Rights groups sounded the alarm over the recently introduced Clarifying Lawful Overseas Use of Data (CLOUD) Act, ostensibly meant to streamline the process through which law enforcement accesses data across borders, saying that it instead would circumvent Fourth Amendment protections and put human rights activists at risk.
The act would essentially provide a “backdoor” for law enforcement at home and abroad to access emails, chat logs, videos and photos, “without following the privacy rules where the data is stored,” according to an Electronic Frontier Foundation (EFF) blog post.
The CLOUD Act backdoor “operates much in the same way” as provisions under Section 702 of the FISA Amendments Act that let police “search, read and share” private communications without obtaining a warrant, the post states. Essentially, “U.S. police could obtain Americans' data, and use it against them, without complying with the Fourth Amendment.”
American Civil Liberties Legislative Counsel Neema Singh Guliani wrote in a blog post that the act “would empower Attorney General Sessions in new disturbing ways,” and warned that “some members of Congress may be working behind the scenes to sneak it into a gargantuan spending bill that Congress will shortly consider.”
This would confer the executive branch with “dramatically more power than it has today,” allowing the attorney general “to enter into agreements with foreign governments that bypass current law, without any approval from Congress,” Guliani wrote. “Under these agreements, foreign governments would be able to get emails and other electronic information without any additional scrutiny by a U.S. judge or official.”
Both the EFF and ACLU, as well as groups like Amnesty International, are concerned that the legislation would not only trample privacy but also put human rights activists and others at risk. “While the attorney general would need to consider a country's human rights record, he is not prohibited from entering into an agreement with a country that has committed human rights abuses,” she wrote.
The bill would replace what Guliani told reporters Thursday is “a fairly robust process” that exists in current law that essentially vets requests for data from foreign governments. Instead, the proposed legislation would let those governments “go directly to providers” with those requests and “companies could give data directly to foreign governments.”
Likewise, the “U.S. government could get information stored abroad” – the act doesn't “specify requirements” that must be met.
Naureen Shah, senior director of campaigns at Amnesty International USA, said the CLOUD Act doesn't include “a mechanism” for “any review” of data requests.
Earlier in the week, a coalition of rights groups including the ACLU sent a letter to lawmakers pointing to deficiencies in the bill and urged them to oppose it “and efforts to attach it to other pieces of legislation.”