With the passage of the CLOUD Act, a quiet but drastic change in US legislation will diminish privacy for individuals around the world.
The CLOUD (Clarifying Lawful Overseas Use of Data) Act, widely ignored by news sources, brings profound changes to how countries share your private information. By understanding the significance of this new legislation you can take steps to protect yourself and be aware of the various impacts of The CLOUD Act on privacy now and in the future.
In this article we will explain:
- What the CLOUD Act is
- How it came into existence
- How to protect your data
What is the CLOUD Act?
Prior to March 24, 2018, U.S. law protected the information of users on US-based tech platforms, i.e. – the data of Facebook or Apple users around the world. The former process prohibited sharing of this personal data by big tech except for when required for specific cases and with a lengthy acquisition process.
How does the Cloud Act affect privacy?
The Act has two main parts. First, the legislation grants U.S. law enforcement more direct access to sensitive, personal information kept by US tech companies like Facebook, Microsoft, Google, Apple etc. This helps countries globally gain access to data on people around the world.
Governments outside of the United States have been looking for quicker ways to access data on their people. For example, China has passed laws forcing tech companies to move the data of their citizens to data centers within China.
Therefore, the CLOUD Act erodes privacy protections by allowing the transfer of private data from U.S. servers when requested by authorities in other countries.
Second, the international exchange and sharing of personal data just got much easier. Perhaps the most striking change within this legislation is that it allows for a global partnership in sharing the intimate personal data which has been compiled on individuals around the world.
To specify, the bill allows the U.S. President and leaders of other countries to enter into “executive agreements” where both governments can bypass any privacy laws in the name of obtaining users’ data stored within the other country.
A country that enters into one of these “executive agreements” with the U.S. President would allow the U.S. to potentially wiretap people located anywhere in the world (apart from U.S. citizens or people located within the U.S.).
This wiretap would happen without the safety protocols of U.S. law once given to data stored in the United States, like warrants, or notifying the U.S. government of the wiretap.
So to basically sum this all up, private data stored by US tech companies just got a lot more accessible to authorities all around the world.
Big tech pushes for CLOUD Act
Another alarming piece of the CLOUD act puzzle is that big tech companies are proponents of the CLOUD Act. They are not just passively complying with law changes, they are pushing for them. Here are some of the supporters.
This letter of support from the largest, most data-rich companies to US senators shows the guise of protection when it is clear this act does the opposite. Here is an excerpt:
The CLOUD Act encourages diplomatic dialogue, but also gives the technology sector two distinct statutory rights to protect consumers and resolve conflicts of law if they do arise. The legislation provides mechanisms to notify foreign governments when a legal request implicates their residents, and to initiate a direct legal challenge when necessary.
Our companies have long advocated for international agreements and global solutions to protect our customers and Internet users around the world. We have always stressed that dialogue and legislation – not litigation – is the best approach.
If enacted, the CLOUD Act would be notable progress to protect consumers’ rights and would reduce conflicts of law. We appreciate your leadership championing an effective legislative solution, and we support this compromise proposal.
Sincerely,
Apple
Microsoft
Oath
With this support our data is even more accessible to various authorities and governments with divergent privacy laws.
So, now that you understand how and why the CLOUD Act is a complex privacy problem, what can you do to protect yourself?
How to protect your data
Above all, see this legal assault on privacy as further motivation to not depend on large US tech companies to store and backup your data. Instead, use alternative, secure storage options, perhaps located in privacy-friendly overseas jurisdictions.
Here are a few different secure cloud storage options:
You can also keep local, encrypted backups of anything that you really need, see Veracrypt for example.
It’s also good to remember that even if you aren’t actively using cloud storage, all of the big tech companies mentioned above are data collection monsters. Your data is being passively collected whenever you use their platforms. This is usually associated with your identity for targeted advertising, hence the need for a good VPN service.
