Harmonizing the Cloud

Recently, the U.S. Supreme Court heard oral arguments in the case of United States vs. Microsoft. In the case, the federal government has demanded that Microsoft turn over a suspect’s data that is stored in Ireland. In essence, the U.S. is trying to exact extraterritorial reach for evidence. The case has attracted much attention due to increasingly unclear legal standards for law enforcement access to electronic data stored overseas.

The inter-connected system of networks enables us to share data across local, state and national jurisdictions in the blink of an eye. When law enforcement has a warrant for data stored in another country, a difficult legal situation arises.

Current laws complicate the legitimate interests of law-enforcement agencies and fail to consider the interests of foreign governments and their citizens. This uncertainty can undermine trust in the services provided by U.S. internet companies, preventing greater international harmonization of privacy, due process and civil rights.

Conflicts like those demonstrated in United States v. Microsoft can leave service providers trapped – either violating a foreign law by not complying with a legal order to disclose data, or an American law designed to prevent such disclosure without proper process.

There is a solution: the Clarifying Lawful Overseas Use of Data Act.

The CLOUD Act clarifies the legal morass and improves civil rights reforms by demanding foreign countries needing access to data stored on American soil to adhere to a high standard of privacy and civil-rights requirements.

To obtain such permissive access to this data, countries must first sign a bilateral agreement with the U.S., in which they must demonstrate compliance with a number of civil-rights requirements. These include guarantees that a government demonstrates respect for the rule of law, principles of nondiscrimination and international universal human rights; enacts protections from arbitrary and unlawful interference with privacy; ensures fair trial rights; and protects freedom of expression, association and peaceful assembly.

Moreover, when foreign law enforcement serves a data order to an American service provider, the legal inquiry must be based on articulable and credible facts and subject to independent third-party review or oversight such as by a court, judge or magistrate.

The CLOUD Act is necessary to update the way our law enforcement deals with the borderless nature of online data. However, as some raise concerns about the bill’s ability to safeguard civil rights, we should be diligent to point out its strength in this regard. By demanding solid privacy protections before the CLOUD Act takes effect, international privacy protections will be helped rather than hindered.

We should allow the reward of data disclosure to help bring better civil-rights practices across the globe. Congress must seize the opportunity and pass the CLOUD Act to make international data laws clearer.


Carl Szabo is general counsel for NetChoice. The views of NetChoice do not necessarily represent the views of its underlying members.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.

Morning Consult