Congress considers legislation to stop criminals from hiding data overseas

Stock image | St. George News

ST. GEORGE — American efforts to investigate crime and terrorism have been impeded by lack of access to data stored overseas. Congress is subsequently considering legislation that would authorize quicker access to internationally stored data needed to prosecute serious crimes.

In a bipartisan letter sponsored by Utah Attorney General Sean Reyes and Vermont Attorney General T.J. Donovan, and signed by the attorneys general of 34 other states, the National Association of Attorneys General Friday urged Congress to pass the Clarify Lawful Overseas Use of Data Act, or CLOUD Act.

The act, which aims to clarify laws to apply when governments want access to data stored in the cloud, would update and amend several provisions of the Stored Communications Act.

“In today’s world of email and cloud computing, where data is stored across the globe, law enforcement and tech companies find themselves encumbered by conflicting data disclosure and privacy laws,” Sen. Orrin Hatch said in a statement, adding:

We need a common-sense framework to help law enforcement obtain critical information to solve crimes while at the same time enabling email and cloud computing providers to comply with countries’ differing privacy regimes.

The CLOUD Act confirms law enforcement’s ability to obtain probable-cause based warrants for electronic communications stored abroad and creates a clear avenue for service providers to challenge a Stored Communications Act warrant that targets a foreign person, which would require a provider to violate foreign law.

The act also creates incentives for the United States’ foreign partners to enter into bilateral agreements that will facilitate cross-border criminal investigations, while ensuring that privacy and civil liberties are respected.

Under the Stored Communications Act, law enforcement may obtain a warrant to search an individual’s email or other online account if a reviewing court finds probable cause that the account contains evidence of a crime. Once issued, a Stored Communications Act warrant is served on a service provider who must then collect the requested data and provide it to law enforcement.

State and local law enforcement agencies routinely use these warrants to investigate all manner of local crime, from drug trafficking to murder and child sexual exploitation.

However, some service providers argue that a Stored Communications Act warrant cannot be enforced when the data being sought is stored on a foreign server, even if the provider and the customer who created the data are in the United States and that data can be accessed from the United States.

“The providers and others have argued that requiring compliance with an SCA warrant in this situation would be an extraterritorial application of a domestic law and would raise significant privacy and international comity concerns,” according to a statement issued by the Utah Office of the Attorney General.

This dispute that a search warrant can’t reach beyond U.S. borders has spawned litigation across the country, including the case of United States v. Microsoft, which is pending in the United States Supreme Court.

The CLOUD Act is “an important step toward resolving this dispute,” according to the National Association of Attorneys General’s letter to Congress.

Under the proposed legislation, a section would be added to the Stored Communications Act that states firms must pass on data in their possession, even if it is held outside the US:

A provider of electronic communication service or remote computing service shall comply with the obligations of this chapter to preserve, backup, or disclose the contents of a wire or electronic communication and any record or other information pertaining to a customer or subscriber within such provider’s possession, custody or control, regardless of whether such communication, record or other information is located within or outside of the United States.

The CLOUD Act would also allow for the U.S. government to sign formal, bilateral data sovereignty agreements with other countries setting standards for cross-border investigative requests for digital evidence related to serious crime and terrorism.


Email: [email protected]

Twitter: @STGnews

Copyright St. George News, LLC, 2018, all rights reserved.

Free News Delivery by Email

Would you like to have the day's news stories delivered right to your inbox every evening? Enter your email below to start!


  • stg-anon February 26, 2018 at 4:16 pm

    This law sounds like a great way to force all international organizations to abandon US based tech companies

  • Caveat_Emptor February 27, 2018 at 10:36 am

    SCOTUS will hopefully rule by this Summer on the existing law, that predates the Internet.
    The data is stored OUS due to lower operating costs for data centers, and tax benefits.
    There are plenty of encryption tools that the bad guys can use to avoid detection, and hide the evidence trail the good guys need for evidence.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.