This post was originally published on March 31, 2018.
With a news cycle dominated by the White House’s escapades and upcoming midterm elections, stories that should take center stage might be ignored. Such is the case with a devastating anti-privacy act that was secretly passed by Congress late last week.
Tucked discreetly amid the 2,232-page government spending bill is a small provision that promises catastrophic consequences. Known as the CLOUD Act (Clarifying Lawful Overseas Use of Data), this legislature reverses any incremental progress governments have taken toward global privacy over the last few years.
Passed without any votes, public hearings, or even a single discussion, this act single-handedly reshapes the world’s privacy regulations—and not for the better.
What is the CLOUD Act?
Under the CLOUD Act, the U.S. government (as well as governments abroad) are given more freedom to collect, store, and use your private information against you.
The bill changes data collection in two ways: First, it gives authorities (law enforcement, immigration, local police, etc.) more freedom to access a person’s private data regardless of where they’re from or where they live. Second, it grants the U.S. President the ability to set up ‘‘Executive Agreements’ with over governmental bodies, giving both parties the opportunity to access the other’s data without having to adhere to said country’s privacy laws.
Before, authorities would need to send a formal request to the U.S. government before they could access your data, but now they can simply go to the Attorney General, the State Department, or even the President for immediate and unrestricted access.
Even moving past the startling ability authorities will now have to collect, analyze, store, and do whatever else they want with your data, think about all the incidental collection that’s sure to go along with it. These officials won’t just be collecting data on you; they’ll be scooping up information on those around you as well.
Let’s say a Swedish authority is given access to your Twitter account. When they scoop up your personal information, they’ll coincidentally be able to gain information on your followers, retweets, likes, etc. That’s hundreds of thousands of potential privacy implications that are simply ignored in this bill.
By giving both national and international authorities carte blanche when it comes to collecting your data, the CLOUD ACT is about to open a can of worms.
How the CLOUD Act affects you
Here’s the conundrum: because the CLOUD Act was snuck inside the government’s $2 trillion omnibus spending bill, there was no time to debate or vote on the act. Congress was so eager to pass the former that it had no time to check the latter. It’s incredibly careless to pass an act without first having an open debate, but it’s here, and it’s about to signal a dark time for privacy.
Senator Orrin Hatch, one of the bill’s co-sponsors and someone who probably doesn’t know how to update his Internet Explorer web browser, was quoted as saying:
The CLOUD Act bridges the divide that sometimes exists between law enforcement and the tech sector by giving law enforcement the tools it needs to access data throughout the world while at the same time creating a commonsense framework to encourage international cooperation to resolve conflicts of law.
It also effectively shuts down a pivotal Supreme Court case where Microsoft has spent the last four years arguing why it shouldn’t be forced to release private data stored on a UK server to U.S. authorities. With this case straddling to set a legal precedent, the ruling could very well affect every other privacy case in the future.
Now more than ever, you need to protect your right to privacy
While this type of legislation isn’t new, it’s the first time it’s been done on this scale, and the fact that it was passed so secretly makes it even more alarming. Already, privacy advocates have been quick to voice their concern.
The CLOUD Act passed. It destroys privacy globally, so it had to be snuck into the $1.3 trillion omnibus without debate.
Encrypt. Encrypt. Encrypt. Go Dark.
When privacy is criminalized, only criminals have privacy. We got sold out, again. pic.twitter.com/Ms5bm1opBo
— Andreas (BEWARE of giveaway scams!) (@aantonop) March 23, 2018
The EFF isn’t pulling any punches, either. In a recent online statement, the foundation chastised the new requirements (or lack thereof), stating, “This bill has large privacy implications both in the U.S. and abroad. It was never given the attention it deserved in Congress.”
It’s an incredible tightrope Congress is currently walking, and it would help if people who actually knew something about digital privacy were involved in the drafting of the bill. When it comes down to it, the CLOUD Act is the government’s way of saying it values national security over personal privacy.
The argument as to whether you have nothing to hide is over. Your personal data is vulnerable, but you can fight back. Keep your VPN on, avoid posting personal information on social media sites (or delete them entirely), and remember to make your voice heard.
The EFF is vocally opposing the new bill. Join them in their fight.