Congress Pressed to OK Bilateral Agreement Allowing US, UK to Access Data Overseas
U.S. and U.K. law enforcement officials pressed Senate Crime and Terrorism Subcommittee members for a fix to enable agencies in both countries to access data held by technology companies overseas needed for investigations. They said a bilateral agreement could accomplish that but it needs Congress' approval.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Microsoft President Brad Smith said Congress needs to act and supported the DOJ proposal for reciprocal agreements between two countries but said unilateral demands for data could cause significant problems for technology companies. Last year, Microsoft won a legal battle when the 2nd U.S. Circuit Court of Appeals unanimously ruled DOJ couldn't force the company to provide customers' electronic communications stored outside the U.S. (see 1610120014). DOJ has sought a rehearing. Extraterritorial warrants from the U.S., said experts, often place tech companies in the middle of conflicting laws between two countries.
Brad Wiegmann, deputy assistant attorney general of the National Security Division, said the 2nd Circuit decision is preventing the department from using a warrant to get data abroad. He cited a child sexual assault case where Google didn't produce photos stored abroad that investigators needed to identify and locate offenders. He also cited a terrorism case in which Microsoft declined to provide data stored in a server abroad. DOJ has identified "close to a hundred of these cases" and the number is rising, he said.
Wiegmann said Congress can lift restrictions and allow DOJ to sign a bilateral agreement with the U.K. that can also be a template for agreements with other countries. He said legislation, which will be similar to a bill introduced last year, would allow the department to sign agreements with other countries as long as their laws are evaluated and meet certain U.S. standards. That bill wasn't well received by some civil liberties groups (see 1607180026). Ranking member Sheldon Whitehouse, D-R.I., said legislation should contain significant protections for privacy, civil liberties and rule of law. "Absolutely," replied Wiegmann.
U.K. Deputy National Security Adviser Paddy McGuinness said the bilateral agreement isn't an expansion of his country's investigatory powers framework and wouldn't affect privacy rights of U.S. citizens and residents. He said it would also be "encryption neutral," meaning the agreement won't include related terms.
Smith said Microsoft has "long supported" the proposed bilateral U.K.-U.S. agreement: "Now is the time for Congress to act." When the EU's general data protection regulation goes into effect in one year, he said that U.S. warrants on tech companies for data stored overseas could violate that law and impose significant penalties for companies. He said Congress can fix that problem before then but it will be difficult.