A few months ago, I was on yet another panel with yet another foreign academic who described the Clarifying Lawful Overseas Use of Data Act (Cloud Act) as an aggressive overreach by the US what he called expansive sovereignty.
I hadnt heard that particular term before. But I have heard the same basic epithet from numerous foreign governmental officials, many of whom worry that US will use the Cloud Act to scoop up foreigners data.
The world, understandably, has questions about the Cloud Act. The problem is, the rhetoric does not match the reality.
In contrast to the oft-heard assertions, the Cloud Act is a narrowly tailored act of limited application. It specifies that the US law enforcement officials can, in connection with a criminal investigation and according to detailed and specific standards and procedures, request emails and other data held by those companies subject to US jurisdiction.
The obligation to produce the sought-after data applies regardless of where the underlying 0s and 1s are stored.
Importantly, the Cloud Act is not an intelligence gathering tool. It is not an economic espionage tool. Law enforcement officials can only demand access to the data if it supports a criminal investigation over which the US has jurisdiction to prosecute.
READ:Should we be worried that the state will use mobile phones to trace us during the Covid-19 pandemic?
In order to get access to the data, law enforcement must meet specified standards and follow specified procedures. These standards and procedures apply across the board, whether the US is seeking the data of an American citizen, resident or foreigner.
For content, law enforcement needs a warrant issued by an independent judge based on a finding of probable cause. This is a relatively high bar for law enforcement to meet. In fact it is a more robust and more privacy protective standard than applies in just about any other country in the world.
Moreover, the reach is limited. US law enforcement cannot issue demands for emails and other communications content, from foreign companies that operate wholly outside the US.
That would be an extraterritorial assertion of authority and US law does not provide any mechanism for issuing warrants extraterritorially.
Contrast that with the draft EU E-evidence Directive, which requires any company that offers any services to the EU residents to install an EU-based representative, thereby ensuring EU jurisdiction over otherwise extraterritorially-located companies.
There is no equivalent requirement in US law.
Contrary to the rhetoric, the Cloud Act also adopts new provisions specifically designed to take into account foreign sovereign interests. It explicitly provides for a new statutory motion to quash a conflict with foreign law and if certain conditions are met.
It also expressly preserves the right of service providers to raise court challenges based on conflicting foreign law, even in situations where the statutory motion to quash is not available. This helps ensure that foreign government interests are taken into account.
We have not seen any such challenges litigated to date, in part because the conflicts have, at least until now, been more theoretical than real.
Consider the run-of-the mill US investigation of an American citizen with respect to a local murder or fraud investigation. Imagine that the US law enforcement officials served a warrant on Google or Facebook for relevant data, but, for whatever reason, the data is stored outside the US. Few, if any, foreign governments would claim a sovereignty invasion if the companies turned over that data.
Notably, despite the claims of some, Ireland never asserted a sovereignty violation in the long-standing litigation over whether US law enforcement officials could compel Microsoft to disclose emails held on a server in Dublin.
In court filings, Ireland emphasised that it would, in response to a diplomatic request, work with US government officials to access the data. But it never claimed that the US was required to make such a request. Or that the alternative approach taken violated its sovereignty.
That said, there are times when a conflict would arise if, say, the US is compelling the production of foreigners data protected by foreign law. Here, there is a legitimate foreign government interest at stake, that of protecting ones own citizens and residents.
If and when such a conflict arises, providers can and should bring a motion to quash, as the Cloud Act clearly allows. (US officials also should take steps to avoid such conflicts.)
This kind of approach makes sense. What matters is the protection of ones citizens and residents, not the location of bits and bytes that happen to flow through ones borders.
Meanwhile, the second part of the Cloud Act was, as many seem to forget, enacted at the behest of foreign governments, particularly the UK. Specifically, it was adopted in response to foreign governments frustrations about the difficulties in accessing their own nationals and residents communication content from US-based providers.
It puts in place a mechanism by which foreign governments can, subject to numerous safeguards and pre-conditions, request certain communications content from US-based service providers. This enables foreign governments to access certain data more expeditiously, without having to go through the laborious mutual legal assistance process to do so.
Of particular concern, the Cloud Act scapegoat is being pointed to by countries around the world to set limits on the transfer of data outside ones borders. The ironic result the US, through the Cloud Act, has taken steps to reduce restrictions on data transfers at the same time that other countries are pointing to the same act in support of their own data localisation mandates.
The Cloud Act is not perfect, but it is not the evil or expansive assertion of US snooping power that some claim it to be. To the contrary, it is a modest criminal law provision that largely codifies the status quo and adopts new provisions explicitly designed to accommodate foreign interest in US-held data.
