With the passage of the CLOUD Act, a quiet but drastic change in US legislation will diminish privacy for individuals around the world.
The CLOUD (Clarifying Lawful Overseas Use of Data) Act, widely ignored by news sources, brings profound changes to how countries share your private information. By understanding the significance of this new legislation you can take steps to protect yourself and be aware of the various impacts of The CLOUD Act on privacy now and in the future.
In this article we will explain:
- What the CLOUD Act is
- How it came into existence
- How to protect your data
What is the CLOUD Act?
Prior to March 24, 2018, U.S. law protected the information of users on US-based tech platforms, i.e. – the data of Facebook or Apple users around the world. The former process prohibited sharing of this personal data by big tech except for when required for specific cases and with a lengthy acquisition process.
How does the Cloud Act affect privacy?
The Act has two main parts. First, the legislation grants U.S. law enforcement more direct access to sensitive, personal information kept by US tech companies like Facebook, Microsoft, Google, Apple etc. This helps countries globally gain access to data on people around the world.
Governments outside of the United States have been looking for quicker ways to access data on their people. For example, China has passed laws forcing tech companies to move the data of their citizens to data centers within China.
Therefore, the CLOUD Act erodes privacy protections by allowing the transfer of private data from U.S. servers when requested by authorities in other countries.
Second, the international exchange and sharing of personal data just got much easier. Perhaps the most striking change within this legislation is that it allows for a global partnership in sharing the intimate personal data which has been compiled on individuals around the world.
To specify, the bill allows the U.S. President and leaders of other countries to enter into “executive agreements” where both governments can bypass any privacy laws in the name of obtaining users’ data stored within the other country.
A country that enters into one of these “executive agreements” with the U.S. President would allow the U.S. to potentially wiretap people located anywhere in the world (apart from U.S. citizens or people located within the U.S.).
This wiretap would happen without the safety protocols of U.S. law once given to data stored in the United States, like warrants, or notifying the U.S. government of the wiretap.
So to basically sum this all up, private data stored by US tech companies just got a lot more accessible to authorities all around the world.
Big tech pushes for CLOUD Act
Another alarming piece of the CLOUD act puzzle is that big tech companies are proponents of the CLOUD Act. They are not just passively complying with law changes, they are pushing for them. Here are some of the supporters.
This letter of support from the largest, most data-rich companies to US senators shows the guise of protection when it is clear this act does the opposite. Here is an excerpt:
The CLOUD Act encourages diplomatic dialogue, but also gives the technology sector two distinct statutory rights to protect consumers and resolve conflicts of law if they do arise. The legislation provides mechanisms to notify foreign governments when a legal request implicates their residents, and to initiate a direct legal challenge when necessary.
Our companies have long advocated for international agreements and global solutions to protect our customers and Internet users around the world. We have always stressed that dialogue and legislation – not litigation – is the best approach.
If enacted, the CLOUD Act would be notable progress to protect consumers’ rights and would reduce conflicts of law. We appreciate your leadership championing an effective legislative solution, and we support this compromise proposal.
With this support our data is even more accessible to various authorities and governments with divergent privacy laws.
So, now that you understand how and why the CLOUD Act is a complex privacy problem, what can you do to protect yourself?
How to protect your data
Above all, see this legal assault on privacy as further motivation to not depend on large US tech companies to store and backup your data. Instead, use alternative, secure storage options, perhaps located in privacy-friendly overseas jurisdictions.
Here are a few different secure cloud storage options:
You can also keep local, encrypted backups of anything that you really need, see Veracrypt for example.
It’s also good to remember that even if you aren’t actively using cloud storage, all of the big tech companies mentioned above are data collection monsters. Your data is being passively collected whenever you use their platforms. This is usually associated with your identity for targeted advertising, hence the need for a VPN service.
Clearly, we have little say in how data is regulated with these changing laws and practices. That being said, protecting your data with good encryption and other privacy tools will give you peace of mind amidst the continual erosion of privacy.