> This bill is the CLOUD Act. It was never reviewed or marked up by any committee in either the House or the Senate. It never received a hearing. It was robbed of a stand-alone floor vote because Congressional leadership decided, behind closed doors, to attach this un-vetted, unrelated data bill to the $1.3 trillion government spending bill. Congress has a professional responsibility to listen to the American people’s concerns, to represent their constituents, and to debate the merits and concerns of this proposal amongst themselves, and this week, they failed.
The 4th amendment is gone and it wasn't terrorists that killed it, it was fear and representatives of the people that don't represent people that killed it.
These freedoms were given up on page 2,232 of a budget bill with no debate.
History will not be kind to this time or everyone that lived during this backslide. Freedoms are hard to win, we are giving them up easily.
As an aside, these 'pro-business' representatives just made US cloud products less valuable to foreign companies/countries and US competitors.
When will people realize that surveillance can be abused and it is usually for political or corporate espionage, has nothing to do with making anyone more secure or safe.
Business plans, data and ideas are going to be a top target to theft as they can get to it through a fake or associated threat, have some rogue actor email or send info in, extract all business data and information.
Yup. No secret, once recorded, stays secret forever and the surveillance state's expansion is making it worse. It'll just be a bigger pot to steal and no one bothers to pay for security because they don't have to.
> When will people realize that surveillance can be abused and it is usually for political or corporate espionage, has nothing to do with making anyone more secure or safe.
Throughout history, surveillance of a population has never been in the interests of that population.
Of course we lost. The people always lose. I stopped using cloud services without end to end encryption, except email/sms, years ago, soon after Snowden's revelations. I simply don't see any other solution. I just wish more people cared, that we could do a real boycott and hurt some companies. A few corporations going out of business would be a miniscule price to pay for privacy. Not enough will ever care though. It's sad but true. Convenience trumps everything.
This could be an excellent use of the Presidential veto. Whatever your political leanings, omnibus bills are a terrible outcome of the false left right paradigm. Everybody gets to toss in the stuff they "want" to support but know their constituents do not.
EFF: You wrote pages about it, but failed to mention the president still needs to sign it. It's a pretty glaring omission...
> This could be an excellent use of the Presidential veto.
It would be insanity for the President to veto a spending bill needed to avert a shutdown because it included a provision the Administration has publicly supported and actively sought.
> Whatever your political leanings, omnibus bills are a terrible outcome
Omnibus spending bills are fine — the particular financial provisions of any one may be good or bad, but the concept is fine; they are a completely sensible way to set government finances rather than doing it piecemeal.
Non-germane law changes tacked on to an omnibus spending bill, especially one being passed shortly before the expiration of current spending authority, are, OTOH, a different issue.
>but the concept is fine; they are a completely sensible way to set government finances rather than doing it piecemeal.
No they are not fine, not has they are used today. Congress as normal has abused the power of these bill this being a prime example.
This is why we need a Constitutional Amendment to bring the US Constitution in line with 41 US States where the Single Subject Rule is enforced.
We also need to bring back the Line Item Veto
We also need a mandatory Public Comment period, I propose 1 day for every 10 pages of Text... so for this bill it would have required 223 days of public comment before a vote would have been allowed, instead of what 12 hours this one got from the time it was submitted until it was being voted on
and the executive approves them, that is the check. If they created a Single Issue rule it would not be an issue anyway, but if they are going to have the ability to pass omnibus bills then a check on that is the line item veto, no line item veto not omnibus they should go hand in hand
"I am considering a VETO of the Omnibus Spending Bill based on the fact that the 800,000 plus DACA recipients have been totally abandoned by the Democrats (not even mentioned in Bill) and the BORDER WALL, which is desperately needed for our National Defense, is not fully funded."
> "I am considering a VETO of the Omnibus Spending Bill based on the fact that the 800,000 plus DACA recipients have been totally abandoned by the Democrats (not even mentioned in Bill) and the BORDER WALL [...]
Can someone explain to me how Congress cannot get DACA handled? The last polling I saw showed that it had near universal support among Democrats, and a solid majority among Republicans (about 80% overall for the general population).
It should be sufficient for the Republicans who are in charge of Congress to write a simple, clean, bill--hell, just codify the Obama executive order on DACA into law, since the problem Republicans seemed to have with that was that they thought Obama did not have authority for it, not that they thought it was a bad policy. That should sail through Congress easily.
Or, if they are worried Trump might veto if it is not attached to wall funding, instead of passing it directly they could explicitly give Trump the power to issue an executive order covering this. That wouldn't give him his wall, but it would give him the opportunity to issue an order similar to Obama's, and then take credit for personally saving those children for unjust deportation after the Democrats failed to pass a law.
