Update: Last night, the House of Representatives passed the omnibus bill, which means the CLOUD Act has been advanced to the Senate. The Senate is expected to pass the bill easily, and then the legislation will be sent to President Trump, who has already announced that he will sign it. We will have to be vigilant and vocal as the Trump administration begins negotiating data exchange agreements with other countries.
Currently, if a foreign government wants user data from an American technology company they have to seek approval from the Department of Justice and a U.S. judge. The current system ensures that foreign governments cannot get access to personal data stored on the servers of American technology companies if the United States judicial system suspects they will use the information gained from that data to commit human rights abuses. For example, if the Philippines approached the United States government and asked for the Facebook communications of a known human rights activist critical of the Duterte regime, the United States would know that turning over those communications would almost definitely lead to detention or torture and would refuse. Devastatingly, a new bill making its way through Congress would upend the current process by taking decision making power away from the judiciary and giving it to the executive branch, particularly to Attorney General Jeff Sessions and the next Secretary of State, who just may be Mike Pompeo.
The bill, dubbed the Clarifying Lawful Overseas Use of Data (CLOUD) Act, is contained within the current omnibus appropriations bill that must pass Congress by Friday at midnight or another government shutdown will occur. If passed, the CLOUD Act would require that foreign governments get their requests for an individual’s data approved by the executive branch instead of an independent U.S. judge, which means that serious decisions that are potentially life or death for some activists and journalists worldwide might be tainted by politics instead of being impartial. The bill also gives the executive branch unilateral power in negotiating with foreign countries on these data exchange agreements, so there is no longer any guarantee that the United States will not turn over data to countries that are known human rights abusers. In effect, this means that if made Secretary of State Mike Pompeo, who has a tenuous relationship with human rights himself, could decide to turn over the Twitter messages of an activist in a country like Turkey if it would benefit the Trump administration or his Statement Department in some way.
Previously, the only way foreign governments could have access to content stored by American technology companies was to enter into a Mutual Legal Assistance Treaty (MLAT) with the United States government. These MLAT agreements maintained a constitutional system of checks and balances, since although the specifics were determined by the executive branch, they also required ratification by the Senate. Unfortunately, the CLOUD Act abolishes the role of Congress in the MLAT process and gives the Secretary of State and the Attorney General the freedom to enter data exchange agreements without any congressional oversight. Even if members of Congress vehemently disagree with a data exchange agreement entered into by the executive branch, there only means of action is to pass a joint resolution disapproving of the agreement, but the joint resolution is subject to the presidential veto.
The CLOUD Act would also undermine the privacy rights of American citizens. The executive branch is under no obligation to make sure the data exchange agreements they negotiate with foreign countries require those foreign countries to use caution and abide by our laws when obtaining the data of American citizens stored outside the United States. If passed, the CLOUD Act also allows other countries to wiretap on U.S. soil, which has never happened before.
The language in the CLOUD Act is appallingly vague. The bill redistributes powers once held by Congress and the judiciary to the executive branch, and then writes the executive branch a blank check to negotiate agreements that could have life or death consequences for dissidents worldwide. The language in the bill merely encourages the executive branch to keep human rights in mind when coming to a data exchange agreement with a foreign government, which is woefully lacking when we already have a system mindful of human rights and constitutional checks and balances. Once again, we are taking a step backwards on privacy rights. And once again, our government is choosing to hide the legislation that does it by putting it in a larger bill with a pressing deadline that doesn’t “allow” for amendments and public markup.