"The bill starts by giving the executive branch dramatically more power than it has today. It would allow Attorney General Sessions to enter into agreements with foreign governments that bypass current law, without any approval from Congress. Under these agreements, foreign governments would be able to get emails and other electronic information without any additional scrutiny by a U.S. judge or official. And, while the attorney general would need to consider a country’s human rights record, he is not prohibited from entering into an agreement with a country that has committed human rights abuses."
"That level of discretion alone is concerning. Even more, however, the bill would for the first time allow these foreign governments to wiretap in the U.S. — even in cases where they do not meet Wiretap Act standards. Paradoxically, that would give foreign governments the power to engage in surveillance — which could sweep in the information of Americans communicating with foreigners — that the U.S. itself would not be able to engage in. The bill also provides broad discretion to funnel this information back to the U.S., circumventing the Fourth Amendment. This information could potentially be used by the U.S. to engage in a variety of law enforcement actions."
I do wonder if they are being slightly coy here in their analysis. This isn't at all paradoxical, unless you are giving the players some serious benefit of the doubt.
Bruce Schneier put it best: "It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics." It's become very clear that we can't trust these people with our privacy - we need technological solutions that don't give them the option.
(1) Timely access to electronic data held by communications-service providers is an essential component of government efforts to protect public safety and combat serious crime, including terrorism.
(2) Such efforts by the United States Government are being impeded by the inability to access data stored outside the United States that is in the custody, control, or possession of communications-service providers that are subject to jurisdiction of the United States.
(3) Foreign governments also increasingly seek access to electronic data held by communications-service providers in the United States for the purpose of combating serious crime.
(4) Communications-service providers face potential conflicting legal obligations when a foreign government orders production of electronic data that United States law may prohibit providers from disclosing.
(5) Foreign law may create similarly conflicting legal obligations when chapter 121 of title 18, United States Code (commonly known as the “Stored Communications Act”), requires disclosure of electronic data that foreign law prohibits communications-service providers from disclosing.
(6) International agreements provide a mechanism for resolving these potential conflicting legal obligations where the United States and the relevant foreign government share a common commitment to the rule of law and the protection of privacy and civil liberties.
It's not uncommon for the intent component of laws to be substantially different than the effects of the actual text. Sometimes because writing laws about complex topics like computer access is difficult, sometimes because the law has some effects Congress would rather not publicly announce. And since the text of the law takes precedence over this sort of statement in court, it doesn't necessarily offer any information as to what changes might actually happen.
Notably, laws like this almost always end up applying far beyond their envisioned scope simply because the landscape changes so fast. The intent of the DMCA or CFAA is substantially irrelevant when major legal cases end up hanging on technicalities in their wording.
I feel like I’m looking at the output of the legal equivalent of “git show” when I tried to read the senate document - first, the commit comment (which does nothing, but does describe intent and list the author), followed by diff style patch script.
Because Congress' intentions are taken into account only after the actual text, and most of the time not at all (or they would have written their intentions clearly within the enforceable provisions.)
This ACLU post is less than intellectually honest in dancing around a crucial detail: that this law does not apply to the data of US persons (citizens and residents). It's still reasonable to oppose the bill, but why the deception?
I'm still pretty convinced the CLOUD act is a disaster but the Lawfare article makes some persuasive points:
* There already is foreign access to US data about non-citizens under the MLA process, which is slow but has very few safeguards or privacy controls, unlike this new proposed process.
* In the absence of sustainable process, there's good evidence that foreign governments are simply going to require data localization, which completely eliminates any safeguards and also potentially puts some US citizen data at risk.
* If DOJ wins at SCOTUS in the Microsoft Ireland case, the US government will get access to foreign-server data without any of the safeguards in the CLOUD act. If CLOUD passes, it moots the SCOTUS case.
But the idea that this DOJ, in this administration, could ink a deal with any country in the world --- on its own recognizance --- to give them access to data on US servers? If you can't imagine providing that access for this administration, you shouldn't imagine doing so for any future administration either.
MLAT is slower, but in combination with ECPA, requires a U.S. judge to sign off on an order to obtain data within the U.S., and other countries get the chance to run U.S. requests through their domestic judicial process too.
The CLOUD Act would bypass that to allow the entire request process to run through the executive of each country, removing judicial review.
