US moves to limit jurisdiction over data stored abroad

US lawmakers this week introduced two bipartisan bills that seek to limit the reach of US courts over data stored in cloud services located outside the US, a move welcomed by a broad coalition of technology and telecoms firms, reports Business Cloud News. The Law Enforcement Access to Data Stored Abroad Act, or LEADS, is intended to safeguard data stored abroad from improper government access.

It authorises search warrants to customer data stored in foreign cloud services but limits the applicability of those warrants to US citizens, and would allow for the modification or nullification of the warrant “if the court finds that the warrant would require the provider of an electronic communications or remote computing service to violate the laws of a foreign country”.

This would effectively force the US and other countries it currently has treaty agreements with which focus on or impact data sharing between countries (Safe Harbour, or MLAT, for instance) to lean more heavily on those treaties for regulatory clarity, while allowing for local providers to defer to legislation in their home countries in the event of a conflict between legal frameworks – even if the firm located outside the US is a subsidiary of an American company.

The other law tabled this week brings a series of amendments to the Electronic Communications Privacy Act that make the requirements for securing such a warrant more stringent, bringing them in line with existing rules outlined in the US Federal Rules Criminal Procedure. This brings common legal requirements for search and seizure like probable cause into the digital data world.

Senator Orrin Hatch (R-Utah), chairman of the Senate Republican High-Tech Task Force and co-author of LEADS said the bill will bring an end to warrantless data seizures and help protect US companies and citizens’ data abroad.

“This is a pro-business, pro-innovation bill that will protect American privacy in the digital age and promote trust in US technologies worldwide,” Hatch said.

“While I agree in principle with the ECPA reform bills recently introduced in the House and Senate, neither establishes a framework for how the US government can access data stored abroad. As Congress works to reform our domestic privacy laws, we must modernize the legal framework for government access to digital data stored around the world. This bill recognizes that these two issues are inextricably linked,” he said.

The legal proposals came as welcome news to Microsoft, which is currently embroiled in a court case that has seen the IT giant repeatedly challenge US District Court rulings compelling it to hand over email and contact information stored in its cloud platform in Ireland as part of a drug-trafficking trial.

“We believe that when one government wants to obtain email that is stored in another country, it needs to do so in a manner that respects existing domestic and international laws. In contrast, the US Government’s unilateral use of a search warrant to reach email in another country puts both fundamental privacy rights and cordial international relations at risk,” said Microsoft general counsel & executive vice president, legal and corporate affairs Brad Smith in December, when the firm signed up dozens of telcos, cloud companies, civil rights groups and media companies to request that the US government review its laws governing search warrant application in a digital age.

Commenting on the LEADS and ECPA reform Smith said the rules are “an important step to reform our outdated privacy laws”.

“We need to ensure that law enforcement can access the information it needs while people benefit from the privacy they deserve, all pursuant to proper legal process and the rule of law. We need to protect the global nature of modern technology, while preserving the role that governments play in protecting the privacy of their citizens. To do this, governments must respect each other’s borders and national sovereignty, while also enabling law enforcement cooperation across borders at internet speed under new international rules.”

Smith said Microsoft will join a broad coalition of telcos, manufacturing and cloud firms advocating for passage of the reforms.

The legal reforms aim to help combat a sense of distrust in how the American government secures private data from cloud providers globally, which many US cloud firms operating abroad including Microsoft and Verizon said (particularly during the fallout from the PRISM allegations) pose a credible threat to their business.

Tags: , , ,
  • Cloud Native World

  • TechXLR8

  • Cloud & DevOps World Summit

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.