By Gianna Korpita

The CLOUD Act

As part of the President’s $1.3 trillion government spending bill, the Clarifying Overseas Use of Data (CLOUD) Act expands the reach and accessibility to people’s data across international borders. Recently approved in both the House and Senate, the CLOUD Act creates a provision for law enforcement officials, ranging from local police to federal agents, to access contents of electronic communications and records about a person regardless of where the person lives or where their information is located around the world. Specifically, law enforcement officials can compel service providers such as Snapchat, Google, Twitter, Instagram, or Facebook to turn over a user’s content and metadata even if that data is stored in a foreign jurisdiction outside of the United States. This Act has led to concerns about data privacy laws.

Executive Orders

U.S. companies host and carry the majority of the globe’s Internet traffic. These U.S. companies operate not only in the U.S., but also store a majority of their users’ data in foreign jurisdictions through cross-border data storage processes. In order for law enforcement to obtain data stored in foreign jurisdictions, the U.S. President would need to enter into executive orders with foreign nations. These executive orders would be agreements between the U.S. and the countries where U.S. companies store their data. Once an executive order is in place, data can be exchanged on demand by a law enforcement official.

How Does the Data-Seizure Work?

Through the CLOUD Act, both United States law enforcement and foreign law enforcement will be granted new ways to seize the data of people around the world. This means that an individual’s private emails, online chat messages, social media photos and videos, and many other internet interactions are open to confiscation without a warrant. If law enforcement wishes to gain access to any information about a person, they can compel companies to hand over the data. For example, the U.S. can request foreign police to collect and wiretap U.S. communications located in their foreign jurisdictions without obtaining a U.S. warrant. Additionally, foreign jurisdictions who wish to prosecute someone in their jurisdiction can obtain the data stored in their foreign jurisdiction by a U.S. company. More so, if a foreign jurisdiction wishes to obtain data stored in the U.S., they could do so on demand. This ability to freely request and collect data is a non-traditional process. Typically, data collection involving U.S. companies would require a warrant and the review of a U.S. judge. However, the CLOUD Act eliminates this process.

Effects on Pending Litigation

More so, the CLOUD Act may have an adverse effect on current pending U.S. litigation. For example, the current case before the Supreme Court, United States v. Microsoft, involves the question of whether current U.S. data privacy laws allow U.S. law enforcement to serve warrants for information stored outside of the U.S. in foreign jurisdictions. In 2013, Microsoft was served a warrant that demanded emails of one of its users who was a suspect in a drug trafficking case. The emails of the U.S. citizen were stored on Microsoft’s Ireland server. Microsoft contended that the U.S. did not have any jurisdiction in Ireland, and Ireland officials agreed. The Supreme Court was expected to make a decision about the privacy issue by summer 2018, but the recent CLOUD Act may necessarily make this case moot. With the passage of the CLOUD Act a warrant would be irrelevant, and Microsoft would have to turn over the data of the U.S. citizen stored in Ireland.

Supporters and Opponents

Many critics of the CLOUD Act argue that it circumvents the Fourth Amendment guarantee that individuals are to be protected against unreasonable searches and seizures. Critics believe it gives the executive branch too much power and opens up people to severe privacy violations without due process afforded them under the U.S. Constitution. However, supporters believe the CLOUD Act could be an effective method of obtaining data about a suspected criminal where time is of the essence. With the CLOUD Act being so new, only time will tell if sacrificing digital data privacy rights is worth the freedom of access to global data.

Student Bio: Gianna Korpita is currently a 2L student at Suffolk University Law School. She holds a Bachelor of Science in Business Management and Administration from Boston University. She is originally from Hackettstown, NJ and has previously worked in both banking and telecommunications prior to attending law school.

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.