Data Centre

Cloud

CLOUD Act hits Senate to lube up US access to data stored abroad

That's 'Clarifying Lawful Overseas Use of Data'. Nice

By Rebecca Hill

37 SHARE

Tech giants including Microsoft, Google and Apple have given a proposed US law on overseas data sharing the thumbs-up.

The bipartisan Clarifying Lawful Overseas Use of Data Act (PDF), introduced to the Senate yesterday, aims to iron out confusion around which laws apply when governments want access to data stored in the cloud.

Senators Orrin Hatch, Christopher Coons, Lindsey Graham and Sheldon Whitehouse said that the US government's efforts to access data stored overseas are impeded by exactly that.

"In today's world of email and cloud computing, where data is stored across the globe, law enforcement and tech companies find themselves encumbered by conflicting data disclosure and privacy laws," said Hatch.

"We need a common-sense framework to help law enforcement obtain critical information to solve crimes while at the same time enabling email and cloud computing providers to comply with countries' differing privacy regimes."

The most obvious example where existing laws fail to address cloud storage is the ongoing legal wrangling between Microsoft and the US government.

The state says the Stored Communications Act requires Microsoft to share crime suspects' emails, but Redmond has refused, saying the search warrant can't reach beyond US borders.

The new bill would render this argument moot by adding a section to the SCA that says firms must pass on data in their possession, even if it is held outside the US:

A provider of electronic communication service or remote computing service shall comply with the obligations of this chapter to preserve, backup, or disclose the contents of a wire or electronic communication and any record or other information pertaining to a customer or subscriber within such provider's possession, custody, or control, regardless of whether such communication, record, or other information is located within or outside of the United States.

The proposal has won the approval of big tech firms, which have previously called for the SCA to be updated to reflect technological advances like the cloud.

Microsoft president Brad Smith said that his firm had "long argued for the US Congress to modernize laws" and that the proposal was "an important step toward enhancing and protecting privacy while reducing international legal conflicts".

Along with Apple, Facebook, Google and Oath, Microsoft wrote joint letters (PDF) of support to the senators and the representatives that have brought companion legislation.

Part of their support for the bill is because of the safeguards built into it.

These include a motion to quash or modify the legal process if it believes the customer isn't a US citizen and that disclosure "creates a material risk" that the firm would violate the laws of another government.

"The CLOUD Act encourages diplomatic dialogue, but also gives the technology sector two distinct statutory rights to protect consumers and resolve conflicts of law if they do arise," the signatories write.

"The legislation provides mechanisms to notify foreign governments when a legal request implicates their residents, and to initiate a direct legal challenge when necessary."

Oi, force Microsoft to cough up emails on Irish servers to the Feds, US states urge Supremes

READ MORE

As well as offering the US government access to data held overseas, the CLOUD Act aims to help foreign governments slurp up data held by US providers.

It would also allow for the US government to sign formal, bilateral data sovereignty agreements with other countries setting standards for cross-border investigative requests for digital evidence related to serious crime and terrorism.

The proposed law states that such deals could only be struck if certain conditions are met, including that the foreign country has "robust" standards on human rights and privacy protections, and that the agreement has taken steps to minimise data slurping on US citizens.

The foreign government must reciprocate by removing any legal restrictions that prevent compliance with requests from US law enforcement.

The US is in talks with the UK government over such an agreement and the UK's Prime Minister, Theresa May, last night endorsed the proposed Act in a phone call with President Trump.

"With it [the CLOUD Act], law enforcement officials in the US and the UK will be empowered to investigate their citizens suspected of terrorism and serious crimes like murder, human trafficking, and the sexual abuse of children regardless of where the suspect's email or messages happen to be stored," a Downing Street spokesperson said. ®

Sign up to our NewsletterGet IT in your inbox daily

37 Comments

More from The Register

Microsoft has signed up to the Open Invention Network. We repeat. Microsoft has signed up to the OIN

That 60,000 patents in your pocket or are you just pleased to see us?

Microsoft Germany emerging from behind Deutsche Telekom cloud

Frankfurt, Berlin regions to launch end of 2019, T-Systems 'trustee' deal to be retired

Microsoft wants to cart your data away in a box and punt it onto Azure

Ignite 1PB of Fedex-able rack-on-rollers

Using Microsoft's Dynamics 365 Finance and Operations? Using Skype? Not for long!

Upcoming update could bork on-prem logins, warns Redmond

So what's Microsoft's counter-AWS cloud strategy? Don't be evil

Lil pupper yaps at big doge

IoT shouters Chirp get themselves added to Microsoft Azure IoT

Now your devices can join you in bellowing at Redmond's products

Microsoft adds delayed gratification to the Surface Hub 2 line

Ignite S version set for Q2 '19 debut, but full tiling pleasure on the X delayed

Robot Operating System gets the Microsoft treatment

RoTM What's that coming over the hill? Is it a robot? A Windows robot?

Microsoft gets edge on AWS with Azure Stack for government

Feds can now stick Redmond clouds into on-prem hardware

SoftwareONE goes Comparex: When one Microsoft reseller giant buys another

Two Redmond wranglers sitting in a tree...