US, UK Sign Under the Controversial CLOUD Act to Access Data Directly From Tech Companies
The United States and the United Kingdom have signed what they call a "landmark" agreement that will enable them to demand electronic data directly from the tech companies based in the other country bypassing local legal barriers. The first international agreement under the US CLOUD Act (Clarifying Lawful Overseas Use of Data) comes along with a renewed push to create back doors in the encrypted communications apps.
The data sharing agreement was signed by the US Attorney General William P Barr and UK Home Secretary Priti Patel last night. "This agreement will enhance the ability of the United States and the United Kingdom to fight serious crime - including terrorism, transnational organized crime, and child exploitation - by allowing more efficient and effective access to data needed for quick-moving investigations," Barr said.
"Only by addressing the problem of timely access to electronic evidence of crime committed in one country that is stored in another, can we hope to keep pace with twenty-first century threats. This agreement will make the citizens of both countries safer, while at the same time assuring robust protections for privacy and civil liberties.” - Barr
Patel added that "terrorists and paedophiles continue to exploit the internet to spread their messages of hate, plan attacks on our citizens and target the most vulnerable. As Home Secretary I am determined to do everything in my power to stop them."
"This historic agreement will dramatically speed up investigations, allowing our law enforcement agencies to protect the public. This is just one example of the enduring security partnership we have with the United States and I look forward to continuing to work with them and global partners to tackle these heinous crimes.” - Patel
What this new CLOUD Act bilateral data sharing agreement means
While there was already a process in place (MLAT or the Mutual Legal Assistance Treaty) that enabled the UK and US to demand access to content stored in or by the tech companies in the other country, it took a lot of time and legal barriers. The new data sharing agreement will enable UK authorities to skip the US legal process and reach out directly to tech companies like Facebook and Google in cases of serious crimes like terrorism and child sexual abuse after having the appropriate court authorization.
The controversial CLOUD Act was passed in March, 2018. Supporters argued that the MLAT is no longer sustainable as it depends on one country abiding by another country’s court system. For all the local crimes, the proponents argue, foreign countries cannot be brought in or even pushed to deliver data on time. The opponents had opposed the bill for its overreaching clauses, as the Act enables an attorney general to unilaterally enter into agreements with foreign countries, bypassing court protections.
"The current legal assistance process can take up to two years, but the Agreement will reduce this time period considerably, while protecting privacy and enhancing civil liberties," the DOJ's press released issued late last night reads. The press release added that the "United States will have reciprocal access, under a U.S. court order, to data from UK communication service providers."
All requests for access to data will be subject to independent judicial authorization or oversight.
The agreement will go into effect after being approved by lawmakers on both sides.
Encrypted data remains safe from this agreement, but governments renew their push to get rid of end-to-end encryption
Since the contents of end-to-end encrypted messages remain out of reach, the governments are also pushing for having access to this data through back doors. The agreement has strengthened this years-long demand of intelligence agencies.
Last night, AG Barr along with officials from the UK and Australia also published an open letter demanding this backdoor access into Facebook's products. The letter urges Facebook CEO Mark Zuckerberg not to expand its encryption efforts (Facebook had announced in summer to be more privacy-focused through encrypted communications) without providing law enforcement access to these communications to "protect the public, particularly child users."
LEAs have long used the child abuse cases to push the narrative towards insecure communications that have a legal backdoor built into them. As activists and tech experts have long argued and leaks from within the intelligence agencies have proved, any backdoor or vulnerability that is created for exclusive government use always finds its way to the criminals, inherently making communications insecure.
Facebook, in its response, has said that "End-to-end encryption already protects the messages of over a billion people every day."
"We strongly oppose government attempts to build back doors because they would undermine the privacy and security of people everywhere.”
Having over 1.5 billion users, WhatsApp remains the most used messaging app that offers end-to-end encrypted communications by default. With the company creating a back door for the US government and its allies, activists warn that it will be destroying the security and privacy of billions of its users worldwide.