April 15, 2019

DOJ offers guidance on the CLOUD Act

The United States Department of Justice (DOJ) published a white paper on the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act), which was enacted in March 2018 and amends the Stored Communications Act (SCA).  The white paper highlights that the CLOUD Act does not give U.S. law enforcement any new legal authority to acquire data.  Instead, it confirms an established principle that communications service providers subject to U.S. jurisdiction may be required to produce data in their possession or control pursuant to lawful process, regardless of whether the data is stored in the U.S. or abroad.  The white paper largely focuses on the CLOUD Act’s new concept of  bilateral “executive agreements,” which would facilitate data production between the U.S. and other countries in a way that augments (but does not supplant) existing mechanisms for resolving conflict-of-law issues, such as Mutual Legal Assistance Treaties and principles of international comity.  No such executive agreement has been executed to date.  Notably, the white paper clarifies that the CLOUD Act is “encryption neutral,” and does create any new authority for law enforcement to compel service providers to decrypt communications.  

DOJ news release | White Paper