Patching the U.K.’s Zero-Day Security Exploit With the U.S.-U.K. CLOUD Act Agreement
A built-in safety valve in the U.S.–U.K. CLOUD Act agreement can protect U.S. cybersecurity and the agreement itself.

Published by The Lawfare Institute
in Cooperation With
Recent reports about the U.K.’s secret efforts to compel Apple to globally disable security features in support of its surveillance regime have rightly alarmed U.S. policymakers across the political spectrum, including President Trump. A foreign government that secretly compels a U.S. service provider to weaken its security or to block global improvements undermines U.S. governmental interests in maintaining a secure and resilient communications and network ecosystem, protecting data privacy, and preserving the commercial attractiveness of American companies in an increasingly competitive world. Alarming as the situation is, the United States has a well-suited tool to confront this security vulnerability at the ready: the CLOUD Act framework.
When Sen. Orrin Hatch (R-Utah) spoke on the Senate floor about the need for the CLOUD Act before its enactment in 2018, he urged the United States to establish a global network of bilateral agreements under the landmark legislation. He observed that doing so is critical for many reasons, including to strengthen data security of users worldwide. In the year following passage of the bill, the U.S. entered into an agreement with the U.K., which is widely seen as useful, if imperfect, by the U.S. Department of Justice, U.K. officials, and commentators.
Even if the U.K. withdraws the request to Apple, a possibility that has been reported, it’s conceivable that the U.K. tries again or that other countries follow a similar path. With a few surgical changes to the statute, as has been proposed, including at a hearing in Congress, the CLOUD Act can address the U.K.’s reported actions as well as potential similar moves by other foreign governments. Legislation of course takes time, even when there is agreement across the aisle. Meanwhile, the U.S. can expeditiously mitigate the existing and future risks associated with the U.K.’s actions by invoking the emergency break that was built into Article 12.3 of the U.S.-U.K. agreement. Exercising Article 12.3 of the agreement would disincentivize the U.K. from enforcing existing or issuing new technical demands, allowing this important agreement to remain intact and in operation while Congress pursues statutory solutions that would apply to all CLOUD Act agreements.
CLOUD Act Essentials
The CLOUD Act provisions at issue here were designed to reduce problems caused by U.S. “blocking statutes.” Before the act, U.S. service providers could be prohibited from disclosing certain user data in response to foreign government-issued legal process, even when the request came from a rule-of-law jurisdiction in a case that all would recognize as serious and legitimate. Countries instead had to rely on diplomatic mechanisms like mutual legal assistance treaties, which are famously slow, leaving them ill-suited for some fast-moving investigations. With few realistic options, jurisdictions may turn to unilateral measures, including tactics that undermine cybersecurity.
The CLOUD Act addresses this by conditionally lifting the blocking statutes for any country that qualifies for and signs an executive agreement with the United States. To qualify, a country must demonstrate respect for civil liberties and due process, among other requirements. Once an agreement is in place, U.S. providers may honor data requests from that country without running afoul of the U.S. blocking statutes. As Sen. Hatch observed when introducing the bill, for the CLOUD Act to effectively address this issue worldwide, there need to be many agreements. Most of the vision that Sen. Hatch and the co-sponsors of the act enunciated remains very much in reach if the U.S. moves to enter into more agreements.
To advance the legislative goal of protecting the security of data, and encryption in particular, the CLOUD Act stipulates that an agreement “shall not create any obligation that providers be capable of decrypting data or limitation that prevents providers from decrypting data.” Although this provision has been characterized as “encryption neutral” by the U.S. Department of Justice, Congress intended it to preserve the ability of providers to protect data security through encryption, as the comments of Sen. Hatch reflect.
That the provision didn’t go further hardly makes it neutral. There’s a like requirement in the statute that says an order issued by the foreign government under an agreement may not be used to infringe freedom of speech; that doesn’t support a conclusion that the public policy of the United States is neutral as to free speech. The reported action by the U.K. seeking to require Apple to remove encryption from one of its products puts this security goal in peril.
The concerns about the security of cloud services have only grown stronger in the years since the statute was enacted, driven by an increased reliance on cloud services and a series of high-profile incidents. These include the SolarWinds supply-chain compromise (2020), the Log4Shell vulnerability affecting major cloud providers (2021), the Colonial Pipeline ransomware attack (2021), the MOVEit software-as-a-service breach (2023), the so-called typhoon attacks, including the Salt Typhoon campaign in which Chinese state actors exploited Microsoft’s cloud-based authentication systems to obtain communications of senior U.S. officials (2024), the U.S. Treasury breach via a cloud vendor (2024), and the Microsoft SharePoint breach involving foreign access to Department of Defense systems (2025), among many others.
The CLOUD Act Agreement Between the United States and the United Kingdom
Because the U.S. and the U.K. have a CLOUD Act agreement, the U.K. can issue, directly to U.S. providers, requests that comply with the terms of the agreement. The existence of the agreement means that providers may disclose the requested information without being in violation of the blocking statutes. The U.K. has availed itself of this arrangement, issuing over 20,000 requests as of October 2024.
Consequently, if the U.K. were successful in requiring a U.S. provider to remove security from a product (for example, by building in a backdoor to data that would otherwise be end-to-end encrypted), the U.K. could use the agreement to request the now-vulnerable data from the U.S. provider directly. The agreement itself, however, includes a safeguard mechanism that allows the U.S. to protect data from foreign efforts to undermine the security and privacy protections provided by American companies.
