WASHINGTON—The Information Technology and Innovation Foundation (ITIF), the world’s top-ranked science and tech policy think tank, today released the following statement from Daniel Castro, ITIF Vice President, on the introduction of the Clarifying Lawful Overseas Use of Data (CLOUD) Act of 2018 by Senators Orrin Hatch (R-UT), Chris Coons (D-DE), Lindsey Graham (R-SC), and Sheldon Whitehouse (D-RI):
The rules on how law enforcement can access data stored abroad are a mess. U.S. businesses are caught between contradictory policies that, at home, demand they turn over data to the government, and abroad, prohibit such disclosures. These policies hurt U.S. competitiveness by encouraging foreign customers to store their data with non-U.S. providers or insist that U.S. companies store data abroad. Moreover, these policies are antiquated and hamstring law enforcement as they attempt to investigate crimes and terrorism in a digital era.
The CLOUD Act is a welcome compromise to reforming the current system that would address these problems while protecting consumer privacy, enhancing the capabilities of law enforcement, and preserving international comity. The legislation would authorize the U.S. government to form reciprocal data-sharing agreements with other countries, giving them an incentive to remove barriers to sharing data with U.S. law enforcement. It would also create a statutory right for companies to challenge data requests from law enforcement that conflict with other nations’ laws.
However, the bill is not perfect. The CLOUD Act would extend the reach of U.S. warrants and legal processes to data stored overseas. If the U.S. government exerts extra-territorial authority over data, it will have little standing to push back when other nations, such as Russia, China, or Turkey, attempt to do the same. This would put multinational companies in an impossible situation. A better approach is to continue the hard work of establishing international legal standards for resolving conflicts when multiple countries have jurisdiction over data.
It is time for Congress to take up this important issue and clarify how law enforcement agencies can access data outside U.S. borders. As Congress moves to take up this legislation, we look forward to working with Members of Congress on these important issues.
For more details on ITIF’s proposed reforms, see: How Law Enforcement Should Access Data Across Borders (July 2017).