Feb 6, 2018

What's in the CLOUD Act for international data warrants

Photo by AaronP/Bauer-Griffin/GC Images

A bipartisan cohort of senators offered new legislation Tuesday that would provide a more workable legal framework for law enforcement officials to request data stored on foreign servers.

Why it matters: Currently, it is hazy at best whether a U.S. warrant can require a company to retrieve overseas data without the permission of the country the server hosting the data is in.

Microsoft and the Department of Justice are debating ambiguity in the current process before the Supreme Court. Both have asked legislators to resolve the issue outside the courts. The confusion stems from the international agreements that govern how law enforcement requests evidence from foreign countries.

  • In the Microsoft case, the software giant was asked to retrieve an email stored in Ireland without going through the Mutual Legal Assistance Treaty process. The DOJ argues that the email would be accessible from within the United States — meaning the search and seizure would take place within national boundaries.

Sens. Orrin Hatch (R-UT), Chris Coons (D-DE), Lindsey Graham (R-SC), and Sheldon Whitehouse (D-RI) introduced the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which would allow the U.S. to develop bilateral reciprocal agreements to share digital evidence.

  • The new law would create a system for providers to challenge all warrants based on international comity concerns, but would clarify that the U.S. could seek warrants that would be valid pending any review.
  • The current process makes it illegal for a company with a U.S. server to provide data to a foreign government if the roles are reversed. Microsoft worries that going around the countries hosting the data servers would put them in legal jeopardy abroad.

What they're saying:

“Solving the issue of cross-border data sharing needed to happen yesterday. As I said at the hearing I chaired last year on this matter, the United States Congress must deliver in short order to resolve this issue,” said Graham in a statement. “It’s unacceptable that law enforcement in the U.S. has been unable to obtain data from technology companies because of outdated laws."
Go deeper