Specifically, the agreement has a provision that either the U.S. or the U.K. can invoke to resolve concerns about implementation or disputes, and if not resolved to its satisfaction, to exclude categories of requests from the scope of the agreement. The pertinent provision is Article 12.3:
In the event that the Parties are unable to resolve a concern about the implementation of this Agreement or a dispute, either Party may conclude that the Agreement may not be invoked with respect to an identified category of Legal Process, including Legal Process that are issued on or after a particular date. Notification of that conclusion must be sent by the Designated Authority of the Party that has so concluded to the Designated Authority of the other Party. The notified Party shall not invoke the Agreement with respect to any Legal Process within the identified category upon receipt of such notification. Such a conclusion may be revoked at any time, in whole or in part, by the Party that reached the conclusion through a notification of the revocation to the other Party’s Designated Authority. Any data produced to the Issuing Party shall continue to be subject to the conditions and safeguards, including minimization procedures, set forth in this Agreement.
This open-ended provision gives either the U.S. or the U.K. the opportunity to exercise oversight over the other’s use of the agreement. A party may identify a “concern” that it believes has arisen in the course of implementation, or the existence of “a dispute.” In this instance, there already is substantial evidence in bipartisan congressional and executive statements of the level of U.S. disquiet about the U.K. order to Apple.
Invocation of Article 12.3 as a Stopgap Measure
The U.S. thus may invoke Article 12.3 of the agreement to determine, either by agreement with the U.K. or through a unilateral conclusion, that the U.K. may not use the CLOUD Act agreement to seek data from any U.S. provider on which it is attempting to impose, or has imposed, restrictions on security or privacy features, or mandates that the provider build capabilities for the U.K. to surveil customers. U.K. law enforcement and intelligence agencies therefore could benefit from surveillance capabilities mandates only to the extent that such obligations are imposed on American companies by U.S. law.
Exercising Article 12.3 in this manner ensures that the U.K. could not circumvent the U.S. democratic process or override the considered choices made by elected representatives in the United States by requiring those companies to adopt additional or broader surveillance capabilities beyond what U.S. law mandates. Such an understanding could be memorialized in a diplomatic note, acknowledged by the United Kingdom, and forming an integral part of the agreement.
There are several ways to define the scope of this exercise of exclusion authority. One possible approach is to define the scope in terms of the particular legal provisions under U.K. law that the Apple case identified as problematic. For example:
The Agreement may not be invoked with respect to Legal Process issued to any Covered Provider, as defined in this Agreement, to whom the U.K. has issued a Technical Capability Notice under S.253 of the Investigatory Powers Act 2016, a Notification Notice under §21 (Eng.) of the Investigatory Powers (Amendment) Act 2024 (IPA, §258A), or a National Security Notice.
A drawback of this approach is that by singling out only specific provisions of U.K. law, it would not affect other sources of U.K. authority, fail to account for the possibility that the substantive provisions are relocated elsewhere in the U.K. law, nor address authorities that the U.K. might adopt in the future.
Another approach is to phrase the preclusion in terms of the types of mandates that are disqualifying. Here’s one possible articulation:
Cybersecurity is an essential national interest of the United States. The Agreement may not be invoked with respect to any Covered Provider, as that term is defined in this Agreement, on which the U.K. has imposed or is attempting to impose a standing or ad hoc requirement that such Covered Provider:
- disable any measure, technical or non-technical, to protect or promote the resilience, privacy, confidentiality, integrity, or availability of data, devices, systems, or services;
- give prior notice of or withhold implementing any measure, technical or non-technical, to protect or promote the resilience, privacy, confidentiality, integrity, or availability of data, devices, systems, or services; or
- provide technical assistance to enable or facilitate the acquisition, interception, monitoring, collection, retrieval, or preservation of Covered Data, as that term is defined in this Agreement, or to render Covered Data intelligible or usable.
This second approach could be useful to include in the other existing CLOUD Act agreement, with Australia. This is important for consistency across agreements, and, because Australia has its own technical assistance legislation, this clause could deter use of that power against American companies. The clause could also be incorporated in some fashion into future U.S. CLOUD Act agreements. For example, the U.S. and Canada have begun CLOUD Act agreement negotiations. Canada is currently considering the Supporting Authorized Access to Information Act (part 15 of the larger Strong Borders Act), which would authorize its criminal investigative agencies and intelligence services to secretly impose potentially sweeping surveillance capability obligations on service providers, including American companies.
By describing the type of conduct that is prohibited, as opposed to listing specific legislative provisions, the language is immune to the adoption of problematic decryption and capability authorities by CLOUD Act signatories in the future. This suggested formulation can also guide the crafting of U.S. legislation amending the CLOUD Act.
Drafting choices aside, Article 12.3 gives the U.S. an expedient tool very well-suited in the short term to protect its cybersecurity interests, global users of U.S. technology providers, and the commercial attractiveness of American companies in an increasingly competitive environment.
***
The CLOUD Act model is valuable and must be expanded to many more countries. It serves law enforcement interests in allowing criminal investigators access to data, while also preserving privacy and security.
The United States should not treat this issue with the U.K. as a one-off. The same issues could arise with Australia and conceivably could come up in the negotiation or application of future agreements, for example, with Canada and the European Union. Consequently, the United States needs a systemic solution through an amendment to the CLOUD Act that would prevent security-compromising measures in agreements.
In the meantime, exercising Article 12.3 with the U.K. as proposed will serve the immediate need to protect U.S. providers from U.K. measures undermining fundamental encryption protections, keep this important and valuable agreement in place, signal to others that the U.S. government will not tolerate demands that U.S. providers weaken their data security, and lay the groundwork for the long-term adoption of CLOUD Act agreements.