US govt quietly passes data monitoring Bill

The Trump administration in the US has quietly passed new legislation allowing the US government and law enforcement agencies to collect personal data stored overseas without regard for that nation’s privacy laws.

The Clarifying Overseas Use of Data Act (CLOUD Act) is designed to encourage bilateral negotiations over cross-border information sharing regimes for investigators, the Electronic Frontiers Foundation said.

The legislation, which was tacked onto a US$1.3 trillion government spending Bill and passed by the House and Senate without any hearings or review, would expand the powers of both US and international law enforcement agencies to demand that US tech companies share private information held overseas.

Under the new Act, US law enforcement agencies would have expanded ability to access the contents of electronic communications or any other information about a person regardless of where they live or where that information is physically located.

This would allow agencies to compel companies such as Google, Facebook and Snapchat to hand over a user’s content and metadata even when it is stored in a foreign country and should be subject to that nation’s privacy laws.

Meanwhile, the Bill would allow the US President to enter into executive agreements with foreign governments that would allow each government to acquire users’ data stored in the other government’s country without following privacy laws.

This would allow foreign governments to demand access to data held by US companies without having to go through the procedural efforts that are usually required, such as obtaining a warrant, or even notifying the US government.

According to Vault Systems CEO and founder Rupert Taylor-Price, the new legislation could have a significant impact on Australian citizens.

“US-based organisations can no longer guarantee that Australian data is secure from US law enforcement and their allies. As Australia becomes increasingly digitally interconnected, there is a serious need for both the public and private sectors to reconsider how critical information is handled and stored as they are essentially the guardians of people’s data,” he said.

“Data sovereignty and privacy can only be assured through the use of Australian-operated clouds and Australian employees. This guarantees that the data is subject to Australian jurisdiction only.”

Image credit: ©iStockphoto.com/Baris Simsek

Follow us on Twitter and Facebook