Jennifer Daskal is a professor at the American University Washington College of Law
Original post:
Cloud Act is not a sovereign aggressive overreach by the US - News24
- EDA moves to the cloud - eeNews Europe - December 29th, 2020
- One Option You Shouldnt Overlook When Setting Up a Security Camera - The New York Times - December 29th, 2020
- This is the best Google Cloud Print alternative - Android Police - December 29th, 2020
- Finding the balance between edge AI vs. cloud AI - TechTarget - December 29th, 2020
- Cybercriminals to focus on remote and cloud-based systems in UAE next year - Gulf Business - December 29th, 2020
- Top 10 Hyperconverged Infrastructure (HCI) Solutions - Datamation - December 29th, 2020
- The Diminishing Role of Operating Systems | IT Pro - ITPro Today - December 29th, 2020
- Building a Better U.S. Approach to TikTok and Beyond - Lawfare - December 29th, 2020
- Legacy IT: The hidden problem of digital transformation - SC Magazine - December 29th, 2020
- TGen Leverages phoenixNAP's Hardware-as-a-Service Powered by Intel to Empower COVID-19 Research - PR Web - December 29th, 2020
- Global Cloud Server Market Share, Competition Analysis, COVID-19 Impact Analysis & Projected Recovery, and Market Sizing & Forecast to 2026 -... - December 29th, 2020
- Private Cloud Server Market Report, History And Forecast 2020-2025, Breakdown Data By Manufacturers, Key Regions, Types And Application - The Monitor - December 29th, 2020
- Bare Metal Cloud Market Poised to Expand at a Robust Pace Over 2025 - Farming Sector - December 29th, 2020
- 4 reasons your business needs to switch to cloud servers - TechEngage - December 19th, 2020
- Microsoft is designing its own ARM-based processor for Surface and cloud servers - Digital Trends - December 19th, 2020
- Dedicated server or cloud server: which one to choose? - Business MattersBusiness Matters - December 19th, 2020
- Cybersecurity expert: After Russian hack, common security tools, including cloud-based multi-factor systems, shown to be less effective in preventing... - December 19th, 2020
- Remote and cloud-based systems to be ruthlessly targeted next year - Help Net Security - December 19th, 2020
- The ROI of Cloud-Based Email - TechDecisions - December 19th, 2020
- The Advantages of Running your ERP Off-Premise During the COVID-19 Era - BBN Times - December 19th, 2020
- The balkanization of the cloud is bad for everyone - MIT Technology Review - December 19th, 2020
- When Is a Good Time For SMBs To Move Their IT Infrastructure To the Cloud? - Entrepreneur - December 19th, 2020
- AWS reveals array of new cloud observability and other new tools at re:Invent - SiliconANGLE News - December 19th, 2020
- TaxBandits Offers Cloud Based Solution For E-filing Forms W-2, 1099, 94x Series, and ACA 1095 for 2020 Tax Year. - CPAPracticeAdvisor.com - December 19th, 2020
- Programmable NICs Will Empower the Future of the Network - CEOWORLD magazine - December 19th, 2020
- Amazon's weird Halo band is now available if you want to pay $4/month for fitness tracking - Android Police - December 19th, 2020
- Microsoft Says Its Systems Were Exposed to SolarWinds Hack - Data Center Knowledge - December 19th, 2020
- Holiday-proof your Business with Cloud Solutions - The Edge Markets MY - December 19th, 2020
- Gurucul Cloud-native Analytics-driven XDR Platform Sets New Standard for Real-Time Threat Detection and Incident Response - Business Wire - December 19th, 2020
- Run Kubernetes at the edge with these K8s distributions - TechTarget - December 19th, 2020
- How Technology Is Revolutionizing the Unorganized Parking Sector in India and the Road Ahead - News18 - December 19th, 2020
- Cloud Server: The advantages and why Kronos Cloud is worth trying - Programming Insider - December 6th, 2020
- Amazon details cause of AWS outage that hobbled thousands of online sites and services - GeekWire - December 6th, 2020
- Can we really trust the Cloud with our data? - The Next Web - December 6th, 2020
- An Introduction to Cloud Computing | Ethical Hacking | EC-Council Blog - EC-Council Blog - December 6th, 2020
- Google Cloud Will Not Be Able To Overtake Microsoft Azure - Forbes - December 6th, 2020
- Google builds out Cloud with Actifio acquisition Blocks and Files - Blocks and Files - December 6th, 2020
- 5 advantages of a cloud disaster recovery plan - BAI Banking Strategies - December 6th, 2020
