
Responsibility Deflected, the CLOUD Act Passes - raleighm
https://www.eff.org/deeplinks/2018/03/responsibility-deflected-cloud-act-passes
======
drawkbox
> _This bill is the CLOUD Act. It was never reviewed or marked up by any
> committee in either the House or the Senate. It never received a hearing. It
> was robbed of a stand-alone floor vote because Congressional leadership
> decided, behind closed doors, to attach this un-vetted, unrelated data bill
> to the $1.3 trillion government spending bill. Congress has a professional
> responsibility to listen to the American people’s concerns, to represent
> their constituents, and to debate the merits and concerns of this proposal
> amongst themselves, and this week, they failed._

The 4th amendment is gone and it wasn't terrorists that killed it, it was fear
and representatives of the people that don't represent people that killed it.

These freedoms were given up on page 2,232 of a budget bill with no debate.

History will not be kind to this time or everyone that lived during this
backslide. Freedoms are hard to win, we are giving them up easily.

As an aside, these 'pro-business' representatives just made US cloud products
less valuable to foreign companies/countries and US competitors.

When will people realize that surveillance can be abused and it is usually for
political or corporate espionage, has nothing to do with making anyone more
secure or safe.

Business plans, data and ideas are going to be a top target to theft as they
can get to it through a fake or associated threat, have some rogue actor email
or send info in, extract all business data and information.

~~~
AFNobody
Yup. No secret, once recorded, stays secret forever and the surveillance
state's expansion is making it worse. It'll just be a bigger pot to steal and
no one bothers to pay for security because they don't have to.

Equifax made money off its security breach ffs.

~~~
zdkl
>Equifax made money off its security breach ffs.

Source?

~~~
AFNobody
Operating revenue for "U.S. Information Solutions" is up $29 million over 2016
for the period right after the breach in 2017.

\+ various third parties (i.e. the one linked to) have said its likely they
made money off the breach.

------
mnm1
Of course we lost. The people always lose. I stopped using cloud services
without end to end encryption, except email/sms, years ago, soon after
Snowden's revelations. I simply don't see any other solution. I just wish more
people cared, that we could do a real boycott and hurt some companies. A few
corporations going out of business would be a miniscule price to pay for
privacy. Not enough will ever care though. It's sad but true. Convenience
trumps everything.

------
jakeogh
This could be an excellent use of the Presidential veto. Whatever your
political leanings, omnibus bills are a terrible outcome of the false left
right paradigm. Everybody gets to toss in the stuff they "want" to support but
know their constituents do not.

EFF: You wrote pages about it, but failed to mention the president still needs
to sign it. It's a pretty glaring omission...

~~~
Teeer
Except Trump probably supports the CLOUD Act.

~~~
dragonwriter
The Administration has backed the push for it (in part, to resolve an ongoing
legal dispute with Microsoft, who also supports it), so it's pretty hard
(though given Trump's other rapid reversals, not impossible) to see Trump
causing a shutdown by vetoing the omnibus spending bill over it's inclusion.

~~~
syshum
>>Microsoft, who also supports it

proving once again the Microsoft does not care about the privacy of their
users, and their lawsuit fighting this was not them standing up for their
users as they claimed but instead was them pushing for a liability shield that
would prevent users from using them

This should be the end of CLOUD services... Self Host or no Host should be the
motto of the day

------
lwhalen
So, here's a question. I'm a small self-hoster, US-based. If the "London
police" come calling asking for my data, what repercussions do I face if I
just say "No"?

~~~
ManFromUranus
The UK government can compel you to give them whatever they want by indirectly
acting via the US Govt. They will pressure the US Govt the US Govt will act on
you. So even though on paper they can't directly act against you, rest
assured, they can. Lets pretend that the US government would not comply with
requests to compel you to give them something, you can still be sued or
otherwise acted upon in such a way that you would have to expend time /
resources to fend off the request / lawsuit or whatever. So to say that the UK
Govt can't do anything to you because you don't have any assets there or don't
want to go there is kind of silly IMO.

~~~
rschulman
This is incorrect. The US government has no interest in turning over their
citizens to the UK government. The UK government is unlikely to sue a US
citizen in US court to assert their jurisdiction.

The most the UK government would probably do is issue a Mutual Legal
Assistance Treaty request with the US government, who would then go get a
warrant and serve that on you, which you would have to respond to.

------
tzs
> London investigators want the private Slack messages of a Londoner they
> suspect of bank fraud. The London police could go directly to Slack, a U.S.
> company, to request and collect those messages. The London police would not
> necessarily need prior judicial review for this request. The London police
> would not be required to notify U.S. law enforcement about this request. The
> London police would not need a probable cause warrant for this collection.

Is the implication that before the CLOUD Act, if London police wanted to ask a
US company for information they had to notify US law enforcement?

