Without any public hearings, review, or public comment Congress created the CLOUD Act which was signed into law as part of the $1.3 trillion government spending bill which changed the 1986 Stored Communications Act (SCA).  The SCA was created to protect privacy in telephone records and with the advent of the Internet has been used by ISPs (Internet Service Providers) to restrict access to Internet content except with the owner’s permission in the US.

As a result of the CLOUD Act on April 17, 2018 the Supreme Court dismissed the US v. Microsoft case after hearing arguments on February 27, 2018 regarding Microsoft’s reliance on the 1986 SCA to refuse to produce emails in Ireland of an alleged drug dealer.

The Electronic Frontier Foundation made these comments about the CLOUD Act in March that it “is a far-reaching, privacy-upending piece of legislation that will”:

  • Enable foreign police to collect and wiretap people’s communications from U.S. companies, without obtaining a U.S. warrant.
  • Allow foreign nations to demand personal data stored in the United States, without prior review by a judge.
  • Allow the U.S. president to enter “executive agreements” that empower police in foreign nations that have weaker privacy laws than the United States to seize data in the United States while ignoring U.S. privacy laws.
  • Allow foreign police to collect someone’s data without notifying them about it.
  • Empower U.S. police to grab any data, regardless if it’s a U.S. person’s or not, no matter where it is stored.

The CLOUD Act will have an interesting impact on privacy (and eDiscovery).