Congress Enacts CLOUD act through Omnibus Spending Bill

In the early morning hours of Friday March 23, the United States congress passed a $1.3 trillion dollar spending bill allowing the government to spend money through September 2018. The bill passed 65-32 in the senate, averting a potential government shutdown and funding the government through September 30.

This omnibus bill (like many other historical omnibus bills) contains a lot of new legislation, and we’re just starting to learn about some of the impacts of this new legislation now. Specifically, there are some provisions in this new bill that impact the way that we all use technology.

One new provision of the omnibus spending bill is the CLOUD Act. The CLOUD act has never had a single hearing, never had its own vote on the floor of congress and was never even marked up by our legislators. So what is it?

Essentially, the CLOUD Act is a surveillance bill that allows the US and foreign governments to obtain online data directly from service providers like Microsoft, Google or Facebook; but also from service providers who host core enterprise data – like Electronic Health Records, etc., without a warrant. It allows the US to obtain data from servers in foreign countries without complying with those countries’ laws, and allows the president to make agreements with foreign nations that allow those countries to grab data stored in the US without a warrant—as long as that data pertains to a non-US individual. As we’ve seen with NSA surveillance in the past, however, our data is so intertwined that it’s impossible to separate the data of non targets from those who are subject to targeted surveillance. The Electronic Frontier Foundation calls this act a “backdoor around our 4th amendment protections to communication privacy.”

Further details about the impact of the CLOUD act can be found on the EFF website.