It's weird how people here react to the CLOUD Act. The CLOUD Act contains two provisions.

One provision relates to MLATs (mutual legal assistance treaties). An MLAT is an agreement between countries to cooperate on gathering and exchanging information to enforce laws. For example an MLAT might provide a way for police from one country to go to another country to interrogate a suspect who resides in that other country.

The CLOUD Act provided a way for the executive branch to enter into bi-lateral MLATs for data exchange as long as the Attorney General and the Secretary of State agreed that the foreign country had sufficient data access protections for data it received related to US citizens.

Before this entering into an MLAT was done the same way as any other treaty. The executive would negotiate the terms, then the President would sign, then the Senate would vote, and if 2/3s of the Senators voted to ratify the President could then ratify the treaty and exchange instruments of ratification with the other country. Only at that point did the MLAT actually go into effect.

This provision makes it much easier to enter into MLATs for data sharing and it can be done entirely by the executive branch. That's a massively lower barrier than requiring a 2/3 Senate vote.

It was this expansion of MLATs that drew most of the opposition to the CLOUD Act from several major civil rights groups.

Yet I almost never see this aspect of the CLOUD Act come up here. Nearly every time it comes up it is over the other provision.

The other provision said that if a warrant or subpoena asks a US company for data that it possesses or controls it had to provide that data regardless of where it actually is storing the data.

That's how it works for physical documents. For example if I'm in Los Angeles and own two physical documents, one of which is in my vacation house in Florida and the other in my vacation house in France, and a US court orders me to turn over those documents (or copies of them), I have to.

I won't be able to successfully resist by saying the one in France is outside the jurisdiction of the court. That's because the court is not asking France for the document, or trying to order anyone outside the US to do anything. It is ordering me to produce the document, which I can do simply by calling my French housekeeper and asking them to get the document and mail it to me.

Asking my French housekeeper to mail me a document I own from my French vacation house is something legal for me to do. I probably even routinely ship documents to and from France.

If you think about it, it pretty much has to work this other. Otherwise any company that wanted to hide anything from regulators could simply ship any possibly incriminating documents they have but cannot legally destroy to a document storage service in another country once they are no longer actively using them.

As far as I know this has never been controversial.

All the CLOUD Act provision on warrants and subpoenas does is say that digital documents work the same way physical documents do.

It is probably actually more important that digital documents work this way than it is for physical documents. With physical documents if I store them in another country they then it is a hassle if I ever need to work with them.

With digital documents it is easy to store everything in another country and instantly make a local copy when I need to work with a document, and when I'm done working save any changes back to the foreign storage and delete local copies.

I'm reasonably sure most other countries either have something equivalent to this part or they have laws that prevent companies in the country from storing documents outside the country. Otherwise it would be standard procedure for companies in the country to store all their digital data outside the country, ideally somewhere that does not have an MLAT with their home country. That way as long as they did nothing that drew the attention of regulators or law enforcement in that other country their documents would be out of reach of their home country regulators.