The Cloud Act Between The UK And The US

A new piece of legislation called the Cloud Act has been the root of debates over its privacy implications.

The CLOUD Act requires social media services like Facebook to hand over private messages sent using communications networks. Previous attempts by Western governments to snoop on private conversations have been met with backlash by citizens.

Under former UK PM Theresa May’s government, a proposal was made that encrypted communications must be made accessible by authorities upon request. The excuse for such invasive legislation was that terrorists were known to be organizing attacks using apps like Telegram.

Only a small percentage of people are using encrypted apps. Most ordinary citizen are using encrypted apps for preventing leaks of legitimate business secrets, protecting sources, or for reducing personal data collection.

It is a concern if authorities access such information, it’s a legitimate concern for business. Whistleblowers like Edward Snowden could be arrested before disclosing any information about their government, or individual profiles could be created for each person to highlight them as a risk to that administration’s interests.

Security experts have pointed out that asking encrypted services to provide unencrypted access to authorities isn’t practical. Building in a ‘backdoor’ of any sort requires deliberately creating a vulnerability that at some point is likely to be discovered and taken advantage of by an unauthorised third-party, putting potentially millions of users at risk.

On YCombinator, WhatsApp head Will Cathcart wrote:

“We believe people have a fundamental right to have private conversations. End-to-end encryption protects that right for over a billion people every day.

We will always oppose government attempts to build backdoors because they would weaken the security of everyone who uses WhatsApp including governments themselves. In times like these, we must stand up both for the security and the privacy of our users everywhere.”

Under the CLOUD Act, social media companies are not forced to break encryption or add backdoors in their apps. While communications must be handed over upon request, they may not even be in a readable state.

A modernization of the current UK-US system is certainly needed. Currently, authorities rely on a law from the ’80s to request digital information on suspects.

UK authorities must go through US courts and vice-versa to get permission to access private data for an investigation. This causes a significant delay which could mean life-or-death in some cases. Under the CLOUD Act, a UK court would be able to issue a request to access data the same as a US court (or, again, vice-versa).

“The fight over encryption continues,” wrote Facebook’s former chief security officer Alex Stamos in a tweet. “But the US/UK agreement hopefully reduces some of the pressure by giving UK [law enforcement] the same options as US [law enforcement].”