Civil Liberties Groups Say DOJ Legislative Proposal With UK Would Endanger Privacy Rights
Civil liberties activists Monday railed against an Obama administration legislative proposal to establish a reciprocal agreement enabling British authorities to directly request electronic data for serious criminal investigations from U.S. companies without going through an existing international legal process. They said the proposal, which could be used as a model agreement with other countries, wouldn't protect the civil liberties and privacy of people as DOJ asserted but would expand government surveillance. One professor was supportive of the proposal.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
“The proposal weakens existing privacy protections for Americans and citizens around [the] world," said American Civil Liberties Union Legislative Counsel Neema Singh Guliani in an emailed statement Monday. "It would wrongly allow governments to access some types of Americans' communications without a warrant or other critical legal protections. We urge Congress to reject such changes." She said the alternative would be to improve the mutual legal assistance treaty (MLAT) process or to come up with another one without weakening the existing protections for people. ACLU staff attorney Eliza Sweren-Becker wrote a long blog post about the problems.
Greg Nojeim, Center for Democracy & Technology director-Freedom, Security and Technology project, told us that Congress and other countries must do something to address the cross-border law enforcement demands for data and the current status quo isn't going to hold. While he said bilateral agreements might be part of a solution if sufficient civil liberties are incorporated, DOJ's specific proposal falls far short of that. He said it's unlikely this proposal will go anywhere this session given the legislative calendar, but it likely will be proposed next year.
Bijan Madhani, Computer and Communications Industry Association public policy and regulatory counsel, emailed that since the language was proposed Friday, CCIA hasn't had a chance to fully examine it with members. "At first glance, we appreciate that privacy and civil liberties protections are a key criteria for future bilateral information sharing agreements, but the devil is always in the details," he wrote. "This proposal is an important step, and we look forward to working with Congress and the Administration to ensure that any mechanisms that attempt to resolve the issue of cross-border requests are robust, transparent, and protective of users' rights.”
“This is a very big deal,” said University of Kentucky College of Law professor Andrew Woods in an email. “The world's data is largely controlled by American firms -- many of whom allege to store customer data in the US, where US law applies. This means that an Indian police officer, investigating a crime in Mumbai, must go through the laborious and inefficient MLAT process to get evidence about a routine law enforcement matter. The same goes for Brazil, Europe, and so on. The US is simply not capable of managing requests for mutual legal process in a timely manner -- nor should the US be the gatekeeper of the world's criminal evidence.”
Something will have to change, whether it’s a “thoughtful reform to conflicting laws” like the DOJ proposal or data localization efforts where countries demand their citizens’ data be stored locally, said Woods. And while DOJ has gotten funding for improving the MLAT process, “the reforms will never keep up with the requests that are coming in,” he added.
The Washington Post reported in February that such a proposal was in the works (see 1602240024), but DOJ didn't lay it out until Friday in a letter addressed to Vice President Joe Biden. The proposal -- also discussed by panelists, including Nojeim and Woods, during a Congressional Internet Caucus event Friday -- came a day after the U.S. government lost a federal appeals case trying to force Microsoft to turn over a customer's emails stored in Ireland (see 1607140071). The proposal would allow the U.K. government to directly seek electronic information about the target of a serious criminal investigation, including terrorism, from a U.S. electronic communications provider such as Google or Microsoft without going through the MLAT, which is widely considered as onerous, time-consuming and labor intensive. The bilateral agreement would also enable U.S. authorities to have the same powers in the U.K.
The MLAT process “typically takes months to process such requests and foreign governments often struggle to understand and comply with U.S. legal standards for obtaining data, particularly content, for use in their investigations and prosecutions,” said DOJ’s letter. The agency said several existing challenges, including data localization requirements, could weaken privacy protections and make it harder for the U.S. to get access to data for investigations. Congress would need to change language in the Electronic Communications Privacy Act to allow companies to disclose electronic communications and data to foreign governments without violating the law.
DOJ said its legislative proposal would address such issues and could be duplicated with other countries and provide “robust” civil liberties and privacy rights. It would require the attorney general and secretary of state “to determine and certify to Congress that foreign partners have met obligations and commitments designed to protect” such rights. A court, judge, magistrate or independent authority would review foreign orders, which would not be permitted to target U.S. persons anywhere or individuals located in the U.S., the proposal added.
Woods said the proposed agreement enables the British government to apply its own law. So, instead of asking whether a request for evidence meets an American standard, he said the question is whether it meets a British standard -- and vice versa for U.S. requests to UK providers. “If the UK standard is weaker than the US standard -- and it may be -- it's still the right thing to do long term,” he added. “If countries can't enforce their own laws within their borders because American law gets in the way, they will look for other avenues to get the data -- much more destructive avenues like data localization, surveillance, and anti-encryption measures.”
But Nojeim said CDT considers this issue significant in the context of human rights. "First, [the proposal] goes well beyond MLAT process by authorizing, for the first time, foreign governments to do wire tapping in the United States," he said. "This is not about fixing MLATs. This is about expanding surveillance capability. Second, the Department of Justice could put itself in the position as decider as to whether an agreement should be entered into with a foreign country because its human rights records and surveillance laws are sufficient.”
Justice promises to incorporate civil liberties protections "ring hollow," Nojeim said. Political concerns rather than an objective assessment could determine whether the U.S. should enter into such a bilateral agreement, he said. “For example does the U.S. want to use a military base in the country in order to conduct its operations? If yes, maybe there would be an agreement with that country as a favor.”