Microsoft’s chief legal office Brad Smith pens panegyric post about CLOUD Act funding

Kareem Anderson

Both Microsoft and the US Supreme Court are inching closer to a resolution that could end the company’s years-long international data privacy conflict with local law enforcement, while also setting up a basic framework for standards and practices for the handling and appropriation of data in a trans-digital age.

We recently wrote about the new CLOUD Act, which would help establish a few fundamental guidelines for the collection of data from US authorities for data held by US companies in overseas servers and cloud technologies.

The foreign government must make a diplomatic request to the United States for this data, via the mutual legal assistance process, even if the only US tie to the case is that relevant data happens to be US-held. This is a time-consuming process which ultimately requires a US attorney’s office to issue a warrant on behalf of the foreign government.

Earlier today, funding for the CLOUD Act was introduced in the most recent version of the Omnibus funding bill presented to Congress. Understandably, Microsoft’s Chief Legal Officer Brad Smith is a bit enthused by the prospect, to say the least. This is especially since according to a report by ZDNet, court justices in the company’s current privacy case were less than sway by the argument that US authorities had little right or claim to data held overseas by a US corporation, especially in a criminal case.

However, if the CLOUD Act gets off the ground in any meaningful way before late June 2018, Smith and company won’t need the approval of court justices but will have a concrete solution to point towards that alleviates its responsibility in justifying its hardline approach to data privacy.

Interestingly enough, opposition to the CLOUD Act has come from more than just frustrated local enforcement in the form of The Electronic Frontier Foundation and others. According to the EFF and the ACLU, the Cloud Act “threatens activists abroad, individuals here in the US.” To some, the CLOUD Act is seen as an overreach of authority, despite setting up a legal framework for domestic authorities of nations to obtain data necessary in criminal prosecutions.