A few months ago, I was on yet another panel with yet another foreign academic who described the Clarifying Lawful Overseas Use of Data Act (Cloud Act) as an aggressive overreach by the US what he called expansive sovereignty.
I hadnt heard that particular term before. But I have heard the same basic epithet from numerous foreign governmental officials, many of whom worry that US will use the Cloud Act to scoop up foreigners data.
The world, understandably, has questions about the Cloud Act. The problem is, the rhetoric does not match the reality.
In contrast to the oft-heard assertions, the Cloud Act is a narrowly tailored act of limited application. It specifies that the US law enforcement officials can, in connection with a criminal investigation and according to detailed and specific standards and procedures, request emails and other data held by those companies subject to US jurisdiction.
The obligation to produce the sought-after data applies regardless of where the underlying 0s and 1s are stored.
Importantly, the Cloud Act is not an intelligence gathering tool. It is not an economic espionage tool. Law enforcement officials can only demand access to the data if it supports a criminal investigation over which the US has jurisdiction to prosecute.
READ:Should we be worried that the state will use mobile phones to trace us during the Covid-19 pandemic?
In order to get access to the data, law enforcement must meet specified standards and follow specified procedures. These standards and procedures apply across the board, whether the US is seeking the data of an American citizen, resident or foreigner.
For content, law enforcement needs a warrant issued by an independent judge based on a finding of probable cause. This is a relatively high bar for law enforcement to meet. In fact it is a more robust and more privacy protective standard than applies in just about any other country in the world.
Moreover, the reach is limited. US law enforcement cannot issue demands for emails and other communications content, from foreign companies that operate wholly outside the US.
That would be an extraterritorial assertion of authority and US law does not provide any mechanism for issuing warrants extraterritorially.
Contrast that with the draft EU E-evidence Directive, which requires any company that offers any services to the EU residents to install an EU-based representative, thereby ensuring EU jurisdiction over otherwise extraterritorially-located companies.
There is no equivalent requirement in US law.
Contrary to the rhetoric, the Cloud Act also adopts new provisions specifically designed to take into account foreign sovereign interests. It explicitly provides for a new statutory motion to quash a conflict with foreign law and if certain conditions are met.
It also expressly preserves the right of service providers to raise court challenges based on conflicting foreign law, even in situations where the statutory motion to quash is not available. This helps ensure that foreign government interests are taken into account.
We have not seen any such challenges litigated to date, in part because the conflicts have, at least until now, been more theoretical than real.
Consider the run-of-the mill US investigation of an American citizen with respect to a local murder or fraud investigation. Imagine that the US law enforcement officials served a warrant on Google or Facebook for relevant data, but, for whatever reason, the data is stored outside the US. Few, if any, foreign governments would claim a sovereignty invasion if the companies turned over that data.
Notably, despite the claims of some, Ireland never asserted a sovereignty violation in the long-standing litigation over whether US law enforcement officials could compel Microsoft to disclose emails held on a server in Dublin.
In court filings, Ireland emphasised that it would, in response to a diplomatic request, work with US government officials to access the data. But it never claimed that the US was required to make such a request. Or that the alternative approach taken violated its sovereignty.
That said, there are times when a conflict would arise if, say, the US is compelling the production of foreigners data protected by foreign law. Here, there is a legitimate foreign government interest at stake, that of protecting ones own citizens and residents.
If and when such a conflict arises, providers can and should bring a motion to quash, as the Cloud Act clearly allows. (US officials also should take steps to avoid such conflicts.)
This kind of approach makes sense. What matters is the protection of ones citizens and residents, not the location of bits and bytes that happen to flow through ones borders.
Meanwhile, the second part of the Cloud Act was, as many seem to forget, enacted at the behest of foreign governments, particularly the UK. Specifically, it was adopted in response to foreign governments frustrations about the difficulties in accessing their own nationals and residents communication content from US-based providers.
It puts in place a mechanism by which foreign governments can, subject to numerous safeguards and pre-conditions, request certain communications content from US-based service providers. This enables foreign governments to access certain data more expeditiously, without having to go through the laborious mutual legal assistance process to do so.
Of particular concern, the Cloud Act scapegoat is being pointed to by countries around the world to set limits on the transfer of data outside ones borders. The ironic result the US, through the Cloud Act, has taken steps to reduce restrictions on data transfers at the same time that other countries are pointing to the same act in support of their own data localisation mandates.
The Cloud Act is not perfect, but it is not the evil or expansive assertion of US snooping power that some claim it to be. To the contrary, it is a modest criminal law provision that largely codifies the status quo and adopts new provisions explicitly designed to accommodate foreign interest in US-held data.
