(CN) – With a pleasant-sounding name and acronym, the CLOUD Act stands for Clarifying Lawful Overseas Use of Data, but human rights groups take a far less sunny view of the bill than the tech giants pushing for its passage through Congress.
Possibly heading to Capitol Hill next week, Microsoft, Google, Apple and Facebook have lined up behind the legislation that overhauls how tech companies share data with foreign governments without notification or oversight.
Amnesty International’s U.S. director Naureen Shah depicted the legislation as a dystopic threat to human rights and press freedom globally while explaining her “grave misgivings” with the bill.
“The CLOUD Act jeopardizes the lives and safety of thousands of human rights defenders around the world at a time when they face unprecedented threats, intimidation and persecution, as we have documented in recent years,” Shah told reporters at a press conference on Thursday.
The CLOUD Act’s proponents and critics agree that the bill arose from the need to plug a gap in domestic and international law.
For decades, foreign governments requesting information from a U.S. company would have to work through diplomatic procedures known as MLATs, short for mutual legal assistance treaties.
“This process – from a privacy and human rights standpoint – is fairly rights-respecting,” the American Civil Liberties Union’s counsel Neema Singh Guliani said at a press conference from Washington.
For U.S. and foreign prosecutors, the MLAT process is cumbersome and gives the targets of criminal investigations cover to hide incriminating data in servers abroad.
This controversy came to a head in 2013, when New York federal prosecutors sought to circumvent the process to obtain emails of a target of a drug-trafficking investigation held on Microsoft’s servers in Dublin, Ireland. Microsoft went to court to protect the privacy of its users, waging a protracted legal battle currently pending before the U.S. Supreme Court.
Perhaps unwilling to gamble on Supreme Court victory, Microsoft and other companies have backed the CLOUD Act as an alternative.
“One of the things the bill would do is that it would moot the Microsoft Ireland case,” the ACLU’s Guliani noted.
For rights groups, however, Congress’ solution would be worse than the problem. The CLOUD Act lets countries that pass unspecified vetting of their human rights records bypass real-time government scrutiny and work directly with tech companies for information requests.
“We’re essentially relying on tech companies to be a kind of failsafe,” Shah told reporters.
Once a foreign government is safe-listed, Shah said, that nation can freely request information held by tech companies without congressional oversight for any particular request for five years.
That remains true even if a foreign government’s human rights record undergoes a dramatic decline during those years, as happened in Turkey over the last half decade.
“That’s a problem because we see governments around the world in a human rights freefall,” Shah noted.
Amnesty International has unique insight into that danger: The Turkish government jailed its Turkey chair Taner Kilic in an ongoing crackdown on journalists, human rights workers and other critical voices that country has targeted in the wake of a coup attempt against its President Recep Tayyip Erdogan.
“If you had looked at Turkey in 2012 or 2013, and matched it against the criteria in this bill, Turkey might have passed muster,” Shah said. “Of course, we know that especially since the coup in mid-2016, Turkey has become the world’s largest jailer of journalists.”
“More than 50,000 people at this point in Turkey have been swept up in their crackdown, including the chair and the director of Amnesty International, who were held, one of whom remains in prison, both of whom are being charged with terrorism offenses,” she added.
Under the CLOUD Act, Shah said, Congress would not be able to intervene if a safe-listed nation followed Turkey’s path.
Should that system fail, it is unclear that either the target of a foreign government’s investigation or the U.S. government would even know it.
The CLOUD Act offers the promise of subjecting governments to compliance reviews, but Guliani, the ACLU’s counsel, called this measure meaningless without individualized notice to users or the federal government.
“How can there be real compliance reviews if the U.S. government isn’t getting notice of individual requests?” she asked.
Guliani added that the CLOUD Act would also enable other governments to circumvent Wiretap Act restrictions against real-time interception.
Opposition from civil society groups has kicked into high gear out of fears that the CLOUD Act may get attached to an omnibus budget bill heading next week to Congress.
Joining the ACLU and Amnesty International, a coalition of 22 other groups signed a letter to elected representatives last week stating: “We urge you to oppose the CLOUD Act, and efforts to attach it to other pieces of legislation.”
As the omnibus budget has not yet been released, it is unclear whether that fear will come to pass.