The United States and the United Kingdom have signed an agreement designed to help law enforcement agencies gain faster access to data related to serious crimes.
This is the first such agreement based on the Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, which was enacted into U.S. federal law on March 23, 2018.
The new CLOUD Act Agreement, the U.S. Department of Justice says, will allow law enforcement agencies from both countries to demand electronic data regarding certain cases from tech companies in other countries.
The agreement, the DoJ explains, applies to serious crimes, such as terrorism, child sexual abuse, and cybercrime, but still requires appropriate authorization.
While a data sharing agreement already exists between the two countries, the legal process can take up to two years at the moment, and the new agreement is meant to significantly reduce that time, “while protecting privacy and enhancing civil liberties,” the DoJ says.
The agreement’s terms are meant to lift restrictions for a variety of investigations, not targeting residents of the other country, and to assure providers that any disclosures made in line with the Agreement are compatible with data protection laws.
Additionally, both the U.S. and the U.K. committed to obtain permission from the other before using any of the data that was obtained through the agreement “in prosecutions relating to a Party’s essential interest—specifically, death penalty prosecutions by the United States and UK cases implicating freedom of speech,” the DoJ says.
Under the terms of the agreement, law enforcement agencies may contact tech companies based in the other country directly to request access to electronic data, instead of going through governments, as that could take a very long time.
The Agreement should significantly reduce the time needed to access data, as defined in the existing Mutual Legal Assistance (MLA) request process, which requires for all requests for electronic data from law enforcement and other agencies to be submitted and approved by central governments.
According to the DoJ, the Agreement is expected to accelerate dozens of complex investigations into suspected terrorists and pedophiles. The requests, however, will be subject to independent judicial authorization or oversight.
The CLOUD Act allows U.S. law enforcement to request access to data of concern regardless of where in the world that data is stored. It also authorizes the United States to enter into agreements that lift legal barriers to access to electronic data for certain criminal investigations.
The US-UK Agreement was facilitated by the UK’s Crime (Overseas Production Orders) Act 2019, which was approved earlier this year, and will enter into effect after a six-month Congressional review period, as mandated by the CLOUD Act, and the related review by UK’s Parliament.
“Only by addressing the problem of timely access to electronic evidence of crime committed in one country that is stored in another, can we hope to keep pace with twenty-first century threats. This agreement will make the citizens of both countries safer, while at the same time assuring robust protections for privacy and civil liberties,” U.S. Attorney General William P. Barr commented.
Related: US, EU Spar Over Sharing Electronic Evidence in Investigations
Related: Clear Scope for Conflict Between Privacy Laws
Related: Officials Push Facebook for Way to Peek at Encrypted Messages
