A new bill has been submitted to congress that could limit the access the US government has over data stored abroad. Senators Orrin Hatch, Chris Coons, and Dean Heller proposed the bill late last week, called the Law Enforcement Access to Data Stored Abroad Act (LEADS Act). It is an amendment of the Electronic Communications Privacy Act (ECPA). If passed would mean that the US government will not be able to have open access to a US person’s data that is stored overseas, even with a warrant. Rather, it will be at the discretion of the foreign government that is hosting the data to determine the legal protocol. According to the Center for Democracy & Technology (CDT), the definition of U.S. person would extend to a U.S. citizen, U.S. corporation, or permanent resident alien. You can read the full bill in this PDF.
Senator Chris Coons, who is a Delaware Democrat and one of the three who proposed the bill is quoted as saying, “The government’s position that ECPA warrants do apply abroad puts U.S. cloud providers in the position of having to break the privacy laws of foreign countries in which they do business in order to comply with U.S. law…This not only hurts our businesses’ competitiveness and costs American jobs, but it also invites reciprocal treatment by our international trading partners.”
The catalyst for this move is largely attributed to a standoff between technology giant Microsoft, and the US government earlier this month. Microsoft was held in contempt of court for failing to produce customer emails requested by the government that were being stored in their Dublin datacenters, despite receiving a federally-issued warrant to do so. Despite the backlash from the US government over this decision, having acted otherwise Microsoft may have been in violation of both Irish and European laws at having disclosed a user’s data across countries’ boundaries without their consent. Europe is becoming increasingly strict on customers rites over their private data.