CLOUD Act

Background

The explosive growth of Internet-based communications and cloud based computing has resulted in most ‘domestic’ communications crossing borders, with many popular providers being based in the United States. Canada’s legal mechanisms for timely access to data held in foreign jurisdictions for criminal and national security investigations are insufficient to deal with this issue.

Law enforcement and CSIS obtain judicial authorizations to search a computer or intercept communications. As more and more communications services are based outside of Canada, the ability of law enforcement and national security agencies [Redacted], as Canadian courts do not have jurisdiction to issue orders against companies located outside of Canada. Currently, to obtain data directly from providers outside of Canada, law enforcement can make use of Mutual Legal Assistance (MLA) treaties for access to stored data. However, this presents challenges as the process can be lengthy, and, MLA is ill equipped to handle the volume of cross-border requests in the Internet era. More critically, MLA treaties can only be used by law enforcement, not CSIS. [Redacted]

Status

The US passed the CLOUD Act in March 2018, has recently signed the first agreement under the Act with the UK, and is interested in negotiating an agreement with Canada. Official negotiations have also been launched with the EU and Australia. [Redacted]

Considerations

[Redacted]

Stakeholder Perspectives

The private sector in the US has been supportive of the CLOUD Act model. Most major US providers such as Google, Apple, and Facebook have endorsed it. As the CLOUD Act model is based on voluntary cooperation, the support of these companies is crucial. In August 2018, the Canadian Association of Chiefs of Police expressed support for Canada entering negotiations with the US with the aim of concluding a CLOUD Act agreement. [Redacted]

Next Steps

[Redacted]

Date modified: