Late March, President Trump signed the $1.3 trillion government spending bill, which included the CLOUD Act, and “which will erode privacy protections around the globe,” the Electronic Frontier Foundation reported.
The CLOUD Act, the Electronic Frontier Foundation says, was never viewed by the House of Representatives or Senate; “it was robbed of a stand-alone floor vote because Congressional leadership decided, behind closed doors, to attach this un-vetted, unrelated data bill to the $1.3 trillion government spending bill.”
According to the Electronic Frontier Foundation, now that it is signed into law, the CLOUD Act will:
- Enable foreign police to collect and wiretap people’s communications from U.S. companies, without obtaining a U.S. warrant.
- Allow foreign nations to demand personal data stored in the United States, without prior review by a judge.
- Allow the U.S. president to enter “executive agreements” that empower police in foreign nations that have weaker privacy laws than the United States to seize data in the United States while ignoring U.S. privacy laws.
- Allow foreign police to collect someone’s data without notifying them about it.
- Empower U.S. police to grab any data, regardless if it’s a U.S. person’s or not, no matter where it is stored.
What decision makers need to know:
In time of rapidly changing policies and net neutrality movements, it may serve decision makers well to keep tabs on what’s going on. On one hand, the CLOUD Act might trend towards deterring fraudulent behavior; for example, if an employee is sending private messages to another company or bank attempting to engage in fraud, and is caught, police would be able to collect those messages directly from his or her employer without a warrant and having to cut through other red tape to launch an investigation. Doing so might deter other employees from considering fraud or committing other crimes.
However, conversely, with law enforcement able to collect information without a warrant, and without informing the person or company of their steps to collect that data, users may feel that their privacy is violated, and that they are always under the watch of “big brother.” This might also be especially risky if collected messages and data are misinterpreted as fraudulent, for example, and in individual is mistakenly punished.
Decision makers might consider evaluating how their business or institution communicates with others, and double check that their workflows and end goals are met honestly. Increasing transparency here might help accomplish this. In the mean time, monitoring which laws are passed and what network issues are brought front and center can help companies and institutions prepare for future changes in their business processes.