Clearly, we have little say in how data is regulated with these changing laws and practices. That being said, protecting your data with good encryption and other privacy tools will give you peace of mind amidst the continual erosion of privacy.
What about using a service like Boxcryptor that completely encrypts your data on the cloud storage of your choice?
[https://www.boxcryptor.com/en/]
i think i am more concerned about how to clear your tracks and fingerprints from one’s past life of not knowing the truth about this hypocrisy .
How do you clear all your internet tracks including search name on google?
Please share ideas on this.
This is a tough topic with many different answers. There are some data broker sites, such as MyLife, which you can contact directly and demand that your data be removed from search engines. I’m planning on writing a guide on this topic.
DeleteMe from Abine claims this.
DeleteMe Removes Your Personal Information From Data Brokers.
For 8 years running, DeleteMe is the most trusted information removal service.
DeleteMe removes your personal information like name, address, age, phone number, email address, and photos of your home from leading data broker sites. Removing personal information from data broker websites reduces your online footprint, and removes Google search results.
https://joindeleteme.com/
So you pay this company $129 a year (subscription) to prevent companies from abusing your privacy and publishing your personal details online. Interesting.
Hi Sven, as @jnahs only wanted shared ideas. Seemed they were desperate for some kind of answers, so I tossed one up – as you did.
Anything in life that’s worthwhile comes at costs, we know free offerings comes at a loss of privacy and your cost by the data generated by it’s use is pooled into a data base on you.
–
I agree that a subscription for $129 a year or $209 for a two year subscription (1 Person) is steep for most people. Maybe required to keep one’s info from repopulating the web?
I’d guess then it would boil down to the regained privacy of the individual, with regards to their job (present-future) title, social – economic status, younger self exploits to the aged self, etc…
It does give a guarantee – The DeleteMe platform removes your information from the top data broker sites and keeps it off year round.
100% Satisfaction Guaranteed
– One question I’d get an understanding of before any purchase, is how Abine/DeleteMe handles sites (if at all) that make digital archives of the World Wide Web available of the past to the future?
It also offers a DeleteMe solution for businesses large and small. https://joindeleteme.com/business-privacy/
–
Then Abine offers a DeleteMe – DIY help section for people wanting to pursue this route on their own.
https://joindeleteme.com/help/diy-free-opt-out-guide/
A blog Sven, as yourself may find helpful for your future article/guide relating about removing one’s personal data from the web.
https://joindeleteme.com/blog/
Thank you, Sir
Here’s 3 more for you Sven.
https://joindeleteme.com/blog/why-renew-deleteme/
https://joindeleteme.com/blog/how-to-delete-things-from-internet/
https://joindeleteme.com/blog/mugshots-owners-arrested-privacy/
DHS wants to monitor every journalist, blogger, publication, website, and social media influencer
https://stonecoldtruth.com/the-dhs-is-gearing-up-to-spy-on-you/
A New Backdoor Around the Fourth Amendment
https://www.eff.org/deeplinks/2018/03/responsibility-deflected-cloud-act-passes
https://www.eff.org/deeplinks/2018/03/new-backdoor-around-fourth-amendment-cloud-act
Hi Guest, yes the DHS media monitoring issue is alarming. Olivia wrote about that recently here.
What are your thoughts on sync.com? Tresorit seemed great but a lot of quirks. So far sync.com seems cheaper and faster.
I have not used it myself, but it looks good.
No issue that it’s located in a five eyes country? (Canada)
Well I guess that depends on your threat level and what you are storing. It all depends on the person.
Thanks Sven! Have been following and reading your blogs, nice work u are doing man. Am planning my career on becoming a programmer on hardware and software development with artificial intelligence and security, I have always been concern with the way data is being used and have been searching the internet intensively for ways to be secure. That got me into your website. I think that there suppose to be a legal body that fight or makes laws that protect people online all over the world. Am still a student learning quietly on the internet, hope to find resources that will help me actualize my dreams. Thanks
Hi Storm. Thanks for your comment and good luck on your journey.