Legislation Changes: Keeping up with Data Security in the U.S.

In today’s technical blog, we breakdown key pieces of legislation into bitesize chunks that define how the United States government gathers intelligence and investigates electronic communication at home and abroad affects your data privacy.

Legislation changes: Keeping up with Data Security in the U.S.


What is the USA PATRIOT Act?

The Patriot Act was a legislative act passed by the U.S. government one month after the attacks of September 11th in 2001.  It stands for ‘Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act’.

Why was it Enacted?

The Patriot Act was in response to threats to U.S. domestic security to enable law enforcement agencies greater powers in regard to identifying and stopping terrorist activity in the wake of 9/11.

What does the Patriot Act Mean for Data Security?

The Patriot Act was controversial as Section 215, allowed intelligence and law enforcement agencies to obtain records of someone’s communications, for example, phone calls or email records, that were linked to terrorism or government spying. It also enabled the U.S government to access international data stored by American companies, for example, in cloud computing.

In June 2013, the Guardian newspaper in an investigative report with former NSA(National Security Agency) contractor Edward Snowden reported that the U.S. government had been using Section 215 to gather the mass metadata of U.S. citizens in bulk. This data uncovered by journalists working for the Guardian, the New York Times and ProPublica revealed that the NSA in the U.S. and GCHA (The Government Communications Headquarters) in the UK had undermined via their “Bullrun” programme, encryption used to protect emails, banking and medical records. The $250 million-a-year programme worked covertly with tech companies to insert weakness into their products,” commercial encryption systems”.

How does the USA Patriot Act Currently Affect our Data?

Controversial provisions to this legislation, which included bulk surveillance, expired in 2015 but were adopted as in part or completely by 2015’s USA Freedom act.

2: The USA Freedom Act

What is the USA Freedom Act?

The USA Freedom Act is short for the “Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-Collection and Online Monitoring Act “in full, is legislation designed to place stricter limits on NSA surveillance. It was signed into law by Barack Obama on June 2, 2015.

Why was it Enacted?

The USA Freedom Act was passed by Congress after many controversial provisions of the USA Patriot Act expired in 2015. It was also party in response of the efforts of whistle-blower Edward Snowden who triggered an avalanche of debate about deeply entrenched government interests.

What does the USA Freedom Act mean for Data Security?

The Freedom Act limits the surveillance government agencies can carry out, as previously allowed under the USA Patriot Act. It has been lauded as the most significant surveillance reform since 1978.

However, the act still retains essentially the same provisions as the Patriot Act excluding Section 215. The NSA reported that it collected under the “specific selection term”  more than half a billion records of  metadata in 2017. NSA programmes such as PRISM, the controversial programme which allows U.S. authorities access to private user data both in the U.S. and abroad and Bullrun, designed to undermine encryption standards both nationally and internationally were not reformed.

How does the USA Freedom Act currently affect our data?

The legislation extends until December 15 2019.

3: The Cloud Act 

What is the Cloud Act?

The Cloud Act is known as the Clarifying Lawful Overseas Use of Data (CLOUD) Act. It was passed by Congress and signed into law by Donald Trump on March 23rd this year.

Why was it Enacted?

The main purpose of the Cloud Act is to make it easier for U.S. officials to obtain permission to access internationally stored electronic data and enables foreign law enforcement agencies to access data stored on U.S. companies’ servers.  The legislation prevents cloud hosts from denying warrants for data overseas. The legislation was partly a response to efforts by the U.S. investigators to obtain e-mails from a U.S. suspect who was resident in Ireland at that time. The emails that were stored in an Irish data centre owned by Microsoft, who argued that the emails were therefore not subject to U.S. law.

What does the Cloud Act Mean for Data Security?

Put simply, the legislation states that tech and cloud computing companies must comply  with official demands for data regardless of their location. It also allows the president of the U.S. to enter into agreements with other nations for the explicit purpose of exchanging stored data.

How does the USA Patriot Act Currently Affect our Data?

This law enables U.S. investigators to demand information about foreign nationals (not just U.S. citizens), provided it was held on an overseas server controlled by a US company.

About DiliTrust

Our technology is compatible with your privacy. As a French owned company, your private data is stored in Canada, the UAE and in France and therefore is not subject to the above U.S. legislation. Your data stays your own with our software solutions. No American company can guarantee you that claim.

Contact us today to learn more about our secure data sharing solutions.