The CLOUD Act was, for all intents and purposes, smuggled into the 2232-page US omnibus spending bill that was passed on Friday. Stipulations will drastically change internet privacy laws.
In the looming shadow of yet another potential government shutdown Friday, Congress passed and the president signed a $1.3 trillion spending bill[1] designed to keep the US federal government funded through the end of September.
The bill, which passed both the House (256-167) and Senate (65-23) on March 23, included a repeal of the Mutual Legal Assistance Treaties (MLATs), which had previously allowed for the exchange of information between the US and foreign governments when conducting cross-border investigations.
These MLATs have now been replaced by Division V of the omnibus bill, called the "Clarifying Lawful Overseas Use of Data Act," or CLOUD Act, which drastically expands international law enforcement powers.
Originally a stand-alone bill (S.2383[2]), the CLOUD Act was introduced by Senator Orrin Hatch (R-UT) and Representative Doug Collins (R-GA) in February to improve access to stored electronic data by law enforcement, domestically and abroad, and "for other purposes". The bill had not received a hearing prior to reappearing in the spending bill.
Expanded Congressional findings included in the bill are as follows:
(1) Timely access to electronic data held by communications-service providers is an essential component of government efforts to protect public safety and combat serious crime, including terrorism.
(2) Such efforts by the United States Government are being impeded by the inability to access data stored outside the United States that is in the custody, control, or possession of communications-service providers that are subject to jurisdiction of the United States.
(3) Foreign governments also increasingly seek access to electronic data held by communications-service providers in the United States for the purpose of combating serious crime.
(4) Communications-service providers face potential conflicting legal obligations when a foreign government orders production of electronic data that United States law may prohibit providers from disclosing.
(5) Foreign law may create similarly conflicting legal obligations when chapter 121[3] of title 18, United States Code (commonly known as the "Stored Communications Act"), requires disclosure of electronic data that foreign law prohibits communications-service providers from disclosing.
(6) International agreements provide a mechanism for resolving these potential conflicting legal obligations where the United States and the relevant foreign government share a common commitment to the rule of law and the protection of privacy and civil liberties.
Now, the CLOUD Act has come under the scrutiny of several government watchdogs. Critics, such as the Electronic Frontier Foundation[4] (EFF) and the American Civil Liberties Union[5] (ACLU), have sounded off on what is quickly becoming a focal point of the national conversation.
"In the final pages of the bill," wrote [6]the EFF's David Ruiz, "meant only to appropriate future government spending—lawmakers snuck in a separate piece of legislation that made no mention of funds, salaries, or budget cuts. Instead, this final, tacked-on