- Your Digital Transformation Will Be as Successful as the Foundation Its Built On - CMSWire - December 6th, 2020
- Kubernetes: What You Need To Know - Forbes - December 6th, 2020
- 3 cloud computing trends to watch in 2021 - TechHQ - December 6th, 2020
- Amazon Web Service Explains Its Major OutageAnd Other Small Business Tech News - Forbes - December 6th, 2020
- How AWS is computing the future of the cloud - SiliconANGLE News - December 6th, 2020
- ONF Announces Aether 5G Connected Edge Cloud Platform Being Used as the Software Platform for Pronto Project - sUAS News - December 6th, 2020
- International health IT week in review: December 6 - Pulse+IT - December 6th, 2020
- Lenovo boosts low end all-flash array with end-to-end NVMe - Blocks and Files - December 6th, 2020
- Bull of the Day: Baidu (BIDU) - Yahoo Finance - December 6th, 2020
- A re:Invent like no other shows an AWS capitalizing on 2020 chaos - Diginomica - December 6th, 2020
- The Mystery Behind the Aarogya Setu App - TheLeaflet - The Leaflet - December 6th, 2020
- People Cant Vacuum Or Use Their Doorbell Because Amazons Cloud Servers Are Down - Gizmodo Australia - November 26th, 2020
- Inside Innovation: 'In the cloud we trust' doesn't hack it for ransomware protection - Daily Commercial News - November 26th, 2020
- Will edge computing become the new cloud in 2021? - TechRepublic - November 26th, 2020
- Cloud Server Market ? What Factors Will Drive The Market In Upcoming Years And How It Is Going To Impact On Global Industry | (2020-2026) - The... - November 26th, 2020
- IP surveillance: The storage it needs, on-premise and in the cloud - ComputerWeekly.com - November 26th, 2020
- Does AD CS Work in the Cloud? - Security Boulevard - November 26th, 2020
- SKT Unveils its AI Chip and New Plans for AI Semiconductor Business - HPCwire - November 26th, 2020
- Calculating the Total Cost of Hybrid Cloud - Data Center Knowledge - November 26th, 2020
- Cloud Server Market Research Report: Overview With Geographical Segmentation By Revenue With Forecast 2026 - Cheshire Media - November 26th, 2020
- Cryptomining Worm Uses Third-Party Software to Target Cloud - Security Intelligence - November 26th, 2020
- SKT new AI chip changes the company's AI semiconductor bu... - evertiq.com - November 26th, 2020
- Should IT Support Always Be Handled In-House? Are There Other Options? - ABCmoney.co.uk - November 26th, 2020
- Home Automation System Market worth $63.2 billion by 2025 - Exclusive Report by MarketsandMarkets - PRNewswire - November 26th, 2020
- Global Managed Servers Industry Market Growth Graph To Demonstrate Inclination Towards Positive Axis By 2026 - The Courier - November 26th, 2020
- Everett Police will put body cameras on all its officers - Snohomish County Tribune - November 26th, 2020
- NetRange moves browser to the cloud in new smart TV range - Broadband TV News - November 26th, 2020
- Hackers steal and save Spotify login information - Somag News - November 26th, 2020
- Three Reasons Why You Should Invest in Cloud-based Email - My TechDecisions - TechDecisions - November 4th, 2020
- No way to go but up as cloud solutions shape the future of business - CNN Philippines - November 4th, 2020
- The global cyber insurance market is expected to reach a value of $70,671.9 million by 2030, from $5,573.2 million in 2019 - Yahoo Finance - November 4th, 2020
- Moving to cloud-native applications and data with Kubernetes and Apache Cassandra - JAXenter - November 4th, 2020
- How Digital Twins Accelerate the Growth of IoT - IoT For All - November 4th, 2020
- Bluebeam expands its global Studio data infrastructure - Planning, BIM & Construction Today - November 4th, 2020
- The journey to a cloud BSS - Ericsson - November 4th, 2020
- Edge computing strategies will determine the next cloud frontier - TechTarget - November 4th, 2020
- How do we protect the hybrid workplace? - TechHQ - November 4th, 2020
- Evolution of File Sharing and its method - InfotechLead.com - November 4th, 2020
- Amazon: The Coming Graviton3 - Seeking Alpha - November 4th, 2020
- Windows Admin Center is Coming to the Azure Portal - Petri.com - November 4th, 2020
- Sophos Uncovers Attackers Targeting Non-Governmental Organizations in Myanmar With New 'KilllSomeOne' Backdoor - GlobeNewswire - November 4th, 2020
- IBM Delivered An RDi Update, Too - IT Jungle - November 4th, 2020
Recent Comments