The US Clarifying Lawful Overseas Use of Data (CLOUD) Act was quietly enacted into law on March 23, 2018. I say quietly due to the controversial nature of how it was passed — snuck into the back of a 2,300-page Federal spending bill on the eve of Congress’ vote. While debate rages on about both the way the bill was passed, and about the wide latitude the Act gives to the President and the State Department, the fact remains that it has been signed into law, and organizations need to start planning how to respond. For many, both in the US and abroad, that planning has drawn increased interest in Cloud Access Security Brokers (CASBs), and specifically, in cloud encryption.
The CLOUD Act is meant to expedite law enforcement access to online/cloud data, specifically when that data is stored abroad. CLOUD is an update to the Electronic Communications Privacy Act (ECPA), which was passed in 1986, long before cloud was even a twinkle in any entrepreneur’s eyes. Under ECPA, the only way for the US and a foreign government to exchange such data was under a Mutual Legal-Assistance Treaty (MLAT), which must be passed by a 2/3 vote of the Senate.
Laisser un commentaire
Participez-vous à la discussion?N'hésitez pas à contribuer!