Data Centre


CLOUD Act hits Senate to lube up US access to data stored abroad

That's 'Clarifying Lawful Overseas Use of Data'. Nice

By Rebecca Hill


Tech giants including Microsoft, Google and Apple have given a proposed US law on overseas data sharing the thumbs-up.

The bipartisan Clarifying Lawful Overseas Use of Data Act (PDF), introduced to the Senate yesterday, aims to iron out confusion around which laws apply when governments want access to data stored in the cloud.

Senators Orrin Hatch, Christopher Coons, Lindsey Graham and Sheldon Whitehouse said that the US government's efforts to access data stored overseas are impeded by exactly that.

"In today's world of email and cloud computing, where data is stored across the globe, law enforcement and tech companies find themselves encumbered by conflicting data disclosure and privacy laws," said Hatch.

"We need a common-sense framework to help law enforcement obtain critical information to solve crimes while at the same time enabling email and cloud computing providers to comply with countries' differing privacy regimes."

The most obvious example where existing laws fail to address cloud storage is the ongoing legal wrangling between Microsoft and the US government.

The state says the Stored Communications Act requires Microsoft to share crime suspects' emails, but Redmond has refused, saying the search warrant can't reach beyond US borders.

The new bill would render this argument moot by adding a section to the SCA that says firms must pass on data in their possession, even if it is held outside the US:

A provider of electronic communication service or remote computing service shall comply with the obligations of this chapter to preserve, backup, or disclose the contents of a wire or electronic communication and any record or other information pertaining to a customer or subscriber within such provider's possession, custody, or control, regardless of whether such communication, record, or other information is located within or outside of the United States.

The proposal has won the approval of big tech firms, which have previously called for the SCA to be updated to reflect technological advances like the cloud.

Microsoft president Brad Smith said that his firm had "long argued for the US Congress to modernize laws" and that the proposal was "an important step toward enhancing and protecting privacy while reducing international legal conflicts".

Along with Apple, Facebook, Google and Oath, Microsoft wrote joint letters (PDF) of support to the senators and the representatives that have brought companion legislation.

Part of their support for the bill is because of the safeguards built into it.

These include a motion to quash or modify the legal process if it believes the customer isn't a US citizen and that disclosure "creates a material risk" that the firm would violate the laws of another government.

"The CLOUD Act encourages diplomatic dialogue, but also gives the technology sector two distinct statutory rights to protect consumers and resolve conflicts of law if they do arise," the signatories write.

"The legislation provides mechanisms to notify foreign governments when a legal request implicates their residents, and to initiate a direct legal challenge when necessary."

Oi, force Microsoft to cough up emails on Irish servers to the Feds, US states urge Supremes


As well as offering the US government access to data held overseas, the CLOUD Act aims to help foreign governments slurp up data held by US providers.

It would also allow for the US government to sign formal, bilateral data sovereignty agreements with other countries setting standards for cross-border investigative requests for digital evidence related to serious crime and terrorism.

The proposed law states that such deals could only be struck if certain conditions are met, including that the foreign country has "robust" standards on human rights and privacy protections, and that the agreement has taken steps to minimise data slurping on US citizens.

The foreign government must reciprocate by removing any legal restrictions that prevent compliance with requests from US law enforcement.

The US is in talks with the UK government over such an agreement and the UK's Prime Minister, Theresa May, last night endorsed the proposed Act in a phone call with President Trump.

"With it [the CLOUD Act], law enforcement officials in the US and the UK will be empowered to investigate their citizens suspected of terrorism and serious crimes like murder, human trafficking, and the sexual abuse of children regardless of where the suspect's email or messages happen to be stored," a Downing Street spokesperson said. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Home users due for a battering with Microsoft 365 subscription stick

Job opening at Redmond points to new consumer services

US Department of Defense to sling an estimated $3.17bn at Microsoft resellers

Cash to be splashed over 10 years on software sporting a Microsoft badge

Microsoft pulls Office 2010 updates because they're big in Japan. As in, big pain in the ASCII

Software performance tweaks have opposite effect

It WASN'T the update, says Microsoft: Windows 7 suffers identity crisis as users hit by activation errors

Activation server fiddling on day of monthly update... really?

It's the wobbly Microsoft service sweepstake! If you have 'Teams', you've won a lifetime Slack sub

Just kidding, no one deserves that. But you'd be right

Pull request accepted: You want to buy GitHub, Microsoft? Go for it – EU

Eurocrats reckon that anti-competitiveness from Redmond would be a massive foot-shooting exercise

New era for Japan, familiar problems: Microsoft withdraws crash-tastic patches

Upcoming calendar change more than Office can handle

Microsoft has signed up to the Open Invention Network. We repeat. Microsoft has signed up to the OIN

That 60,000 patents in your pocket or are you just pleased to see us?

Microsoft Germany emerging from behind Deutsche Telekom cloud

Frankfurt, Berlin regions to launch end of 2019, T-Systems 'trustee' deal to be retired

Microsoft wants to cart your data away in a box and punt it onto Azure

Ignite 1PB of Fedex-able rack-on-rollers