Data Centre


CLOUD Act hits Senate to lube up US access to data stored abroad

That's 'Clarifying Lawful Overseas Use of Data'. Nice

By Rebecca Hill


Tech giants including Microsoft, Google and Apple have given a proposed US law on overseas data sharing the thumbs-up.

The bipartisan Clarifying Lawful Overseas Use of Data Act (PDF), introduced to the Senate yesterday, aims to iron out confusion around which laws apply when governments want access to data stored in the cloud.

Senators Orrin Hatch, Christopher Coons, Lindsey Graham and Sheldon Whitehouse said that the US government's efforts to access data stored overseas are impeded by exactly that.

"In today's world of email and cloud computing, where data is stored across the globe, law enforcement and tech companies find themselves encumbered by conflicting data disclosure and privacy laws," said Hatch.

"We need a common-sense framework to help law enforcement obtain critical information to solve crimes while at the same time enabling email and cloud computing providers to comply with countries' differing privacy regimes."

The most obvious example where existing laws fail to address cloud storage is the ongoing legal wrangling between Microsoft and the US government.

The state says the Stored Communications Act requires Microsoft to share crime suspects' emails, but Redmond has refused, saying the search warrant can't reach beyond US borders.

The new bill would render this argument moot by adding a section to the SCA that says firms must pass on data in their possession, even if it is held outside the US:

A provider of electronic communication service or remote computing service shall comply with the obligations of this chapter to preserve, backup, or disclose the contents of a wire or electronic communication and any record or other information pertaining to a customer or subscriber within such provider's possession, custody, or control, regardless of whether such communication, record, or other information is located within or outside of the United States.

The proposal has won the approval of big tech firms, which have previously called for the SCA to be updated to reflect technological advances like the cloud.

Microsoft president Brad Smith said that his firm had "long argued for the US Congress to modernize laws" and that the proposal was "an important step toward enhancing and protecting privacy while reducing international legal conflicts".

Along with Apple, Facebook, Google and Oath, Microsoft wrote joint letters (PDF) of support to the senators and the representatives that have brought companion legislation.

Part of their support for the bill is because of the safeguards built into it.

These include a motion to quash or modify the legal process if it believes the customer isn't a US citizen and that disclosure "creates a material risk" that the firm would violate the laws of another government.

"The CLOUD Act encourages diplomatic dialogue, but also gives the technology sector two distinct statutory rights to protect consumers and resolve conflicts of law if they do arise," the signatories write.

"The legislation provides mechanisms to notify foreign governments when a legal request implicates their residents, and to initiate a direct legal challenge when necessary."

Oi, force Microsoft to cough up emails on Irish servers to the Feds, US states urge Supremes


As well as offering the US government access to data held overseas, the CLOUD Act aims to help foreign governments slurp up data held by US providers.

It would also allow for the US government to sign formal, bilateral data sovereignty agreements with other countries setting standards for cross-border investigative requests for digital evidence related to serious crime and terrorism.

The proposed law states that such deals could only be struck if certain conditions are met, including that the foreign country has "robust" standards on human rights and privacy protections, and that the agreement has taken steps to minimise data slurping on US citizens.

The foreign government must reciprocate by removing any legal restrictions that prevent compliance with requests from US law enforcement.

The US is in talks with the UK government over such an agreement and the UK's Prime Minister, Theresa May, last night endorsed the proposed Act in a phone call with President Trump.

"With it [the CLOUD Act], law enforcement officials in the US and the UK will be empowered to investigate their citizens suspected of terrorism and serious crimes like murder, human trafficking, and the sexual abuse of children regardless of where the suspect's email or messages happen to be stored," a Downing Street spokesperson said. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Azure certifications are awful, Microsoft admits, so it has made new ones

Changes to add ‘more of the skills that you actually need to be successful’

Microsoft pulls the plug on Windows 7, 8.1 support forums

Have you tried turning it off and.. err… off again?

Microsoft Store adds ‘private audience’ apps to its Store

A velvet rope for digital tat, to help with betas, promos and maybe Windows 10 S

Microsoft open-sources UI Recorder tool for Windows 10 developers

An easy way to create automated user-interface tests

Microsoft wants serious, non-gaming developers to make more money

Build Planned dev deal tweak lets programmers keep 95 per cent of revenue

Git365. Git for Teams. Quatermass and the Git Pit. GitHub simply won't do now Microsoft has it

Poll Tell us, what should the source shack be called post-Redmondisation?

Microsoft tries cutting the Ribbon in Office UI upgrade

We gotta put this in context, cos that's what Microsoft says matters these days

Even Microsoft's lost interest in Windows Phone: Skype and Yammer apps killed

Use iOS or Android, says Redmond, as telephony APIs sprout in Windows

Microsoft bids adieu to inky fingers with whiteboard app

Didn't we have one of those already? Yes, but this empowers ideation!

Class-action status snub for lawsuit alleging Microsoft mistreatment of women workers

Updated Redmond slips out of key provision in discrimination case