Government Affairs Blog

July 21, 2017

SHOULD CONGRESS RESTORE THE POWER OF US LAW ENFORCEMENT TO COLLECT COMMUNICATIONS CONTENT STORED ABROAD?

Last year a US appeals court decision interpreted a federal statute in a manner that stopped American law enforcement agencies from using judicial warrants to gather communication content stored abroad. Certain congressmen responded with proposed legislation to restore the status quo meaning of the law. What does the bill propose, and would it fairly balance the interests of public safety, subscriber privacy, and the needs of communication service providers (CSPs)?

The Microsoft/Ireland Case

In 2016 the Second Circuit Court of Appeals handed down a decision that changed law enforcement practices during investigations of communications data. The FBI had served Microsoft with a judicially-approved warrant to gather certain emails of an American criminal suspect using Microsoft’s email service. Microsoft refused to comply with the due process on the grounds that the Microsoft data center containing the targeted emails was located in Ireland, a place outside US jurisdiction. The Second Circuit agreed with Microsoft that the warrant lacked extraterritorial reach.

Since then, four other courts issued rulings upholding the law as understood before the Microsoft/Ireland case. The judges stated that because the FBI-targeted emails would be disclosed in the US, not Ireland, the authorizing warrant did not reach foreign soil.

The International Communications Privacy Act

A group of senators and congressmen also acted to restore the status quo meaning of the warrant law. They introduced the International Communications Privacy Act (ICPA) in the House of Representatives as HR 5323 and in the Senate as S. 2986. The ICPA recently underwent hearings in the House and Senate judiciary committees.

To begin with, the ICPA would amend the Electronic Communications Privacy Act (ECPA) by authorizing warrants for communication content based on the nature of the suspect as opposed to the location of the content storage site. If the suspect is a US citizen or someone in the US, the warrant would be approved, regardless of where the person’s data happens to be stored.

The ICPA’s next step is more ambitious. It would permit a system of warrant reciprocity between the US and other countries willing to sign “law enforcement cooperation agreements” (Cooperation Agreements).

One type of Cooperation Agreement already exists. Mutual legal assistance treaties (MLATs) permit US law enforcement agencies to collect call records and other communications evidence from foreign countries through their channels of due process and let their law enforcement teams gather the same kinds of evidence from the US through US rules of due process. Unfortunately, the bureaucracy-laden MLATs are notoriously slow and unreliable.

A new and more effective type of Cooperation Agreement is now being negotiated between the US and Great Britain. Under the new approach, each nation’s warrant could be served under its own rules of due process, provided both sides observe a common baseline of due process standards. A foreign nation that respects civil rights would consequently enjoy streamlined investigative access to US-stored data, and US authorities would likewise gain easier access to the foreign nation’s data.

Implications for public safety

The Department of Justice supports the ICPA. Since the Microsoft/Ireland ruling, they say, US law enforcement has been blocked from solving crimes committed by US citizens in the US when the communications-related evidence of the crimes happens to be stored overseas. They regard the ICPA as a win-win because it would help both US law enforcement agencies and foreign authorities do their jobs.

Implications for privacy

At least one privacy group, the American Civil Liberties Union (ACLU), opposes the ICPA. The ACLU objects to the level of due process slated for Cooperation Agreements. Each Agreement would authorize a warrant for communications content based on a standard of “articulable and credible facts.” However, that standard is arguably not as high as the current US standard, known as “probable cause.” As a result, the ACLU claims, a foreign government such as the UK could access a communication between a UK person and a US person under the relatively low ICPA standard and then share that information with US law enforcement, thus circumventing the relatively high US standard.

The ACLU also warns that the US may enter into Cooperation Agreements with the wrong countries. For example, the ACLU believes certain US allies, such as India and Brazil, have spotty records on civil rights.

Finally, the ACLU worries that CSPs may lack the incentive or expertise to make Cooperation Agreements work as intended. In particular, they fear CSPs may fail to ensure that a given foreign-originated warrant meets the due process standard of articulable and credible facts.

Implications for Industry

The current state of law puts the communications industry in a bind. If a multinational CSP is ordered by a judge in country ABC to retrieve data stored in country XYZ, it may violate the criminal procedure laws of ABC if it refuses to comply, and it may breach the privacy laws of XYZ if it does comply. An ICPA Cooperation Agreement would moot the legal conflict by holding the two countries to a common set of laws.

Such an Agreement would also discourage a nation from keeping its communication data in-country by adopting a “data localization” law. A data localization law forces a CSP serving country ABC to store all data pertaining to citizens of ABC in a data center located in ABC, where it will remain within ABC’s criminal jurisdiction. Such laws undercut the value of cloud computing, which thrives on remote data storage.

To avoid conflicts of law and the threat of data localization, many leading industry players have endorsed the ICPA.

Hope for reconciliation

It remains unclear if and when the ICPA will become law. However, the idea seems promising, provided the finished product can satisfy privacy concerns.

Many experts agree the existing legal arrangement for cross-border data requests is not sustainable. This view is reinforced by the split of opinion among US courts.

Meanwhile, a least two factors fuel the desire for legal reform. The world of international communications continues to grow. And so does the volume of international crime.

May 19, 2017

EXPANDING COMMUNICATIONS SERVICE TO THE EU WHILE COMPLYING WITH MANDATES FOR PRIVACY AND LAW ENFORCEMENT

As American communications service providers expand their networks to the European Union they’ll confront a phalanx of new privacy laws and evolving mandates to assist law enforcement. The following examines the regulatory hurdles.

(more…)

April 28, 2017

HOW CALEA SOLUTIONS IMPROVE SECURITY IN COMMUNICATION NETWORKS

Communication service providers in the US are generally required by the federal CALEA statute to equip their networks with hardware/software solutions that facilitate lawful electronic surveillance. CALEA solutions provide the technical capabilities law enforcement agencies need to conduct court-ordered surveillance in criminal and terrorist investigations. For example, a state police department may need to intercept the calls of a criminal suspect using a cell phone. Or the FBI may monitor the broadband signals of a terrorist suspect communicating on the Internet.

(more…)

December 12, 2016

HOW WILL THE UK’S NEW SURVEILLANCE LAW IMPACT AMERICAN COMMUNICATION SERVICE PROVIDERS?

On November 29th the United Kingdom adopted a surveillance law that raised a novel issue of law enforcement assistance and privacy. How does the new law impact U.S.-based communication service providers?

The UK’s new Investigatory Powers Act

The UK’s existing Data Retention and Investigatory Powers Act of 2014, or “DRIPA,” already requires UK communication service providers to facilitate lawful surveillance and retain data on their subscribers’ past communications. To meet the data retention mandate, a service provider must store records on every subscriber’s past voice communications, emails, and text messages, and disclose them to the government upon lawful request.

(more…)

November 2, 2016

The Impact of the 2016 Presidential Election on Lawful Surveillance and Customer Records Disclosures

Author: Trevor Gray, Legal Services Manager

With every presidential election comes some uncertainty. How will policy be impacted by a newly elected chief executive? It is vital that industry players be forward thinking to try and anticipate some of the change and be better prepared to take advantage of it. One critical area of discussion during this election cycle has been that of national security and more specifically cybersecurity and privacy. Electronic communication providers will need to be ready to act, so here is a look at how the candidates stand on issues related to lawful surveillance and records collection.

(more…)