On March 24, 2025, the Federal Risk and Authorization Management Program (FedRAMP) unveiled “FedRAMP 20x,” a proposal to make FedRAMP more efficient by automating FedRAMP security assessments and continuous monitoring, simplifying required technical controls, and leaning on industry to provide tooling and solutions to support automation. Continue Reading FedRAMP 20x: Proposed Framework Aims To Increase Automation and Efficiency
Can U.S. law enforcement reach data stored oversees by using a warrant under the Stored Communications Act, 18 U.S.C. § 2701, et seq.? Until the Supreme Court decides the issue, which may happen next term, the answer is: it depends where the government applied for the warrant.
Over the last few years, U.S.-based technology companies have been increasingly resisting warrants under the Stored Communications Act for data those companies store oversees. These warrants, they claim, represent an extraterritorial application of the law, which Congress has never permitted.
Traditionally, if the government has probable cause to believe that a person’s email account contains evidence of a crime, and a federal magistrate judge agrees, a warrant would issue directing the email service provider to turn over those emails to the government. But data is increasingly stored in the “cloud.” And, as it turns out, the “cloud” consists of server farms located all over the world. Companies like Microsoft, Google, Amazon, Facebook, and Apple now host large quantities of data abroad, raising complicated jurisdictional questions.Continue Reading DOJ Asks Supreme Court to Resolve Split Over Its Ability to Compel Foreign Records