As the Trump Administration and Congress increasingly express concern about a reported effort by the United Kingdom to compel Apple to globally disable a security feature of one of its cloud services, attention has turned to addressing the resulting cybersecurity risks. The dispute has caused some to question the continued viability of the CLOUD Act agreement between the U.S. and the U.K. enabling government authorities to request user data directly from cloud providers.
This article, by former U.S. Department of Justice and Department of State officials, urges Washington to utilize a built-in safety valve – Article 12(3) – to resolve the dispute, without sacrificing the entire agreement. That provision allows either party to exclude an identified category of legal process from the scope of the agreement. The United States should invoke this article to prevent the United Kingdom from using the agreement to request user data from any provider that is subject to the type of obligations it reportedly seeks to impose on Apple. In addition, the authors urge that the United States develop a systematic fix for other CLOUD Act agreements under negotiation and that it correspondingly amend the CLOUD Act itself.
This decisive action is needed not only to preserve the valuable U.S.-UK agreement, but more fundamentally to protect U.S. providers from foreign measures undermining encryption protections, and to secure U.S. cybersecurity interests.
To read the full article on Lawfare, click here.
* * *
These statements are attributable only to the authors, and their publication here does not necessarily reflect the view of the Cross-Border Data Forum or any participating individuals or organizations.
