Facebook is mired in the middle of an enormous scandal over a right-wing data firm allegedly illegally accessing 50 million profiles. So it seems unlikely that it would be backing a law that made such breaches easier. But, in fact, today one was signed into law, hidden in the massive omnibus spending bill Donald Trump signed. Called the CLOUD Act, it allows governments around the world to simply take your profile, with no warrant required, only the signature of the Attorney General. Yes, legally, Jeff Sessions now gets to decide whether your profile remains private.
The CLOUD Act is designed to save Facebook, Google, and other companies the legal fees involved in dealing with the many different privacy requirements and legal obligations social networks and tech companies face around the world. Hidden in the omnibus bill, it essentially allows any government to request data from these companies, provided the attorney general signs off on it, regardless of where it happens to be stored. For tech companies, this is great! Of course, if you are, say, an activist campaigning against a repressive government, a journalist an intelligence service would like to discredit, or just somebody who would rather not have any jerk with a password looking through your camera roll for nudes, it’s not so great.
In fact, in terms of expansiveness and oversight, it has a lot in common with PRISM, the NSA’s vast surveillance network that quickly became heavily abused and was a massive privacy scandal during the Obama administration. That should be particularly worrying because, as the Daily Beast points out, this allows American authorities a backdoor to just go through your digital stuff:
…the U.S.’ foreign partners can set up a Fourth Amendment shell game. Those foreign governments can access Americans’ online communications with foreigners, and if what they find “relates to significant harm, or the threat thereof, to the United States or United States persons,” they can pass it back to the feds. No warrant required.
Of course, the solution here is to simply not store any stuff you really don’t want the authorities looking at online, although that’s easier said than done. And it’s also worth pointing out that this law will likely loop around to bite tech companies and politicians alike, sooner or later. One of the downsides of warrantless surveillance, after all, is you never know who might be watching.