Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

New US-UK Agreement Speeds Law Enforcement’s Access to User Data

The United States and the United Kingdom have signed an agreement designed to help law enforcement agencies gain faster access to data related to serious crimes. 

This is the first such agreement based on the Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, which was enacted into U.S. federal law on March 23, 2018.

The United States and the United Kingdom have signed an agreement designed to help law enforcement agencies gain faster access to data related to serious crimes. 

This is the first such agreement based on the Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, which was enacted into U.S. federal law on March 23, 2018.

The new CLOUD Act Agreement, the U.S. Department of Justice says, will allow law enforcement agencies from both countries to demand electronic data regarding certain cases from tech companies in other countries. 

The agreement, the DoJ explains, applies to serious crimes, such as terrorism, child sexual abuse, and cybercrime, but still requires appropriate authorization. 

While a data sharing agreement already exists between the two countries, the legal process can take up to two years at the moment, and the new agreement is meant to significantly reduce that time, “while protecting privacy and enhancing civil liberties,” the DoJ says. 

The agreement’s terms are meant to lift restrictions for a variety of investigations, not targeting residents of the other country, and to assure providers that any disclosures made in line with the Agreement are compatible with data protection laws. 

Additionally, both the U.S. and the U.K. committed to obtain permission from the other before using any of the data that was obtained through the agreement “in prosecutions relating to a Party’s essential interest—specifically, death penalty prosecutions by the United States and UK cases implicating freedom of speech,” the DoJ says. 

Under the terms of the agreement, law enforcement agencies may contact tech companies based in the other country directly to request access to electronic data, instead of going through governments, as that could take a very long time. 

The Agreement should significantly reduce the time needed to access data, as defined in the existing Mutual Legal Assistance (MLA) request process, which requires for all requests for electronic data from law enforcement and other agencies to be submitted and approved by central governments. 

According to the DoJ, the Agreement is expected to accelerate dozens of complex investigations into suspected terrorists and pedophiles. The requests, however, will be subject to independent judicial authorization or oversight.

The CLOUD Act allows U.S. law enforcement to request access to data of concern regardless of where in the world that data is stored. It also authorizes the United States to enter into agreements that lift legal barriers to access to electronic data for certain criminal investigations. 

The US-UK Agreement was facilitated by the UK’s Crime (Overseas Production Orders) Act 2019, which was approved earlier this year, and will enter into effect after a six-month Congressional review period, as mandated by the CLOUD Act, and the related review by UK’s Parliament. 

“Only by addressing the problem of timely access to electronic evidence of crime committed in one country that is stored in another, can we hope to keep pace with twenty-first century threats. This agreement will make the citizens of both countries safer, while at the same time assuring robust protections for privacy and civil liberties,” U.S. Attorney General William P. Barr commented. 

Related: US, EU Spar Over Sharing Electronic Evidence in Investigations

Related: Clear Scope for Conflict Between Privacy Laws

Related: Officials Push Facebook for Way to Peek at Encrypted Messages

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Cyberwarfare

Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...

Cybercrime

A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...

Compliance

European privacy activists have filed complaints against Apple over its use of software to track the behavior of iPhone users.The Vienna-based group NOYB -...