Jennifer Daskal is a professor at the American University Washington College of Law
- PAM as a Service: Its All a Matter of Trust - Security Boulevard - June 2nd, 2020
- How To Best Adapt Your Business When The World Is Moving Online - Forbes - June 2nd, 2020
- Cloud computing via satellite to drive 52 Exabytes of traffic by 2029: NSR - SatelliteProME.com - June 2nd, 2020
- Multinational Insurance Company Completes Upgrade of Majesco Policy for P&C from On-Premise to Majesco CloudInsurer to Bolster Growth Strategy -... - June 2nd, 2020
- COVID-19 Impact on Healthcare Cloud Computing Market Marked US$ 13 Bn in forecast Years 2025 - 3rd Watch News - June 2nd, 2020
- Cloud computing, future trends to be followed in the industry - Optocrypto - June 2nd, 2020
- You couldn't do this already? AWS adds size and bandwidth growth to FSx for Windows File Server - Blocks and Files - June 2nd, 2020
- Upstream Security Partners With Amazon Web Services to Enhance Automotive Cybersecurity - PRNewswire - June 2nd, 2020
- Improvements on the verify domain error in Office 365 - TechGenix - June 2nd, 2020
- Digital transformation held back by lack of skilled people - ComputerWeekly.com - June 2nd, 2020
- NTT Com internal cloud server hacked, information on 621 customers stolen - DatacenterDynamics - June 2nd, 2020
- Where is the edge in edge computing? And who gets to decide? - ZDNet - June 2nd, 2020
- Cloud-native architectures will define the vRAN future - 5Gradar - June 2nd, 2020
- Developers recall career 'aha' moments that have shaped their Docker experience - SiliconANGLE News - June 2nd, 2020
- HSBC platform uses AI to analyse trading data thousands of times faster - ComputerWeekly.com - June 2nd, 2020
- CloudBolt Releases Version 9.3 of Its Award-Winning Cloud Management Platform - Container Journal - May 31st, 2020
- Kaminario offers cut-price virtual SAN in the cloud - ComputerWeekly.com - May 31st, 2020
- 4 types of mobile security models and how they work - TechTarget - May 31st, 2020
- Increased cybersecurity for the transportation industry - Commercial Carrier Journal - May 31st, 2020
- Cloud-Based Firewalls Are Key to Protecting Employees While Working Remotely - Security Boulevard - May 31st, 2020
- Cloud storage 101: File, block and object storage in the cloud - ComputerWeekly.com - May 31st, 2020
- Cloud Transition During the COVID-19 Exposing the Enterprise Vulnerabilities - EnterpriseTalk - May 31st, 2020
- The Role of Artificial Intelligence in Ethical Hacking | EC-Council Official Blog - EC-Council Blog - May 31st, 2020
- Shelves are well-stocked with cloud-native tools, but simplicity remains a moving target - SiliconANGLE - May 31st, 2020
- Uncover and overcome cloud threat hunting obstacles - TechTarget - May 26th, 2020
- This extraordinary motherboard is being used by server CPU scavengers - TechRadar India - May 26th, 2020
- VMware reduces hardware footprint of its shiny new K8s-on-vSphere toys - The Register - May 26th, 2020
- How Zoom plans to better secure meetings with end-to-end encryption - TechRepublic - May 26th, 2020
- VMware, Dell level up their combined on-prem cloud with much more computing grunt - The Register - May 26th, 2020
- Accelerator Card Market Will Witness Substantial Growth in the Upcoming years by 2027 - WaterCloud News - May 26th, 2020
- Uber India deploys Canon information management solution- Therefore for operational workflow - CRN.in - May 26th, 2020
- Potential Impact of COVID-19 on Research Report prospects the Server Backup Software Market - Cole of Duty - May 26th, 2020
- Do You Know Where Your Servers Come From? Heres Why Securing The Supply Chain Matters - Forbes - May 26th, 2020
- Live analytics without vendor lock-in? It's more likely than you think, says Redis Labs - The Register - May 26th, 2020
- Latest Forecast on Government Cloud Market Emerging Industries, Growth, Remarkable Developments and Key Players| Global Future Prospects 2025 - 3rd... - May 26th, 2020
- Cloud Accounting Software Market Research Report Comprising Development Trends 2020, Key Manufacturers and Competitive Landscape to 2025 - Cole of... - May 26th, 2020
- Gartner: How and why cloud providers need to support their customers through Covid-19 - Cloud Tech - May 22nd, 2020
- The Connection Between Cloud Service Providers and Cyber Resilience - Security Intelligence - May 22nd, 2020
- Google And Dell Pave The Way For File Data In The Cloud - The Next Platform - May 22nd, 2020
- Veeam teams up with Kasten for containerised app backup Blocks and Files - Blocks and Files - May 22nd, 2020
- Hybrid cloud: The key to surviving and thriving during the pandemic - WTOP - May 22nd, 2020
