Cross-Border Data Forum Bannner

CURRENT POSTS

,
As the Trump Administration and Congress increasingly express concern about a reported effort by the United Kingdom to compel Apple to globally disable a security feature of one of its cloud services, attention has turned to addressing the resulting cybersecurity risks. 
,
These Frequently Asked Questions (FAQs) update FAQs from 2019 to further address the meaning and implications of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act).
After more than two years in effect, the U.K.-U.S. Data Access Agreement (an “e-evidence agreement” enabled by the U.S. Clarifying Lawful Overseas Use of Data (CLOUD) Act) has proved a game-changer for the United Kingdom’s law enforcement agencies, which have made tens of thousands of real-time intercept requests directly to U.S. service providers. U.S. law enforcement agencies have made much more limited use of the agreement, primarily because little of the investigative data they need is held by U.K. providers.  The U.S. Department of Justice also has expressed muted disappointment with aspects of U.K. implementation. This article, by U.S. and U.K. ex-government officials, explores the reasons behind this initial experience. 
In testimony before the House Judiciary Subcommittee on June 5, 2025, Richard Salgado, Visiting Fellow on Security and Surveillance at the Cross-Border Data Forum, founder of Salgado Strategies, and a former DOJ prosecutor and Google executive, called the CLOUD Act the right framework for addressing growing threats to U.S. cybersecurity. These threats include a reported effort by the UK to secretly force Apple to weaken a global security feature. Salgado warned that such secret actions by foreign governments can harm American users, weaken global trust in U.S. companies, undermine security in the communications ecosystem, and benefit foreign competitors. 
,
Kenneth Propp and DeBrae Kennedy-Mayo analyze the new and controversial United Nations Cybercrime Convention in comparison to the long-established Council of Europe Cybercrime Convention.