CLOUD Act passes in omnibus spending bill


FCW Staff Writer Derek Johnson and Joseph Marks, Cybersecurity Correspondent at Nextgov, discuss the latest cybersecurity stories out of Congress, such as the passing of the CLOUD Act, and a proposed State Department “bug bounty.”

Cybersecurity wasn’t a top priority in the omnibus spending bill. However, a few pieces of cyber legislation made it into the final act. The most notable is the CLOUD Act, which could change the way law enforcement obtains data from U.S citizens.

According to Derek Johnson, staff writer at FCW, the CLOUD Act is designed to answer an issue raised in the case United States v. Microsoft, currently hearing arguments at the Supreme Court. When data can be stored anywhere in the world, who has jurisdiction?

“The tension here is really that law enforcement organizations like the FBI want to be able to follow electronic leads wherever they may go and tech companies like Microsoft don’t want to be put into a position where to fulfill a warrant from one country… they are potentially violating the laws of the country where that data is stored,” said Johnson. “[The CLOUD Act] would do two things, allow the U.S. government, the executive branch to enter into two-way information sharing agreements with different countries that would allow each country to access their own citizens data when it crosses the other’s border, and it would also allow foreign law enforcement organizations to directly petition U.S. tech companies for their citizens data.”

Another cyber development on Congress’s radar is a bug bounty program. Representatives Ted Lieu (D-CA) and Ted Yoho (R-FL) have proposed letting security researchers look at the State Department’s systems and search for any vulnerabilities that could be exploited.

“Other than the old Technology Transformation Service out of GSA, no one on the civilian side of government has been eager to do this,” said Joseph Marks, Cybersecurity Correspondent at NextGov. “This is essentially an enforcement function, there’s no appropriations in the bill for this. I tweeted when this came out ‘Congress is just crazy about bug bounties right now.’ Information sharing was the big cyber thing in 2015, now it’s bug bounties.”