UK Home Secretary Priti Patel and US Attorney General William Barr have signed a bilateral agreement paving the way for UK and US law enforcement agencies to obtain data more quickly from electronic service providers operating in each jurisdiction.
According to Julian Hayes and Michael Drury at BCL Solicitors, this “will inevitably be one way traffic, expediting the UK’s acquisition of evidence from US tech giants such as Facebook, Google and Twitter in the fight against serious crime, including terrorism and child abuse.”
According to the FT, the deal will compel US technology companies including Facebook, Google and Twitter to hand over the content of emails, texts and direct messages to British law enforcement bodies, and require the same of UK companies holding information sought by US investigators.
It currently takes police and security services anything from six months to two years to request and access electronic data, under the “mutual legal assistance” treaty between the US and UK governments. “Under the new arrangements, a UK Judge can issue the police, SFO and other specified with an Overseas Production Order, bypassing cumbersome mutual legal assistance procedures and, in principle, obtaining electronically stored data from the US within just seven days,” Drury and Hayes said.
The treaty is based on the US CLOUD Act 2018 and the UK’s Crime (Overseas Production Orders) Act 2019. The agreement still requires ratification by the US Congress and is to be presented to Parliament.
While this has been welcomed by some organizations, including the NSPCC, which described the new arrangements as “a hugely important step forward,” the bilateral agreement has been criticized on the basis that it potentially erodes key rights. “The risk is that, in the rush to comply within tight time frames, tech companies might be required to hand over data to which law enforcement authorities have no right,” Drury and Hayes said.
They also questioned whether service providers will be expected to scrutinize the order to ensure that legal and procedural requirements have been adhered to, and asked how the requirements of the new arrangements will be reconcilable with the service providers’ desire to provide encrypted services?