
You Need Not Be a Big Company to Defeat Microsoft If You Can Successfully Challenge Its Core "Ideas"
Maybe that's just a sign that the ideas of RMS have become too effective and thus "dangerous"
Gemini Links 11/05/2025: Yeeting Oligarch Tech, Offline Browsing
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 10, 2025
IRC logs for Saturday, May 10, 2025