What the CLOUD Act has is a set of promises, and no oversight. What we have right now is oversight, which is slow because it's insufficiently funded. You can speed up the MLAT process, an internationally agreed standard that protects local processes. You can't see inside the CLOUD Act to see whether its processes are working.
(To give an example of this: we still don't know the other half of the CLOUD Act, which is the UK/US draft agreement on data-sharing. A lot of the promises of privacy and security rely on what this says. Why can't Congress, Parliament, and the British and American public see this before making a decision to switch? Maybe we can see that proposal, and then wait to see what the SCOTUS actually decides in the Microsoft Ireland case, before throwing out the entire current system?
On the executive branch overreach portion it appears congress has some review authority. I am fine with the president being able to preform some actions, but I am always a fan of having their be public or at least congressional visibility and accountability.
And what of the Judicial branch? The bill is trying to ban it from reviewing executive branch actions. The actions of both the legislative and executive branches are subject to the highest law in the land. This bill represents a fundamental attempt to bypass the highest law in the land: The Constitution of the United States of America. The judicial branch enforces a check and balance against illegal acts by the other branches.
So why is this line in here:
“(c) Limitation on judicial review.—A determination or certification made by the Attorney General under subsection (b) shall not be subject to judicial or administrative review.
So why are they attempting to claim their assertions of compliance with the highest law in the land is not subject to judicial review?
That's not how the Constitution works. There's a history of statutes that restrict judicial review over rulemaking. Statutes can say that to clarify the intent of Congress in delegating authority to the executive. To the extent that it's reasonable for them to delegate without review --- where "reasonable" means "the courts agree --- SCOTUS has upheld them.
A law that actually foreclosed on a Constitutional power of an Article III court would simply be held unconstitutional.
This "controversy" strikes me as similar to the routine controversies of Presidential executive orders "making new laws", which, of course, they cannot in general do, but people think they can because it sounds like they can.
It ends the Wiretap Act for all foreign powers at the pleasure of the President. It will try to end privacy afforded by the 4th Amendment. It will try to prevent Judicial review of Executive branch acts.
Its situations like this that remind me to be thankful that the authors of our constitution, with all their foibles and errors, set up difficult-to-remove constraints on government overreach. It's hard to say just how many times we've been saved by the protections against unreasonable searches and seizures.
On another note, I'm confused by the very existence of "Fight for the Future". They seem to exist in the exact same space as the EFF, and given that the EFF has been doing an excellent job for a long time now, it's hard not to suspect their motives. That's just conjecture, of course.
I'm always skeptical of governments who want to restrict rights/freedoms of all in the name of safety from the few. Sounds more like a power grab by the power hungry.
Has anyone seen an articulate defense of this legislation?
I can clearly understand the opposition, but I am having trouble figuring what is driving the introduction of the bill in the first place. I do not want to fully judge it until I understand what the other side is thinking.
Note that they've forbidden judicial review. The disclosure merely has to be promised by Trump's subordinates that it doesn't violate your constitutional rights and the Judicial Branch is banned from reviewing it? Unconstitutional attempt to remove the Judicial branch from reviewing illegal acts of Congress and illegal acts by the Executive branch and thus an illegal law.
Are the "executive agreements" actually treaties and can Congress abandon its Constitutional duty to review and approve treaties? I say yes and no, thus Unconstitutional and thus an illegal law.
The constitutional powers of the Supreme Court are widely known to be somewhat limited. Congress can and has repeatedly limited the supreme court's and lower courts' ability to review laws. Under the US constitution, "In all cases affecting ambassadors, other public ministers and consuls, and those in which a state shall be party, the Supreme Court shall have original jurisdiction" and "In all other Cases before mentioned, the Supreme Court shall have appellate Jurisdiction, both as to Law and Fact, with such Exceptions, and under such Regulations as the Congress shall make."
It is generally accepted that Congress could theoretically prevent the Supreme Court from hearing all other cases, so long as a different court could hear the case so that there is judicial review.
https://en.wikipedia.org/wiki/Jurisdiction_stripping
Which would be unsurprising. The overall aim seems to be to reduce the legal considerations US companies need to make when responding to foreign government data requests.
The ACLU's warning makes far more sense, and if something about the CLOUD act is going to be on the front page, it should be their article:
https://www.aclu.org/blog/privacy-technology/internet-privac...