In the future, it will be up to both nations to show that such an agreement actually protects privacy and civil liberties. Many details on how the deal works in practice remain to be seen, including the standards of proof for the UK, to seek injunctions, restrictions on wiretapping and whether there are sufficient safeguards to prevent privacy violations against the citizens of each country. ==individual evidence==== individual supporting documents == Bilateral data access agreement can serve as a useful model for both the United States and other countries when considering how best to implement cross-border data exchange. It shows how nations can use a combination of their national laws and the language of the CLOUD Act to conclude agreements that meet their minimum standards, at least on paper. In summary, this new agreement contains a range of privacy and civil liberties safeguards that go beyond the text of the CLOUD Act, some of which are similar to those we are proposing here and here. As soon as the agreement is forwarded to Congress, probably this week, Congress will have 180 days to consider the text. We hope that those with a wide range of perspectives will carefully consider the agreement, both in terms of its impact on UK investigations and as a model for future CLOUD Act executive agreements. On October 3, 2019, the United States and the United Kingdom entered into a first executive agreement under the CLOUD Act. The text of the agreement was published on 7 October 2019. For a good overview of the provisions of the agreement, Jennifer Daskal and Peter Swire have published a summary on Lawfare, in which they have identified some surprising provisions and others that fall a little flat.
But there is a serious error in the agreement that has not been discussed – it allows either the United States or the United Kingdom to require a covered provider to intercept a user who is not in the United States or the United Kingdom, but in a third country, without the agreement of that sovereign nation and perhaps even without its knowledge. However, we are also concerned that the safeguards provided for in this CLOUD Act agreement will serve as a model for future agreements, including in cases where data protection standards are even more lacking. In such cases, additional safeguard measures incorporated into an agreement itself are all the more crucial. Just before the deal was signed, the Sunday Times, a British newspaper, reported that the deal would require service providers such as WhatsApp and Facebook to decrypt messages in accordance with a government order. That story turned out to be false — but on the same day that the U.S. and the U.K. signed the deal and also issued a joint letter with Australia asking Facebook to refrain from a plan to introduce end-to-end encryption into its messaging systems. This is in line with the language of the CLOUD Act, according to which any changes to the Decryption Directive are due to separate agreements or changes in national legislation.
 Press Release, US And UK Signs Pioneering Agreement on Cross-Border Access to Data to Fight Online Criminals and Terrorists (Oct. . . .