The point of setting it up as a German legal entity with US AWS having no special access is to avoid that.
All the relevant part of the CLOUD Act does is make it so when a US legal entity is asked to provide data that it controls it doesn't matter where it has stored that data. For example suppose I run an online forum. I decide to archive some records to cloud storage and remove my local copies.
I archive some of them to AWS in the US. I archive some more to a cloud provider that is in some other country and does not have any US data centers or offer services in the US (I'm going through a VPN with an endpoint in their country so they only see me using a local to them IP, and I pay via some method that doesn't tip them off that I'm American).
I get legally ordered to give copies of those archived records to law enforcement. Under the CLOUD Act I have to retrieve copies from both cloud providers and turn those over.
Note that from the foreign cloud provider's point of view nothing unusual is happening. All they see is a customer retrieving some data that that the customer previously put there, using the normal APIs that are provided for customers to do that with. They have no idea why the customer is retrieving the data.
From the way they are describing it in the article and in their FAQ at https://aws.eu/faq/ it sounds like they are setting up a German company and giving that company the rights to use a bunch of AWS technology which will be run on infrastructure owned and operated by the German company and with no operational access for US AWS. That would make it pretty much equivalent to the foreign cloud service in the example above.
The reason earlier I said "relevant part of the CLOUD Act" is that it actually did two things. One is what is described above, which for some reason is what most people focus on even though it wasn't very controversial.
The other part, which is what most opposition was over, concerned "mutual legal assistance treaties" (MLATs). These are agreements between countries to, as you might guess from the name, assist each other in law enforcement. The CLOUD Act made it so MLATs could be created through executive agreements, just requiring the Attorney General and the Secretary of State to agree that the other country had protections in place to protect US citizens.
Before the CLOUD Act MLATs were created by the executive branch negotiating the terms and then the agreement had to be ratified as a treaty by Congress, so this was a huge change.
Ofcourse the real issue that every American is a potential CIA spy. We know this from history.
Its really not that different from China. Every American will always cooperate like a good little patriot. I don't even blame them for it that is how they are brought up.
All the relevant part of the CLOUD Act does is make it so when a US legal entity is asked to provide data that it controls it doesn't matter where it has stored that data. For example suppose I run an online forum. I decide to archive some records to cloud storage and remove my local copies.
I archive some of them to AWS in the US. I archive some more to a cloud provider that is in some other country and does not have any US data centers or offer services in the US (I'm going through a VPN with an endpoint in their country so they only see me using a local to them IP, and I pay via some method that doesn't tip them off that I'm American).
I get legally ordered to give copies of those archived records to law enforcement. Under the CLOUD Act I have to retrieve copies from both cloud providers and turn those over.
Note that from the foreign cloud provider's point of view nothing unusual is happening. All they see is a customer retrieving some data that that the customer previously put there, using the normal APIs that are provided for customers to do that with. They have no idea why the customer is retrieving the data.
From the way they are describing it in the article and in their FAQ at https://aws.eu/faq/ it sounds like they are setting up a German company and giving that company the rights to use a bunch of AWS technology which will be run on infrastructure owned and operated by the German company and with no operational access for US AWS. That would make it pretty much equivalent to the foreign cloud service in the example above.
The reason earlier I said "relevant part of the CLOUD Act" is that it actually did two things. One is what is described above, which for some reason is what most people focus on even though it wasn't very controversial.
The other part, which is what most opposition was over, concerned "mutual legal assistance treaties" (MLATs). These are agreements between countries to, as you might guess from the name, assist each other in law enforcement. The CLOUD Act made it so MLATs could be created through executive agreements, just requiring the Attorney General and the Secretary of State to agree that the other country had protections in place to protect US citizens.
Before the CLOUD Act MLATs were created by the executive branch negotiating the terms and then the agreement had to be ratified as a treaty by Congress, so this was a huge change.