LegiStorm

Summary:

Law enforcement officials in the United States and abroad increasingly seek access to electronic communications, such as emails and social media posts, stored on servers and in data centers in foreign countries. B ecause the architecture of the i nternet all ows t echnology companies to store data at a great distance from the physical location of the ir customers , electronic communications that could serve as evidence of a crime often are not housed in the same country where the crime occurred. This disconnect h as caused governments around the world, including the United States, to seek data stored outside their territorial jurisdiction s . In the Clarifying Lawful Overseas Use of Data (CLOUD) Act, Congress enacted one of the first major changes in years to U.S. la w governing cross - border access to electronic communications held by private companies. The CLOUD Act has two major components. The first facet addresses the U.S. government ’s ability to compel technolog y companies to disclose the contents of electronic co mmunications stored on the companies’ servers and data centers overseas. The Stored Communications Act (SCA) mandates that certain technology companies disclose the contents of electronic communications pursuant to warrants issued by U.S. courts based on p robable cause that the communications contain evidence of a crime. But a dispute arose over whether warrants issued under the SCA c ould compel disclosure of data held outside the territorial ju risdiction of the United States . While the Supreme Court was se t to resolve this issue in United States v. Microsoft , the CLOUD Act amended the SCA to require that technology companies provide data in their possession, custody, or control in response to an SCA warrant — regardless of whether the data is located in the U nited States. On April 17, 2018, the Supreme Court ruled that the change in law mooted the Microsoft case. The second facet of the CLOUD Act address es the reciprocal issue of foreign governments’ ability to access data in the United States as part of their investigation and prosecution of crimes. Prior to the CLOUD Act, foreign nations seeking data in the United States were required to request the assistance of the U.S. government through either m utual l egal a ssistance t reaties (MLATs) or judicial instrumen ts known as letters rogatory. Requests under either instrument are reviewed by U.S. courts before disclosure to the foreign nation can be authorized, but U.S. and foreign officials criticized the processes as inefficient and unable to accommodate the incre asing number of data requests in the digital era. The CLOUD Act responds to calls for modernization by authorizing the executive branch to conclude a new form of international agreement through which select foreign governments can seek data directly from U .S. technology companies without individualized review by the U.S. government . Agreements authorized by the CLOUD Act would remove legal restrictions on certain foreign nations’ ability to seek data directly from U.S. providers in cases involving “serious crimes” when not targeting U.S. persons, provided the Executive has determined that the foreign nation’s law s adequately protect privacy and civil liberties, among other requirements. While t he CLOUD Act conditions approval of covered agreements upon a hos t of restrictions, commentators debate whether these agreements will provide adequate protections for privacy, human rights, and civil liberties.