WASHINGTON - The United States and the U.K. have signed an agreement, under a controversial new U.S. law, that will allow law enforcement agencies to force tech companies to turn over electronic communications for use in criminal investigations regardless of which country the data is stored in.
The accord is the first of its kind signed under the CLOUD Act, a law passed last year by Congress that has been severely criticized by some European countries for threatening privacy rights.
The French government has labeled it a threat to its “digital sovereignty,” while Germany has expressed concern about U.S. authorities snooping on ordinary Germans’ personal data.
U.S. Attorney General William Barr and U.K. Home Secretary Priti Patel, who signed the agreement at a ceremony in Washington on Thursday, sought to mollify those concerns.
"This agreement will make the citizens of both countries safer, while at the same time assuring robust protections for privacy and civil liberties,” Barr said.
“Terrorists and pedophiles continue to exploit the internet to spread their messages of hate, plan attacks on our citizens and target the most vulnerable,” Patel said. “As home secretary, I am determined to do everything in my power to stop them.”
The agreement comes with certain caveats. The two countries agreed to get each other’s permission before using data acquired under the agreement in certain cases – death penalty prosecutions in the U.S. and freedom of speech cases in the U.K.
Besides the U.K., no other country is known to have expressed interest in entering into a CLOUD Act agreement with the U.S.
Congress passed the law last year as the Supreme Court took up a case in which Microsoft challenged a government warrant to turn over electronic communications stored on the company’s servers in Ireland. Microsoft argued that the U.S. warrant didn’t apply to data held overseas. The company supported the CLOUD Act.
The law makes it easier for U.S. and other law enforcement agencies to acquire electronic communications stored outside their borders.
Normally, law enforcement organizations seeking those communications must submit a Mutual Legal Assistance Treaty (MLAT) request through their governments, a cumbersome process that can take up to two years.
The new U.S-U.K. Bilateral Data Access Agreement will allow law enforcement agencies to bypass the MLAT system, dramatically speeding up the data collection process.
Under the accord, law enforcement agencies can now go directly to tech companies in the other country and demand electronic data, as long as they receive court authorization.
“Only by addressing the problem of timely access to electronic evidence of crime committed in one country that is stored in another, can we hope to keep pace with twenty-first-century threats,” Barr said.