The United Kingdom is in an ongoing battle with its citizens over the question of surveillance. Now, Americans’ personal information may be caught in the British surveillance net as well, without a judge ever issuing a warrant.
An appellate court ruled earlier this year that the nation had ducked European Union law under the Data Retention and Investigatory Powers Act by allowing the government access to British citizens’ web activity and phone records, without any suspicion of criminal activity or a warrant, and without independent oversight. British citizens also speak openly about the number of cameras filling their island, with one organization counting one surveillance camera for every 11 people.
While the British love affair with public surveillance is good for keeping eyes on terror suspects, they’re also bound to catch you getting a Glasgow handshake or losing your guts outside a smelly dive in South London. But now recent events threaten to catch U.S. citizens up into Britain’s ineluctable snoop-net, thanks to the passage of a law giving U.K. officials unconstitutional access to Americans’ personal data without having to get a warrant, according to human rights groups.
Organizations including the Electronic Frontier Foundation, Human Rights Watch, Access Now, Fight for the Future, and Demand Progress have come out against the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), signed into law by President Donald Trump in March. The law empowers foreign law enforcement agencies to order U.S. tech companies to harvest data about individual users without a warrant, as long as the search target is not a U.S. citizen or resident. Supporters of the law include corporate giants like Google, Facebook and Apple, among others.
Even though the law does not directly trawl the information of U.S. residents, it does include their conversations with overseas friends and acquaintances. According to the Electronic Frontier Foundation, London investigators could demand the conversations or messages of any Brit’s correspondence with an American through compliant communication software, like Slack or Facebook –and they can do it without judicial review. They wouldn’t even have to notify U.S. law enforcement of the collection, and would require no probable cause warrant.
“Those messages could be read, stored, and potentially shared, all without the U.S. person knowing about it,” the organization states. “Those messages could be used to criminally charge the U.S. person with potentially unrelated crimes, too.”
Sarah St. Vincent, a researcher on U.S. surveillance at Humans Rights Watch, says the international agreement ultimately allows authorities in both the U.S. and U.K. to make an end run around the 14th Amendment.
“The CLOUD Act explicitly allows the U.K. to get data about Americans and then pass it back to U.S. authorities if they think it could be potentially related to a crime,” St. Vincent told Grit Post. “Any time a government body is collecting private data about us—be it the U.K. authorities or U.S. law enforcement getting it from a wiretap, or a partner like the U.K.—that creates rights abuse, and there needs to be strong safeguards to prevent that. You don’t want law enforcement looking at your data for inappropriate reasons, or for discriminatory reasons, and there needs to be sufficient transparency and oversight to prevent those things.”
St. Vincent added that the information could easily be used to target journalists and whistleblowers who authorities may consider meddlesome and inconvenient. She said the resulting pool of personal information will also present a high-priority target to criminal hackers seeking to exploit it.
“It’s really important for laws to set out exactly what safeguards are going to be in place, how they’re going to work and who’s going to make sure that they’re being implemented,” she said.