US-based companies such as Facebook and Google have long complained that they face “untenable” pressures from foreign governments seeking data for their own law enforcement purposes. It’s true that the standard process foreign governments use to obtain communications stored in the US can be slow and cumbersome – but that’s because it’s designed to protect the rights of internet users everywhere.
Last week, a bipartisan group of US Senators introduced a bill that would ease companies’ legal headaches when they receive a foreign demand for communications they currently can’t disclose without breaking US law. However, these changes would come at the expense of privacy and other rights for people both in the US and elsewhere.
Today, when foreign law enforcement authorities want to obtain communications held in the US, they must ask the US Justice Department, which must then get a warrant from a court based on evidence that a crime has been or will be committed. This process protects rights and prevents foreign governments from simply ordering the companies – possibly unjustifiably – to turn over private data.
The CLOUD Act would remove these safeguards by allowing the US executive branch to designate a foreign government as one that generally protects certain human rights and is therefore entitled to get communications directly from the companies. It’s good that the law acknowledges the importance of human rights, but the new process would gut existing protections. Countries demanding users’ communications would not need to prove their specific orders were lawful and necessary, leaving open the possibility of abuse. It is also easy to imagine the US government placing an abusive ally on its list of “approved” countries for political reasons.
When ordering tech companies to disclose data under this law, foreign governments could easily wind up gathering communications to or from people in the US. Those governments would then be able to share these e-mails, chats, and other private correspondence with the US authorities – enabling the US government to do an end-run around the US Constitution’s warrant requirement.
Even more insidiously, the bill embraces a distinction between “United States persons” – US citizens and green card holders – and other people in the US. This suggests its drafters believe temporary visa holders and visitors have fewer constitutional protections than others in the criminal justice context – an alarming distinction, since everyone in the US has the same constitutional and human rights where criminal investigation or prosecution is concerned.
The companies are cheering this bill on because it would make life easier for them, but overwhelmingly, it is bad news for people everywhere. The solution lies in better support for the current rights-protecting processes – not the elimination of important safeguards against excessive grabs by data-hungry governments.