DACA is the executive policy while the DREAM Act is the bill that Congress has yet to handle. Congress hasn't dealt with it because the Republican party was using it as a bargaining chip in the budget negotiations -- their voters see other issues as more important than DACA/DREAM while the Democrats want it passed.
The Trump administration made it a pressing matter in the negotiations by rescinding DACA in September 2017, but over the following months various District Court cases were filed and the judges ordered the government to continue the DACA policy. The administration tried to appeal those findings directly in the Supreme Court -- bypassing the appeals courts -- but it was unanimously rejected, effectively upholding the lower courts' rulings for now.
Since DACA is no longer under existential threat the Democrats have backed off of the DREAM Act in order to get other priorities through, and the Republicans are happy to let sleeping dogs lie.
A majority among nominal Republicans is not sufficient if there's not a majority among the Republican base that actually votes in primaries, especially with the knowledge that support of DACA will be spun by further-right primary opponents as "letting criminals stream across our border".
It doesn't serve either party's interests to actually "solve" anything regarding immigration policy. It's far more valuable to keep it as a hot button issue to virtue signal over in order to garner votes.
The Administration has backed the push for it (in part, to resolve an ongoing legal dispute with Microsoft, who also supports it), so it's pretty hard (though given Trump's other rapid reversals, not impossible) to see Trump causing a shutdown by vetoing the omnibus spending bill over it's inclusion.
proving once again the Microsoft does not care about the privacy of their users, and their lawsuit fighting this was not them standing up for their users as they claimed but instead was them pushing for a liability shield that would prevent users from using them
This should be the end of CLOUD services... Self Host or no Host should be the motto of the day
Trumps "rapid reversals" are conventional negotiation tactics.
Want to get a better price on a car after you think you have your best deal already worked out? Show up for the purchase closing and say you've changed your mind. Most likely they'll offer you more not to walk away at that point.
But what this really does is lets the US government work with a foreign government to bypass US laws and process to do whatever they want to US citizens. This feature is designed to be used creatively. Trump is thrilled about it.
So, here's a question. I'm a small self-hoster, US-based. If the "London police" come calling asking for my data, what repercussions do I face if I just say "No"?
Only the repercussions that the UK government could exact upon you. If you have no assets in the UK and don't plan on going there, there is relatively little they can do to you.
It's important to note that the CLOUD Act does not compel you to respond, it permits you to do so where you were prohibited before under US law.
If you had no assets in the UK and you accept you can never enter the UK....
You could get away with saying No. As long as the UK doesn't talk to the US and ask them to turn you over (which likely requires some serious criminal activity rather than curiosity).
The UK government can compel you to give them whatever they want by indirectly acting via the US Govt. They will pressure the US Govt the US Govt will act on you. So even though on paper they can't directly act against you, rest assured, they can. Lets pretend that the US government would not comply with requests to compel you to give them something, you can still be sued or otherwise acted upon in such a way that you would have to expend time / resources to fend off the request / lawsuit or whatever. So to say that the UK Govt can't do anything to you because you don't have any assets there or don't want to go there is kind of silly IMO.
This is incorrect. The US government has no interest in turning over their citizens to the UK government. The UK government is unlikely to sue a US citizen in US court to assert their jurisdiction.
The most the UK government would probably do is issue a Mutual Legal Assistance Treaty request with the US government, who would then go get a warrant and serve that on you, which you would have to respond to.
> London investigators want the private Slack messages of a Londoner they suspect of bank fraud. The London police could go directly to Slack, a U.S. company, to request and collect those messages. The London police would not necessarily need prior judicial review for this request. The London police would not be required to notify U.S. law enforcement about this request. The London police would not need a probable cause warrant for this collection.
Is the implication that before the CLOUD Act, if London police wanted to ask a US company for information they had to notify US law enforcement?
Sure, if they wanted to force a US company to give them information they would have to get the US legal system involved, but as far as I am aware US law enforcement is not a gatekeeper over foreign access to talk to US entities, at least when those foreigners are not from countries that the US restricts contact with in general.
I am certainly no supporter of the CLOUD act but the examples given on OP are not convincing to me. What would prevent Slack from notifying all parties of the request (the Londoner and her friends)? As well I'd expect that there are barriers in UK which would require a warrant to get the data.
- Includes a weak standard for review that does not rise to the protections of the warrant requirement under the 4th Amendment.
- Fails to require foreign law enforcement to seek individualized and prior judicial review.
- Grants real-time access and interception to foreign law enforcement without requiring the heightened warrant standards that U.S. police have to adhere to under the Wiretap Act.
