On March 23, 2018 President Trump signed a $1.3 Trillion dollar spending bill to keep the US government from shutting down. In that spending bill, congress snuck in The Clarifying Lawful Overseas Use of Data (CLOUD) Act. The premise of the CLOUD Act is widely overreaching in that it allows the US Government to access data which resides in foreign countries. According to the Electronic Freedom Foundation the act will allow:

“…the CLOUD Act is a far-reaching, privacy-upending piece of legislation that will:

* Enable foreign police to collect and wiretap people’s communications from U.S. companies, without obtaining a U.S. warrant.

* Allow foreign nations to demand personal data stored in the United States, without prior review by a judge.

* Allow the U.S. president to enter “executive agreements” that empower police in foreign nations that have weaker privacy laws than the United States to seize data in the United States while ignoring U.S. privacy laws.

* Allow foreign police to collect someone’s data without notifying them about it.

* Empower U.S. police to grab any data, regardless if it’s a U.S. person’s or not, no matter where it is stored.”

As you can see, this not only allows the US government to obtain information stored in foreign countries, it also allows foreign countries to also request information on US citizens. The fact that this can be done without a warrant, obviously violates an American citizens 4th amendment rights for reasonable search.

Though many privacy advocates in have been outspoken against the bill, Microsoft, who has been battling against US Justice Department for years is in favor of the bill. They have been battling the DOJ against releasing information in their Office 365 OneDrive service which is stored in a data center in Ireland. Due to the privacy regulations in the European Union, Microsoft was stuck in releasing such information.

The United States is already very weak in privacy laws, the fact that there is no federal law or amendment to the Constitution which protects the privacy of the American citizens; this further weakens privacy. It will be interesting to see how the CLOUD Act plays out not only in the courts in the years to come. It will also be interesting to see how this will play into the EU’s new General Data Protection Regulation (GDPR) which is meant to strengthen the privacy rights of EU citizens from countries which have weak privacy laws like those in the US.

Read more on the EFF’s websiteResponsibility Deflected, the CLOUD Act Passes