- Global Bare Metal Cloud Market : Industry Analysis and Forecast... - Azizsalon News - May 22nd, 2020
- Exabeam sees more than half of new and add-on recurring revenue from cloud offering - Help Net Security - May 22nd, 2020
- OnShip Brings its Parcel & Freight Shipping Transportation Management Platform to the Cloud with Cameyo - Supply and Demand Chain Executive - May 22nd, 2020
- 'What is Dropbox?': How to use the cloud-based file-storage service for collaboration - Business Insider - Business Insider - May 22nd, 2020
- Couchbase Announces $105 Million Equity Investment Led by GPI Capital to Fuel Its Next Phase of Growth and Cloud Innovation - GlobeNewswire - May 22nd, 2020
- The Register calls for aid, and Microsoft's Rohan Kumar will answer... our questions about SQL Edge and Azure Synapse - The Register - May 22nd, 2020
- What are the different types of cloud load balancing? - TechTarget - May 22nd, 2020
- How data centers will become automated and self-reliant - TechHQ - May 22nd, 2020
- Masayoshi Son says AWS and Microsoft will buy more chipsets from the SoftBank Vision Fund-backed Arm, and not - Business Insider India - May 22nd, 2020
- Chinese IPOs hang in the balance as Senate and Nasdaq change rules - Data Economy - May 22nd, 2020
- Portworx upbeat on container storage revenues Blocks and Files - Blocks and Files - May 22nd, 2020
- New study Global Managed Servers Market 2019 | Growth Opportunities, Investment Feasibility, Market Share And Forecast 2025 - Cole of Duty - May 22nd, 2020
- New Study Finds that IT Pros Are Worried About Corporate Data Security - Database Trends and Applications - May 19th, 2020
- Get your head in the cloud: why cloud is crucial for sustainable business - New Zealand News Centre - Microsoft - May 19th, 2020
- The Global Public Cloud Services Market is expected to grow by $ 221.84 billion during 2020-2024 progressing at a CAGR of 19% during the forecast... - May 19th, 2020
- Traditional or Cloud Antivirus Solutions Which is Best? - PC Tech Magazine - May 19th, 2020
- Moving beyond Covid-19: what does the future of work look like? - ETCIO.com - May 19th, 2020
- AWS unleashes custom Arm processor the Graviton2 in new EC2 M6g instance type - The Register - May 14th, 2020
- Pandemic Shows The Value Of The Public Cloud - The Next Platform - May 14th, 2020
- Jigsaw24 Expands Via24 Cloud Services With Deployment of EditShares EFSv - Broadcasting & Cable - May 14th, 2020
- The age of the ethical cloud is green and for everyone Intelligent CIO Europe - Intelligent CIO Africa - May 14th, 2020
- The Future of Artificial Intelligence: Edge Intelligence - Analytics Insight - May 14th, 2020
- How cloud is accelerating the growth of digital payments - TechHQ - May 14th, 2020
- Live Webinar Preview: Commands & Custom Scripting for Remote Application Installs - Security Boulevard - May 14th, 2020
- Private Cloud Server Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - Cole of Duty - May 14th, 2020
- Swarm Theory: Lessons from nature in the advancement of robotics - Techerati - May 14th, 2020
- What are the Differences Between IaaS, PaaS, and SaaS? - stopthefud - May 14th, 2020
- Zoom Settles with NY AG over Privacy and Security Concerns - Security Magazine - May 14th, 2020
- Codestone helps shipping agent to cloud-based infrastructure - Codestone - May 14th, 2020
- Server sales went through the roof in the first three months of 2020. Enjoy it while it lasts, Dell, HPE, and pals - The Register - May 14th, 2020
- Global Cloud Infrastructure Testing Market Research Report 2020 By Size, Share, Trends and Analysis up to 2025. - Cole of Duty - May 14th, 2020
- Digital Harmonic to Bring its Powerful AI-Driven Image and Video Enhancing Solution to the Federal Market - Business Wire - May 14th, 2020
- Sorry if this seems latency obvious, but... you can always scale out your storage with end-to-end NVMe - The Register - May 14th, 2020
- The role of the data centre in the future of Data Management - Data Economy - May 14th, 2020
- We'd love to come up with a Harbor container ship pun but we're too corona-frazzled. Version 2.0 is out - The Register - May 14th, 2020
- Edge Intelligence: The Next Wave of AI - EE Times India - May 14th, 2020
- Patch by Friday or compromised by Monday: Salt exploit exposes Infrastructure-as-Code tools threat - SC Magazine UK - May 6th, 2020
- Serverless Exists In The Cloud and Both Need Servers - Computer Business Review - May 6th, 2020
- Analysis on Impact of COVID-19- Rugged Servers Market 2020-2024 | Increased Adoption of Cloud Applications to Boost Growth | Technavio - Business Wire - May 6th, 2020