Got this in my email today from Access Now.
Over the past week, our communities have been taking a close look at the dangers of massive data sharing between companies like Facebook and Cambridge Analytica, and how it undermines our privacy. While those conversations are happening, we want to make sure you’re also aware of an important development that will impact how big tech companies are required to hand over data to governments around the world.
When it comes to rooting out shady practices, they say sunshine is the best disinfectant. The opposite of sunshine, then, is the CLOUD Act — which both enables U.S. law enforcement to get direct access to data stored abroad, and authorizes agreements with other countries to let them directly request data from companies in the U.S. The CLOUD Act became law as part of the catch-all $1.3 trillion spending package signed by President Trump last week. But it didn’t get a single debate in Congress, not a single markup in committee, and almost no public discussion at all.
Long story short, the CLOUD Act is a sloppy, rights-violating attempt at solving a complicated jurisdiction problem for law enforcement.
The internet is borderless, but the reach of authority is limited. That means when authorities are investigating crimes, digital evidence — often held by U.S. companies on servers in multiple countries — is likely to be outside of their borders. That’s a problem for both law enforcement trying to gather evidence for a case, and for the companies that may be unable to comply with those data requests without violating the laws of the country where the data is stored.
For several years, American companies, the Department of Justice, and other governments have been discussing this problem and potential solutions. But the CLOUD Act failed to include provisions these stakeholders have broadly agreed are necessary to protect privacy — including updated warrant requirements to protect electronic communications.
Instead, the U.S. government has claimed the power to order companies to hand over user data, regardless of where the companies or their servers are located. And they’ve opened the door for other governments to gain the same direct access to data stored in the United States.
This approach is the worst of the worst, and it undermines existing systems for exchange of information across borders that, while slow, incorporate robust privacy protections. And in a world where law enforcement agencies employ data collection practices that disproportionately impact those most at risk of discrimination, we absolutely cannot set aside privacy rights for the sake of convenience.
While we understand what it seeks to accomplish, the legislation that was drafted is vague and does not adequately protect human rights. We have been on the Hill trying to explain these pitfalls, but we were stunned when last week leaders in the U.S. Congress added the bill to the must-pass omnibus funding package that was rushed through and signed by President Trump.
There have been no public hearings about the CLOUD Act, little discussion, and the text was made public less than two months ago.
The only silver lining to this CLOUD is that it’s so flawed that Congress will need to return to this issue to fix it. We hope at that point we can have a more thorough conversation about ensuring proper privacy protections are in place, and that those conversations can happen before human rights are abused.
While the CLOUD Act has already been passed into law, we know there will be opportunities ahead to fight for privacy protections in the system for accessing data across borders. When that happens, we’ll let you know. And with more of us understanding what’s going on, we’ll be ready when it’s time to jump back into the ring.
More here.
https://www.accessnow.org/what-happe...at-comes-next/
Quote:
For one, it gives more authority to law enforcement in the countries with which the U.S. makes agreements. In the United Kingdom — likely to be the first partner in these agreements — the surveillance standards under which law enforcement operates have been ruled unlawful.