Sure, if they wanted to _force_ a US company to give them information they
would have to get the US legal system involved, but as far as I am aware US
law enforcement is not a gatekeeper over foreign access to talk to US
entities, at least when those foreigners are not from countries that the US
restricts contact with in general.

------
mxuribe
Well, I guess the erosion of our most basic rights is in fact happening. Ugh,
makes me sick to my stomach.

~~~
clarkmoody
To be fair, the erosion of our basic rights has been happening for a _long_
time.

------
chopin
I am certainly no supporter of the CLOUD act but the examples given on OP are
not convincing to me. What would prevent Slack from notifying all parties of
the request (the Londoner and her friends)? As well I'd expect that there are
barriers in UK which would require a warrant to get the data.

~~~
walterbell
From [https://www.eff.org/deeplinks/2018/02/cloud-act-dangerous-
ex...](https://www.eff.org/deeplinks/2018/02/cloud-act-dangerous-expansion-
police-snooping-cross-border-data)

 _" The legislation still:

\- Includes a weak standard for review that does not rise to the protections
of the warrant requirement under the 4th Amendment.

\- Fails to require foreign law enforcement to seek individualized and prior
judicial review.

\- Grants real-time access and interception to foreign law enforcement without
requiring the heightened warrant standards that U.S. police have to adhere to
under the Wiretap Act.

\- Fails to place adequate limits on the category and severity of crimes for
this type of agreement.

\- Fails to require notice on any level – to the person targeted, to the
country where the person resides, and to the country where the data is
stored."_

~~~
chopin
I've seen that. However the London police may require a warrant under _UK_
law, nevertheless. And Slack _may_ notify, nevertheless.

I think EFF could come up with better examples. At least, most of these
examples are not threatening for US persons. I'd think better examples would
involve what US LEO can do unwarranted. In that case people may be inclined to
exert more pressure on their representatives.

The law is bad but I think it could be painted in worse light.

~~~
irrenhaus
> At least, most of these examples are not threatening for US persons.

As a german, I'm so fucking fed up with this attitude. "Leader of the free
world" my ass.

Seriously, the US population needs to stop thinking only about what concerns
the US population and acknowledge the fact that a lot of US law regarding the
internet is actually also affecting the rest of the world. Stop treating non-
US people as something which does not need to have at least the same level of
protection.

Either fight for the right to have privacy regardless of where a person is
coming from or don't fight at all.

Just standing there saying "ah, it's fine, it protects US persons." and then
bragging about the US being a fine country and protecting the rest of the
world is just... I don't have words for it.

~~~
chopin
I am from Germany. I have no say in the matter. That's the reason why I would
like EFF come up with better examples to make people who have at least some
influence (such as calling their representative) engaged. If its not their
problem, they won't.

I think this legislation at odds at least with upcoming GDPR if not with
existing regulations in some EU members. It will be interesting to see how
this pans out.

~~~
irrenhaus
Well, I guess I misunderstood you then, sorry for that. My point still stands
though, only not meant for you :)

------
charred_toast
I guess we learned nothing from the 20th century. While our country, at least
used to, pride itself and base it's image upon excoriating unjust governmental
overreach abroad (East Germany), it has become exactly what it once bemoaned.

~~~
dragonwriter
No, our government _still_ prides itself on excoriating unjust governmental
overreach abroad.

Of course, that's often a good distraction from unjust governmental overreach
at home. But if you think that wasn't just as true at the Cold War time you
point to, you are sadly mistaken.

------
shiado
Hopefully with all these recent transgressions against digital rights we will
see the emergence of some hybrid of Zeronet, TOR, I2P, IPFS, BitTorrent,
etc... All these technologies have some serious usability/UX problems. We need
something so easy to use and so ubiquitous that it will make nations feel like
Metallica going up against Napster.

~~~
mulmen
From my perspective this is a legislative issue and not a technology problem.
The solution here is still to participate in democracy and preserve our
rights.

How will putting the government on the defensive result in better lawmaking?
That’s exactly the situation we are in now. Lawmakers are afraid of technology
and make ill advised laws to try and control it.

~~~
cryoshon
>implying they listen to us and not the people who have money

you should know better than that by now, come on. vote, do whatever. i sure
do. but until you're disrupting things, they won't listen.

------
thrillgore
What are our legislative options now? Let's assume we're already exhausting
all technical options.

~~~
wmeredith
When the legislative branch screws up, it's on one of the others to keep it in
check. Usually the judicial. This will be fought in the courts once a
defendant is incentivized enough to spend the money to do so.

------
nickpp
> This bill is the CLOUD Act. It was never reviewed or marked up by any
> committee in either the House or the Senate. It never received a hearing. It
> was robbed of a stand-alone floor vote because Congressional leadership
> decided, behind closed doors, to attach this un-vetted, unrelated data bill
> to the $1.3 trillion government spending bill.

And this, gentlemen, is why you NEVER trust a government. Any government.

