Wyden Introduces Bill to Block Foreign Governments from Forcing U.S. Tech Firms to Weaken Security

Senator Ron Wyden has introduced the Global Trust in American Online Services Act, aiming to close loopholes in the CLOUD Act and protect Americans’ communications from foreign surveillance demands. The bill would prevent foreign governments from weakening U.S. tech products’ security and allow companies to challenge such orders in court. It also introduces Congressional oversight for CLOUD Act agreements and requires periodic reviews.

Wyden Introduces Bill to Block Foreign Governments from Forcing U.S. Tech Firms to Weaken Security

U.S. Senator Ron Wyden has introduced a draft bill called the Global Trust in American Online Services Act, aimed at enhancing the security of Americans’ communications by addressing loopholes in the existing CLOUD Act. The CLOUD Act, passed in 2018, allows foreign governments to request data directly from U.S. companies without going through the U.S. legal system, provided there is an agreement between the foreign government and the U.S. Justice Department. However, Wyden’s new bill seeks to fix the vulnerabilities created by this law, ensuring that U.S. companies can continue to protect their customers’ privacy while still cooperating with international law enforcement on serious crimes.

The bill was released in the wake of recent reports that the United Kingdom secretly directed Apple to weaken the encryption protecting iCloud backup services. This order, which bypassed U.S. oversight, raised concerns about the security risks posed by such direct foreign government demands. According to reports, the U.K. government’s ability to issue a surveillance order to Apple without any judicial oversight in the U.S. highlighted a critical flaw in the CLOUD Act. Senator Wyden, along with Representative Andy Biggs, has since called on the U.S. intelligence community to intervene, urging that the U.K. rescind the order, which they argue puts the security of American technology at risk.

The Global Trust in American Online Services Act seeks to modernize the CLOUD Act and address these issues by introducing several key reforms to protect Americans’ communications:

1. Protection Against Foreign Surveillance Demands: The bill would prevent foreign governments from using the CLOUD Act to demand U.S. tech companies alter their products or weaken their security. This includes barring foreign governments from requiring companies to design their products in ways that could make them more vulnerable to hacking, or from using U.S. technology firms to deliver malware to customers.
2. Court Challenges for Companies: The draft bill would allow U.S. companies to challenge foreign CLOUD Act orders in federal court, which would offer more oversight and protection for American companies facing potentially harmful demands from foreign governments.
3. Congressional Oversight and Approval: Under the proposed law, any agreement under the CLOUD Act would require Congressional approval. Currently, the mechanism for these agreements only allows for disapproval, making it difficult for lawmakers to influence such deals. The bill would also introduce a five-year expiration period for these agreements, requiring them to be reviewed and potentially renewed, ensuring ongoing oversight and accountability.
4. Global Trust and U.S. Competitiveness: Wyden’s bill emphasizes the need to maintain the global trust in U.S. technology companies by ensuring that foreign governments cannot force U.S. firms to compromise on security. This is important for maintaining the reputation of American companies and keeping the U.S. as a competitive and secure location for data storage and digital services.

The Global Trust in American Online Services Act addresses these concerns by modernizing the CLOUD Act to better balance international law enforcement needs with the protection of American citizens’ privacy. Wyden emphasized that the current law has created a loophole that allows foreign governments to bypass important U.S. legal processes, putting the security of Americans at risk and undermining the integrity of American companies’ products.

In his statement, Wyden said, “Foreign governments shouldn’t get a cheat code to undermine the security of American technology.” He argued that while it’s important for foreign governments to access data for legitimate law enforcement purposes, it should not come at the cost of weakening the security of American products, which would harm the country’s global standing in the tech industry.

The draft bill has garnered attention because it comes at a time when foreign governments, including the U.K., have been increasingly pressuring U.S. tech companies to comply with demands that might compromise the security of their products. The bill represents a significant step toward ensuring that American technology firms can continue to be leaders in secure digital services while also meeting the needs of law enforcement agencies around the world.

Overall, the Global Trust in American Online Services Act aims to close the security gaps left by the current CLOUD Act and protect the integrity of U.S. technology companies, while ensuring that law enforcement efforts are not hindered. If passed, it would represent a major shift in how foreign governments interact with U.S. companies in the realm of digital surveillance, ensuring greater accountability and oversight for surveillance demands that could affect the privacy and security of American citizens.