Today saw the House of Representative pass H.R. 1625, a spending bill, in order to avert yet another government shutdown. Lodged in the very back of this bill was the CLOUD Act, enabling the U.S. government to acquire communications data regardless of whether or not that data is located within its own country. The CLOUD act also enjoys exemption to the Stored Communications Act, allowing qualified foreign powers to enter an executive agreement that bypasses the Mutual Legal Assistance Treaty when working to gather data in criminal investigations and making direct consultation with American tech companies a feasible option. Many groups with concerns over privacy and human rights oppose this bill for its litany of failed safeguard to individual rights.
The CLOUD Act of H.R. 1625 is slightly revised from its initial build, now requiring the Attorney General and Secretery of State to decide that a foreign power qualifies for every element of its human rights test before reaching an executive agreement. The AG will have to explain these findings in a Congressional report. Further, such agreements cannot be used to create new decryption obligations for U.S. companies. Despite these changes, there are still several issues with this version of the CLOUD Act:
• There is no requirement to judicially review surveillance orders of foreign powers.
• Foreign powers can ask companies to engage in wiretapping, thus sidestepping the Wiretap Act within the U.S.
• It provides no definition for “serious crimes” for the MLAT’s sake.
• It offers little coverage for Americans to maintain their data privacy from foreign interests.
• It carries the potential for foreign powers to share Americans’ collected data with the U.S. government and barely restricts what the U.S. government can do with that data.
• Unlike the LEADS Act or ICPA, the CLOUD Act ignores the need to acquire a warrant for probable cause.
The Senate is likely to pass this bill within the next two days.