- Fails to place adequate limits on the category and severity of crimes for this type of agreement.
- Fails to require notice on any level – to the person targeted, to the country where the person resides, and to the country where the data is stored."
I've seen that. However the London police may require a warrant under UK law, nevertheless. And Slack may notify, nevertheless.
I think EFF could come up with better examples. At least, most of these examples are not threatening for US persons. I'd think better examples would involve what US LEO can do unwarranted. In that case people may be inclined to exert more pressure on their representatives.
The law is bad but I think it could be painted in worse light.
> At least, most of these examples are not threatening for US persons.
As a german, I'm so fucking fed up with this attitude.
"Leader of the free world" my ass.
Seriously, the US population needs to stop thinking only about what concerns the US population and acknowledge the fact that a lot of US law regarding the internet is actually also affecting the rest of the world. Stop treating non-US people as something which does not need to have at least the same level of protection.
Either fight for the right to have privacy regardless of where a person is coming from or don't fight at all.
Just standing there saying "ah, it's fine, it protects US persons." and then bragging about the US being a fine country and protecting the rest of the world is just... I don't have words for it.
I am from Germany. I have no say in the matter. That's the reason why I would like EFF come up with better examples to make people who have at least some influence (such as calling their representative) engaged. If its not their problem, they won't.
I think this legislation at odds at least with upcoming GDPR if not with existing regulations in some EU members. It will be interesting to see how this pans out.
So I fought against the CLOUD Act as an American because I think it does lower privacy protections for many people around the world. With that said, all it does is make the German government meet German standards for obtaining criminal evidence, rather than the US standard. If you don't like the German standards, you should take it up with your government. That's why the law also requires the US government to evaluate the human rights standards of the other government before entering into a relationship under the law.
Trying to avoid whataboutism here, but I too am fed up with the attitude. However, I see it in several countries/regions (e.g. the US, the EU) that impose their rules on extra-regional persons and/or their companies. Some intentionally, some not. Either way, we should always strive for narrowly scoped legislation and disagree with it when it's not. The unfortunate part is many who lambaste rulings that are made outside their jurisdiction but affect them often praise legislation made inside their jurisdiction that affects others.
It's important for people to keep this in mind when they think something is best for others outside their jurisdiction. This is especially true when these countries/regions use their leverage and say they're doing something only for their citizens knowing it affects the global internet.
Slack doesn't even tell you when your employer is looking at your private chats. Do you think it will tell you when a government's law enforcement arm asks them not to tell you?
I guess we learned nothing from the 20th century. While our country, at least used to, pride itself and base it's image upon excoriating unjust governmental overreach abroad (East Germany), it has become exactly what it once bemoaned.
No, our government still prides itself on excoriating unjust governmental overreach abroad.
Of course, that's often a good distraction from unjust governmental overreach at home. But if you think that wasn't just as true at the Cold War time you point to, you are sadly mistaken.
Hopefully with all these recent transgressions against digital rights we will see the emergence of some hybrid of Zeronet, TOR, I2P, IPFS, BitTorrent, etc... All these technologies have some serious usability/UX problems. We need something so easy to use and so ubiquitous that it will make nations feel like Metallica going up against Napster.
From my perspective this is a legislative issue and not a technology problem. The solution here is still to participate in democracy and preserve our rights.
How will putting the government on the defensive result in better lawmaking? That’s exactly the situation we are in now. Lawmakers are afraid of technology and make ill advised laws to try and control it.
When the legislative branch screws up, it's on one of the others to keep it in check. Usually the judicial. This will be fought in the courts once a defendant is incentivized enough to spend the money to do so.
> This bill is the CLOUD Act. It was never reviewed or marked up by any committee in either the House or the Senate. It never received a hearing. It was robbed of a stand-alone floor vote because Congressional leadership decided, behind closed doors, to attach this un-vetted, unrelated data bill to the $1.3 trillion government spending bill.
And this, gentlemen, is why you NEVER trust a government. Any government.
The 4th amendment is gone and it wasn't terrorists that killed it, it was fear and representatives of the people that don't represent people that killed it.
These freedoms were given up on page 2,232 of a budget bill with no debate.
History will not be kind to this time or everyone that lived during this backslide. Freedoms are hard to win, we are giving them up easily.
As an aside, these 'pro-business' representatives just made US cloud products less valuable to foreign companies/countries and US competitors.
When will people realize that surveillance can be abused and it is usually for political or corporate espionage, has nothing to do with making anyone more secure or safe.
Business plans, data and ideas are going to be a top target to theft as they can get to it through a fake or associated threat, have some rogue actor email or send info in, extract all business data and information.