No country is an island, especially in cyberspace: the US CLOUD Act and its international reach - part 3
In this third and final post in the series we take a look at reactions to the US CLOUD Act and offer some concluding thoughts
Welcome to this third and final part of our series on the CLOUD Act.
In the first post of the series, Part one, “Introduction and context”, we looked at some of the catalysts for the changes introduced by the CLOUD Act.
In our last post, Part two, “Key features of the Act”, we looked at the Act’s extraterritorial application and the new “executive agreements” mechanism under the Act.
In this third and final post of the series we take a look at reactions to the Act and offer some concluding thoughts.
Reactions to the Act
The tech sector
Generally speaking, the tech sector has welcomed the Act, mainly due to the certainty it has the potential to provide for corporates on the receiving end of a request (or warrant) from a government agency for access to data held offshore.
In a coordinated push in the lead-up to the Act being signed into law by President Trump, various industry players wrote to Senators and representatives involved in sponsoring or considering the then Bill, advocating its enactment.
On 6 February 2018 tech heavyweights including Apple, Google, Microsoft and Facebook, co-authored a supportive letter to the Bill’s political sponsors. That letter stated that the Act would provide “a logical solution for governing cross-border access to data” and would be “an important step toward enhancing and protecting individual privacy rights, reducing international conflicts of law and keeping us all safer”. Furthermore, it would “allow law enforcement to investigate cross-border crime and terrorism in a way that avoids international legal conflicts”.
Also on 6 February 2018, various internet and cyber related trade associations banded together to write a letter commending the Bill by stating it “would establish a clear statutory right for providers to challenge an order that would [otherwise] create a conflict of law”.
Following President Trump’s signing of the Cloud Act into law, Microsoft’s Brad Smith wrote in one of his “Microsoft in the Issues” blog posts that the Act is “an important milestone in the journey to modernize the law, enable enforcement officials to do their jobs and protect people’s privacy right across borders.”
In that blog post Mr Smith focused on the comity of international laws as an important safeguard – we’ll come back to that later in this post.
Mr Smith’s post also helpfully provides a link to a document setting out numerous statements of support for the Act, including the letters referred to above and other statements or comments from the UK and Australian governments, members of Congress, academics and various other tech industry lobby groups and associations.
Human rights and privacy groups
Groups with an interest in the fields of human rights and privacy have not necessarily been so supportive.
The Electronic Frontier Foundation (EFF), for example, has been critical of a number of aspects of the Bill.
EFF and others are opposed to a new mechanism that circumvents the Mutual Legal Assistance Treaty (MLAT) process on the basis that MLAT contained more robust safeguards against the abuse of state power and the infringement of civil liberties.
As noted in part two of this series of TechKnowChat blogs, it is likely that the UK will be one of the first countries to execute an executive agreement with the US. The EFF considers that such an arrangement would be “a backwards step for privacy, because UK law makes it easier than US law for police to seize data form service providers”.
A similar range of concerns was flagged by the EFF together with a coalition of 20 other privacy advocates in a letter to the US Congress dated 20 September, 2017.
Controversy over the Bill’s entry into law
Somewhat controversially in the eyes of some, the CLOUD Bill was included in an omnibus Bill rather than being submitted as a stand-alone piece of legislation. This led some to argue that the CLOUD Bill did not face the same level of scrutiny it would otherwise have attracted.
Microsoft’s Brad Smith noted that, “[a]lthough the CLOUD Act resulted from successive drafts over several years, its passage surprised many. And the speed with which it happened was a bit of a shock.”
Given the bipartisan support behind the Bill, it is difficult to say whether the level of debate would have been significantly greater had the Bill ben submitted alone.
Now that the Act is law, it will be interesting to see how the executive agreement power is exercised. Bilateral executive agreements are likely to be limited to America’s trusted friends and allies – one only needs to consider the criteria for entry into such agreements set out in the Act (see the discussion of executive agreements in part two of this series).
In our own domestic arena, the Australian government is certainly interested in concluding an executive agreement under the Act. When that eventuates we speculate there will be increased interest in the impact of the Act and how it sits with safeguards for privacy and civil liberties under Australian domestic law.
New point of law: What can be considered as a protected document?
A look at Environment Protection Authority v Sydney Water Corporation  NSWLEC 119.
Applications to replace trustees in bankruptcy: Insights for trustees from the bankrupt estate of Salim Mehajer
By Marelda Hibberd & Michael Wells
The Court’s judgment and insights to assist trustees navigate difficult estates and deal with recalcitrant bankrupts.
Australian Modern Slavery Act Review: what you need to know and how you can prepare
By Sonia Sharma, Chloe Tutt, Javvad Jaffry, Colin Yuan
Our anti-modern slavery compliance experts outline some of the key recommendations from the Report.
Stormy weather delays Microsoft’s acquisition of Activision Blizzard
Global regulators out of sync on Microsoft's $69 billion purchase of video game giant.