For decades, U.S. policies on international data sharing have balanced privacy, principles of comity (respect for the jurisdiction of other countries), and respect for Congress’ power to regulate foreign affairs. Foreign countries seeking data held by U.S. companies generally must follow a process laid out in Mutual Legal Assistance Treaties, or MLATs, which are agreements between governments that facilitate cooperation in investigations. Increasingly, however, countries have complained that the MLAT process in the U.S. is slow and that it allows the U.S. government to act as a gatekeeper when other governments seek electronic data, since the majority of major internet providers are located here.
A new bill, the CLOUD Act, seeks to provide an avenue for certain governments to circumvent the MLAT process. The legislation has been justified by arguments that the MLAT system is laborious, time-consuming, and ill-suited to contend with increasing demands.
Support for this measure has come from several quarters: the U.S. Department of Justice, which is eager to ensure that American law enforcement can access data stored abroad without going through the MLAT process and which stands to benefit from access to more data stored abroad; foreign governments, which are frustrated with the time-consuming nature of the MLAT process, want expanded wiretapping capabilities, and often object to being forced to comply with U.S. legal standards; and some technology providers that are increasingly pressured to turn over data to foreign governments but are foreclosed from doing so outside of the MLAT process under current law.
However, the alternative it proposes eliminates important privacy and human rights protections and undermines congressional authority in the process. Despite the pressure from companies and law enforcement to pass this measure, Congress must reject the proposal is in its current form.
Read the full post at Just Security.