Last Friday, President Donald Trump signed the controversial $1.3 trillion government spending bill into law, despite opposition from concerned citizens and senators who complained the public did not have adequate time to read the 2,232-page bill. The massive bill was handed to representatives on Wednesday night and put to a vote the following morning. The bill passed the House with a 256-167 vote and the Senate with a 65-32 vote, before being sent to Trump.
The vast majority of the funds— about $700 billion— will be going to the Department of Defense to continue funding America’s expanding empire. However, as is typical in Washington D.C., the bill was not only focused on government spending.
“In the final pages of the bill—meant only to appropriate future government spending—lawmakers snuck in a separate piece of legislation that made no mention of funds, salaries, or budget cuts,” The Electronic Frontier Foundation reported. “Instead, this final, tacked-on piece of legislation will erode privacy protections around the globe.”
The bill in question is The Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, and its stated goal is to establish new standards for how the government acquires data outside of its jurisdiction. The CLOUD Act was heavily supported by the Department of Justice and major tech companies who stated the bill would advance consumer rights.
Senators Ron Wyden (D-OR) and Rand Paul (R-KY) released a joint statement demanding the CLOUD Act not be included in the spending bill, and a coalition of 24 human rights and privacy advocates led by the American Civil Liberties Union condemned the bill. However, as the EFF noted, the bill was never reviewed or marked up by any committee in the House or the Senate before being put to a vote. Instead of being given time to debate the nuances of the bill, lawmakers voted on the bill as part of the trillion-dollar spending bill.
The EFF and the American Civil Liberties Union have both come out against the CLOUD ACT, with the EFF stating that the bill will give U.S. and foreign law enforcement “new mechanisms to seize data across the globe.” Neema Singh Guliani, legislative counsel with the ACLU, wrote in an op-ed for The Hill that the bill “would allow countries to wiretap on U.S. soil for the first time, including conversations that foreign targets may have with people in the U.S., without complying with Wiretap Act requirements.”
This includes private emails, instant messages, Facebook, Google, Snapchat, and any other communications or photos individuals have shared on the internet. The CLOUD Act will also allow foreign nations to access personal data that is stored on servers in the United States without approval by a judge. Finally, the bill grants the U.S. president the authority to sign “executive agreements” which give foreign agents access to data in the U.S., regardless of U.S. privacy laws.
The EFF outlined how the bill might work in real time:
London investigators want the private Slack messages of a Londoner they suspect of bank fraud. The London police could go directly to Slack, a U.S. company, to request and collect those messages. The London police would not necessarily need prior judicial review for this request. The London police would not be required to notify U.S. law enforcement about this request. The London police would not need a probable cause warrant for this collection. Predictably, in this request, the London police might also collect Slack messages written by U.S. persons communicating with the Londoner suspected of bank fraud. Those messages could be read, stored, and potentially shared, all without the U.S. person knowing about it. Those messages, if shared with U.S. law enforcement, could be used to criminally charge the U.S. person in a U.S. court, even though a warrant was never issued.
What are the implications for digital privacy and security? How might the CLOUD Act impact privacy protections guaranteed by the 4th Amendment?