President Trump signed the CLOUD Act into law on March 23, 2018, after the act passed through Congress – without a hearing or even a committee review – attached to an omnibus spending bill. As the CLOUD Act has significant implications for data security, privacy, and law enforcement capabilities in cyberspace, today we are adding the full text of the legislation to the Cyber Vault.
Among other implications, the CLOUD Act may render moot any decisions in the case of USA v. Microsoft Corporation concerning a search warrant for a Microsoft-maintained email account on a server in Ireland.
Read the Document
This act allows U.S. law enforcement to serve warrants or subpoenas on server-stored data regardless of the physical location of the servers, as long as the service provider is based in the United States. It also allows (among other provisions) for "executive agreements" that would give foreign governments the right to access data in the United States without regard for U.S. privacy laws, without informing those involved - and without judicial review. The law is supported by technology companies and service providers and opposed by advocates for privacy and human rights.