Law Enforcement

CLOUD Act set to pass in omnibus

cloud migration (deepadesigns/ 

Congress is poised to pass legislation that will have big implications on cross-border data sharing, law enforcement investigations and data privacy.

The CLOUD Act, introduced by a bipartisan group of senators in February 2018, was inserted into the $1.3 trillion omnibus spending bill that Congress must pass by Friday to avoid another shutdown. The provision would update the 1986 Stored Communications Act and allow the United States to enter into bilateral agreements with other countries and petition tech companies for access to data on citizens or entities stored that are stored in another country.

Such data sharing agreements are currently handled through what are known as Mutual Legal Assistance Treaties. However, the Department of Justice has stated that such requests for computer records have increased exponentially over the past decade, and critics have complained about lengthy wait times -- up to 10 months -- that they argue make the process unworkable in the modern digital age. 

Passage of the law may also render moot a current Supreme Court case on the topic between Microsoft and the U.S. government over a DOJ request for data stored in Ireland. The bill has received support from Microsoft and other major tech companies -- cleaving an alliance that had formed over the Microsoft case between the tech industry, civil liberty groups and data privacy advocates.

Brad Smith, president and chief legal officer for Microsoft, reaffirmed the company's support for the CLOUD Act on Twitter after the omnibus spending bill was released, saying it "responds directly to the needs of foreign governments frustrated about their inability to investigate crimes in their own countries" while "ensuring appropriate protections for privacy and human rights."

The bill text includes language prohibiting other countries from intentionally targeting U.S. persons and limits the U.S. government to agreements with countries that follow "applicable international human rights obligations and commitments."

Opponents criticized the version of the legislation introduced in February for weak language on this front, pointing out it only required the executive branch to take these factors into consideration and would pave the way for cross-border agreements with countries, like Turkey and Saudi Arabia, that are geopolitical allies of the United States but have a history of human and civil rights abuse.

Neema Singh Guliani, legislative counsel for the ACLU, told FCW that legislators did appear to make some changes to the newest version placed into the omnibus, namely extending the congressional review period from 90 to 180 days and including newer language that "suggest that the list of human rights factors were mandatory." However, she said the language around this area remained "weak and vague."

"In short, there were minor changes made, but many of our core concerns remain," said Guliani

In Congress, a few lonely voices have continued to fight against the legislation. Both Sens. Rand Paul (R-Ky.) and Ron Wyden (D-Ore.) have come out against including the CLOUD Act in the spending bill.

Rep. Justin Amash (R-Mich.) took issue with the lack of debate surrounding a bill that "radically changes the way foreign governments can get electronic data from U.S. companies."

"It hasn't been considered on the floor or gone through committee, yet leadership has suddenly stuck it into the omnibus -- along with numerous other bills," Amash wrote on Twitter. "These shameless tactics decimate public trust (whatever is left) in Congress and do lasting institutional damage to the House."

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.