{
  "id": "R45173",
  "type": "CRS Report",
  "typeId": "REPORTS",
  "number": "R45173",
  "active": true,
  "source": "EveryCRSReport.com",
  "versions": [
    {
      "source": "EveryCRSReport.com",
      "id": 580492,
      "date": "2018-04-23",
      "retrieved": "2018-04-26T13:15:28.034704",
      "title": "Cross-Border Data Sharing Under the CLOUD Act",
      "summary": "Law enforcement officials in the United States and abroad increasingly seek access to electronic communications, such as emails and social media posts, stored on servers and in data centers in foreign countries. Because the architecture of the internet allows technology companies to store data at a great distance from the physical location of their customers, electronic communications that could serve as evidence of a crime often are not housed in the same country where the crime occurred. This disconnect has caused governments around the world, including the United States, to seek data stored outside their territorial jurisdictions. In the Clarifying Lawful Overseas Use of Data (CLOUD) Act, Congress enacted one of the first major changes in years to U.S. law governing cross-border access to electronic communications held by private companies.\nThe CLOUD Act has two major components. The first facet addresses the U.S. government\u2019s ability to compel technology companies to disclose the contents of electronic communications stored on the companies\u2019 servers and data centers overseas. The Stored Communications Act (SCA) mandates that certain technology companies disclose the contents of electronic communications pursuant to warrants issued by U.S. courts based on probable cause that the communications contain evidence of a crime. But a dispute arose over whether warrants issued under the SCA could compel disclosure of data held outside the territorial jurisdiction of the United States. While the Supreme Court was set to resolve this issue in United States v. Microsoft, the CLOUD Act amended the SCA to require that technology companies provide data in their possession, custody, or control in response to an SCA warrant\u2014regardless of whether the data is located in the United States. On April 17, 2018, the Supreme Court ruled that the change in law mooted the Microsoft case.\nThe second facet of the CLOUD Act addresses the reciprocal issue of foreign governments\u2019 ability to access data in the United States as part of their investigation and prosecution of crimes. Prior to the CLOUD Act, foreign nations seeking data in the United States were required to request the assistance of the U.S. government through either mutual legal assistance treaties (MLATs) or judicial instruments known as letters rogatory. Requests under either instrument are reviewed by U.S. courts before disclosure to the foreign nation can be authorized, but U.S. and foreign officials criticized the processes as inefficient and unable to accommodate the increasing number of data requests in the digital era.\nThe CLOUD Act responds to calls for modernization by authorizing the executive branch to conclude a new form of international agreement through which select foreign governments can seek data directly from U.S. technology companies without individualized review by the U.S. government. Agreements authorized by the CLOUD Act would remove legal restrictions on certain foreign nations\u2019 ability to seek data directly from U.S. providers in cases involving \u201cserious crimes\u201d when not targeting U.S. persons, provided the Executive has determined that the foreign nation\u2019s laws adequately protect privacy and civil liberties, among other requirements. While the CLOUD Act conditions approval of covered agreements upon a host of restrictions, commentators debate whether these agreements will provide adequate protections for privacy, human rights, and civil liberties.",
      "type": "CRS Report",
      "typeId": "REPORTS",
      "active": true,
      "formats": [
        {
          "format": "HTML",
          "encoding": "utf-8",
          "url": "http://www.crs.gov/Reports/R45173",
          "sha1": "762d6c35d2d1cfb309ffe2d6240daf710c8ecbdf",
          "filename": "files/20180423_R45173_762d6c35d2d1cfb309ffe2d6240daf710c8ecbdf.html",
          "images": {
            "/products/Getimages/?directory=R/html/R45173_files&id=/0.png": "files/20180423_R45173_images_41390f32c62afd59cc4ac63f79428c85e83d91cc.png"
          }
        },
        {
          "format": "PDF",
          "encoding": null,
          "url": "http://www.crs.gov/Reports/pdf/R45173",
          "sha1": "c8a82f6a7cee392e23453b5836546d6a68e5e779",
          "filename": "files/20180423_R45173_c8a82f6a7cee392e23453b5836546d6a68e5e779.pdf",
          "images": {}
        }
      ],
      "topics": []
    }
  ],
  "topics": [
    "American Law",
    "Foreign Affairs",
    "Intelligence and National Security"
  ]
}