European criticism of new US Cloud Act mounts

[Matrix]

Europeans worry that Washington's effort to gain access to data stored abroad runs counter to its own more stringent privacy legislation.

Evidence. Source: Reuters

Europeans are struggling with how best to respond to a new US law known as the Cloud Act that permits American law enforcement officials to demand that online companies turn over data stored on computer servers outside the United States.

The Cloud Act, which stands for Clarifying Lawful Overseas Use of Data Act, was passed by the US congress and signed into law last month after Microsoft refused to turn over information stored overseas to the Federal Bureau of Investigation.

Civil libertarians criticized the prospect of US law enforcement being able to comb through records on Facebook and Twitter stored in overseas databases. The law stands in stark contrast to the European Union’s new General Data Protection Regulation (GDPR), which takes effect May 1. The GDPR essentially gives everyone in the European Union control of their personal data, even when stored in the US, and gives them the right to demand information about them be deleted.

 

“The Cloud Act comes at the expense of privacy”

Johannes Casper, Hamburg's commissioner for data protection

Johannes Caspar, the city of Hamburg’s commissioner for data protection and freedom of information, attacked the US legislation as a breach of European rules. The Cloud Act “is a law at the expense of privacy and the fundamental right to data protection, with potentially global proportions,” Mr. Caspar said.

Authorities in Brussels have also responded by proposing their own version of the CLOUD Act, which is called the E-Evidence Directive, requiring overseas companies like Facebook to appoint a legal representative in the EU who can be served with papers in criminal and terrorism investigations to provide access to data stored outside the EU.

The business community has adopted a cautious response to the Cloud Act. “Companies are trying to figure out the new regulations,” said Susanne Dehmel, member of the executive board for law and security at German computer industry association Bitcom. She said it is important to balance privacy with legitimate security interests.

So far, the German government hasn’t expressed an opinion on either the Cloud Act or the E-Evidence rules. But Manuel Höferlin, digital policy spokesman for the libertarian Free Democratic Party, said passivity toward the Cloud Act is unacceptable. “The European Commission should not allow these access options and act against it,” he said. “The federal government must act more strongly than before.”

German security sources told Handelsblatt that criminal and terrorism investigations need to take precedence over data protection concerns in the EU. If data is stored worldwide, a prosecutor should be able to access that information, they said.

source

[humble3d]

CONFIRMED THE NAZI-FASCISTS HAVE CAPTURED THE WORLD...

 

Supreme Court Warrants Privacy Cybersecurity Searches

 

Supreme Court Punts on Data Privacy Case, Thanks to the Terrible CLOUD Act

Lawmakers passed a bill requiring American firms to comply with warrants for data stored overseas, ending a legal fight.

 

Thanks to a broad new law granting the feds access to American data stored in foreign countries, the Supreme Court just punted a case that was supposed to address the question.

 

In United States v. Microsoft, federal drug-trafficking investigators were trying to force Microsoft to comply with a warrant demanding access to a customer's emails and other private data.

 

But the data they wanted were stored on a server in Ireland.

 

Microsoft fought the warrant, arguing that the government's demands couldn't reach that far under the Stored Communications Act.

 

The Supreme Court agreed to take on the case last fall and heard arguments in February.

 

But in March, legislation buried deep in the federal omnibus spending bill granted the feds access to data and communications from Americans being held on servers in foreign countries.

 

So today the Supreme Court ruled that the case was moot and kicked it back down to the lower courts for dismissal.

 

That bill, the Clarifying Lawful Overseas Use of Data (CLOUD) Act, did not get much attention outside of privacy and civil liberties quarters.

 

The CLOUD Act not only gives the feds access to Americans' data being held overseas, but also allows other countries to demand access to their citizens' private data when it's stored here in America.

 

The American Civil Liberties Union warned that poor and limited oversight of the cooperation system could have significant human rights consequences in countries with despotic leaders:

 

The bill would give the attorney general and the secretary of State the authority to enter into data exchange agreements with foreign governments without congressional approval.

 

The country they enter into agreements with need not meet strict human rights standards—the bill only stipulates that the executive branch consider as a factor whether a government "demonstrates respect" for human rights and is similarly vague as to what practices would exclude a particular country from consideration.

 

In addition, the bill requires that countries adopt procedures to protect Americans' information, but provides little specificity as to what these standards must include.

 

 Moreover, it would allow countries to wiretap on U.S. soil for the first time, including conversations that foreign targets may have with people in the U.S., without complying with Wiretap Act requirements.

 

But none of that was connected to the case the Supreme Court was considering.

 

They were just examining the limits of what the feds could request.

 

The CLOUD Act was passed specifically for the purpose of making it clear that the feds could demand American tech companies pass along data no matter where it was stored.

 

So the case is indeed moot, even if the underlying concerns and fears are still very relevant.

 

http://reason.com/blog/2018/04/17/expansion-of-authority-of-feds-to-demand