Cloud Act Implementation Issues
Written by Greg Nojeim
Greg Nojeim, Senior Counsel and Director of our Freedom, Security and Technology Project, guest wrote for Lawfare, a site published by the Lawfare Institute in cooperation with the Brookings Institute. It’s solely dedicated to “that nebulous zone in which actions taken or contemplated to protect the nation interact with the nation’s laws and legal institutions.” We’ve published the first few paragraphs here – click below for the full text.
The CLOUD Act, which became law in March 2018, will pose a number of implementation challenges to the U.S. Department of Justice. The law empowers DOJ, often acting in consultation with the State Department, to enter into bilateral agreements that permit DOJ to make direct demands on U.S. communications service providers for data those companies control even if the data is located in another country. The law also authorizes DOJ to enter into agreements with foreign governments allowing those governments to make direct demands to U.S. technology companies for content and metadata under their own laws, in lieu of using mutual legal assistance treaty (MLAT) processes.
In a post I did for Lawfare, I explore 11 key issues that the DOJ will have to face in connection with its implementation of the CLOUD Act. Among those issues are:
- Whether the DOJ will continue to use warrants to obtain content information of non-U.S. person located abroad;
- Whether CLOUD Act agreements between the U.S. and foreign governments will let foreign governments prevent data obtained through the agreements to be used to pursue the penalty of death;
- Whether CLOUD Act agreements will require that demands made by foreign governments be authorized in advance by a judicial authority; and
- How DOJ will implement the CLOUD Act requirement that orders from foreign governments not infringe on freedom of speech.