The United States and the United Kingdom have entered into the first agreement made under the US Cloud Act, which is designed to improve investigators’ ease of access to electronic material held outside their jurisdiction. The agreement was signed by Home Secretary Priti Patel and US Attorney General William P Barr in Washington DC on 3 October 2019.
The bilateral data sharing arrangement is expected to dramatically increase the speed of investigations by enabling law enforcement agencies to seek authorisation for the handing over of communications data from technology companies through the appropriate legal processes in their own country. This authorisation can be served directly on companies in the jurisdiction where the data is held (or accessible from), bypassing the need to obtain a corresponding order in that jurisdiction and significantly reducing delays. This streamlined process will be of huge benefit to UK based investigator’s such as the SFO who frequently face criticism for the length of their investigations.
Under the agreement, both the UK and the US will be expected to remove certain legal restrictions which prevent technology companies from cooperating with foreign investigators. Both countries will lift these restrictions only in respect of suspects who are not resident in the jurisdiction from which the evidence is sought. One significant feature of the agreement is that is extends to the contents of communications, not just the metadata.
Both governments have emphasised the law enforcement benefits of an agreement of this kind. The UK Home Secretary Priti Patel, speaking after signing the agreement said: “Terrorists and paedophiles continue to exploit the internet to spread their messages of hate, plan attacks on our citizens and target the most vulnerable.”
“As home secretary I am determined to do everything in my power to stop them. This historic agreement will dramatically speed up investigations, allowing our law enforcement agencies to protect the public.”
The agreement covers all material under the control of a US or UK cloud-based system, a broad power which raises obvious privacy implications. The agreement, however, cannot overcome the hurdle posed by end-to-end encryption. While this data may still be compellable from companies, it will be unintelligible to investigators and to the service providers themselves.
Alongside the agreement, the Home Secretary published an open letter to Facebook, co-signed by US Attorney General Barr calling on the company to halt its proposals to implement end-to-end encryption, which already exists in apps such as Whatsapp and Signal, across its messaging services. The letter makes clear the governments’ concerns about the plans and the impact they would have on efforts to tackle online child sexual abuse and terrorism.
Facebook CEO Mark Zuckerberg, in March 2019, reiterated his intention to make Facebook a “privacy focussed” company. In response to the open letter, Facebook immediately released a statement which said “we strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.”
The agreement will now go before the US congress and UK parliament for debate.