First of all, the Cloud Act was snuck in to an unrelated 2,300 page funding bill that had to pass. It wasn’t reviewed by any committee and was never presented before congress. It was given to members of the House with less than 24 hours to read the entire 2,300 page document. Secondly, the CLOUD Act still has some serious privacy concerns that has groups like the ACLU and EFFconcerned about how foreign governments will be able to use it to access American servers and the data and communications of American citizens without an American warrant.
The Electronic Frontier Foundation goes into some of their concerns and the massive privacy risks this opens American citizens up to in this article:
As we wrote before, the CLOUD Act is a far-reaching, privacy-upending piece of legislation that will:
- Enable foreign police to collect and wiretap people’s communications from U.S. companies, without obtaining a U.S. warrant.
- Allow foreign nations to demand personal data stored in the United States, without prior review by a judge.
- Allow the U.S. president to enter “executive agreements” that empower police in foreign nations that have weaker privacy laws than the United States to seize data in the United States while ignoring U.S. privacy laws.
- Allow foreign police to collect someone’s data without notifying them about it.
- Empower U.S. police to grab any data, regardless if it’s a U.S. person’s or not, no matter where it is stored.
And an example of how it could be used:
London investigators want the private Slack messages of a Londoner they suspect of bank fraud. The London police could go directly to Slack, a U.S. company, to request and collect those messages. The London police would not necessarily need prior judicial review for this request. The London police would not be required to notify U.S. law enforcement about this request. The London police would not need a probable cause warrant for this collection.
Predictably, in this request, the London police might also collect Slack messages written by U.S. persons communicating with the Londoner suspected of bank fraud. Those messages could be read, stored, and potentially shared, all without the U.S. person knowing about it. Those messages, if shared with U.S. law enforcement, could be used to criminally charge the U.S. person in a U.S. court, even though a warrant was never issued.
This bill has large privacy implications both in the U.S. and abroad. It was never given the attention it deserved in Congress.
Foreign governments can now access the data of American citizens without ever going through a US court and without a US judge ever signing off on it. Completely legally.