THE CLOUD ACT: How Unconstitutional Data Collection Crosses US-UK Borders

President Donald Trump often frames himself as the opponent of big tech, calling the industry an unaccountable hub known for “political censorship, blacklisting, and rigged search results” which harm online democracy. However, it was his administration that secretly passed one of big tech’s supported measures which subvert the privacy protections of The Fourth Amendment through state-corporate tyranny.

On Tuesday, nine human rights and civil liberties organizations signed a public letter to the U.S. Department of Justice (DOJ) objecting to a potential agreement which would grant the United States and British law enforcement the right to broad access held by big tech companies without a warrant. Such an invasive alliance is being justified under The Clarifying Lawful Overseas Use of Data Act (otherwise known as The CLOUD Act), which has been lobbied by corporations and DOJ officials since 2016 and was signed into law by the president earlier this March when the budget was passed.

While no cross-country data collections have seemingly been done since, the latest agreement would grant foreign ally law enforcement access to individual user data held by U.S. tech companies without a warrant so long as the search target is not a U.S. citizen or resident (which would require due process under the law).

The Intercept reports of these “executive agreements” only being handled between the president and the foreign governments requesting mutual data, sidestepping the oversight of Congress. The only requirement for foreign governments to join in this exchange is to “demonstrate respect” for human rights, however the vague language could allow countries like Saudi Arabia, known for their genital mutilation and beheading of apostates, to join the exchange for currently sitting on the United Nation’s Human Rights Panel.

“London investigators want the private Slack messages of a Londoner they suspect of bank fraud,” the public letter reads. “The London police could go directly to Slack, a U.S. company, to request and collect those messages. The London police would receive no prior judicial review for this request. The London police could avoid notifying U.S. law enforcement about this request. The London police would not need a probable cause warrant for this collection.”

“As the CLOUD Act implicitly acknowledges,” they continued, “communications or other data sought by foreign governments pursuant to executive agreements may include correspondence with, or other personal data belonging to, people in the United States — even if the agreements prohibit the intentional targeting of US persons and others in the US, as the law requires.[3] The United Kingdom’s respect for human rights standards can therefore be expected to affect people in the United States as well as the intended foreign targets of any monitoring.”

As written by journalists Trevor Aaronson and Sam Biddle, the law is clear in stating such foreign police services cannot “intentionally target a United States person or a person located in the United States,” the loose wording allows these agencies to receive communications of U.S. citizens and residents if it’s through the third-party source and these citizens have happened to communicate with the foreign subject (who the government could intentionally target but can easily deny). No mention of whether external data was anonymized was made, though don’t hold your breath.

“The phrase ‘intentionally target’ creates a large loophole; people in the U.S. and U.S. persons overseas could easily get caught in the dragnet,” stated Sarah St.Vincent, an investigator with Human Rights Watch and a letter signatory, who spoke with The Intercept. “We reject this should be reassuring to anyone as procedures are not laws, but rather safeguards. I don’t see any mechanism in here to ensure that those are strictly applied and inspected.”

The public should, then, demand these agreements have the oversight of both their representatives and independent bodies to ensure their constitutional protections have legitimacy. “The CLOUD Act,” the journalists write, “also leaves open the possibility that a foreign police agency could obtain, without a warrant, incriminating communications from a U.S. citizen, which could then be shared with U.S. law enforcement. Data obtained in this way could not be used as evidence in a U.S. court, because its collection would violate Fourth Amendment protections. But local, state, or federal law enforcement agencies could reacquire the communications after obtaining a warrant — a controversial law enforcement practice known as ‘parallel construction’.”

This process, for those not aware, was described to the public by National Security Agency (NSA) whistleblower William E. Binney who alleges the U.S. government illegally obtains information about criminals through their intelligence agencies, which can involve collecting metadata and tipping the cops off about criminals they would otherwise not know about. This allows police the opportunity to illegally construct their own trail of evidence when their original lead was fruit of the poisonous tree. Such methods aren’t unprecedented given a cited Human Rights Watch report revealed the Drug Enforcement Agency (DEA) used intelligence from the NSA to crackdown on drug users, and instructed to craft a plausible narrative outside of their initial source.

“The CLOUD Act would specifically allow the U.K. authorities to pass data belonging to U.S. persons back to the U.S. authorities if it ‘relates to significant harm, or the threat thereof, to the United States or United States persons’ — quite a significant loophole,” St.Vincent continued to explain. “The U.S. authorities can’t deliberately set up this end run around the Fourth Amendment themselves, but they’re free to sit back and receive whatever the U.K. sees fit to share.”

Big tech also appears ready to play ball with the governments. The journalists cite a joint-letter from Google, Apple, Facebook, Microsoft, and Yahoo detailing their support for the legislation using rhetoric of how it “reflects a growing consensus in favour of protecting Internet users,” and “would be notable progress to protect consumers’ rights and would reduce conflicts of law”, when it reality it allows these companies to sweeten their intensified relationship with the government institutions.

“If the government’s criminal investigations secretly relied on spying,” said Patrick Toomey, an attorney working for the ACLU’s National Security Project, “that would be a serious concern. Individuals facing criminal prosecution have a right to know how the government came by its evidence, so that they can challenge whether the government’s methods were lawful. That is a basic principle of due process. The government should not be hiding the true sources for its evidence in court by inventing a different trail.”

Related News