The Cloud Act changes US law so that law-enforcement warrants apply to data stored anywhere by US-based tech firms, The Wall Street Journal reported.
It is common practice for US lawmakers to tag bills onto others in order to get them passed into law.
On the downside, the Act also gives companies the right to challenge warrants in court based on privacy laws in the specific country where the data is stored.
|
|
The US Supreme Court is now hearing the case, with the first hearing having been on 27 February and a verdict expected by the end of June.
In July 2016, the US Court of Appeals for the Second Circuit based in New York reversed a decision by a Southern District of New York court which had held Microsoft in contempt of court for refusing to hand over the customer emails.
And in January 2017, the US Court of Appeals for the Second Circuit, in a 4-4 decision, refused to rehear an appeal of its own decision.
A warrant was issued in 2013 for obtaining the emails, which reportedly were to do with an investigation into drug trafficking, and when Microsoft asked for it to be quashed, a judge refused to do in April 2014.
The Cloud Act also permits bilateral deals between the US and other countries over dealing with future disagreements, including requests made by other countries for data stored in the US.
The WSJ quoted Marc Rotenberg, president of the Electronic Privacy Information Centre, as criticising the passing of the Act, saying "The Cloud Act is a disappointing outcome after so many human-rights groups weighed in on the Microsoft case at the US Supreme Court."
Greg Nojeim, of the Centre for Democracy and Technology, said the deal gave the DoJ too much power to allow foreign governments access to US data.
“DoJ could use this legislation to diminish privacy rights world-wide, or to persuade other governments to raise their surveillance standards in order to qualify for an agreement,“ he said.
”We fear the US Congress hasn’t done enough to require DoJ to make the right decisions.”
