British authorities want the ability to directly serve American companies with search warrants and wiretap requests instead of having to go through the U.S. government.
American and British officials have been discussing an agreement that would let U.K. police and intelligence agencies serve U.S. companies with those court orders, according to the Washington Post, which saw a draft of the document outlining future talks.
A senior Obama administration official confirmed the report to the Daily Dot, saying the discussions centered on making “cross-border requests for certain electronic communications data for law enforcement and national security purposes more effective and efficient, while still protecting privacy and civil liberties.”
Asked when the public would learn the details of the proposed arrangement, the official stressed that negotiators were “at just the very beginning of discussions on an agreement.”
Congress would have to amend U.S. wiretapping laws to approve of any proposal by the White House. Spokespeople for the chairmen and ranking members of the House and Senate Judiciary Committees did not respond to requests for comment.
If the proposal is accepted, U.K. agencies still “would not be able to directly obtain the records of Americans, if a U.S. citizen or resident surfaced in an investigation,” according to the Post‘s analysis of the draft document.
Right now, any foreign government that wants records from a U.S. company has to submit a request under a mutual legal assistance treaty. If their request is approved, the Department of Justice issues the search warrant or wiretap request and directs the resulting records to the foreign government. This process, the Post said, takes an average of 10 months to complete.
In response to a trend of criminals migrating to secure U.S. information services like Gmail and Twitter, some foreign governments are considering or have adopted so-called “data localization” laws, which force tech companies to build servers on a country’s soil to make them subject to that country’s legal process.
Because of the financial costs and technical consequences of complying with such laws, U.S. tech companies have forcefully opposed them. A senior administration official, speaking to the Post, said that the ongoing talks over the new judicial arrangement were meant to forestall similar action by the British government.
“Because of technological changes, the U.K. can no longer access data in the U.K. like they used to be able to, and more and more, U.K. nationals—including criminals in their country—are using providers like Google, Facebook, Hotmail,” the official said. “The more they are having challenges getting access to the data, the more our U.S. providers are facing a conflict of laws.”
There is a significant difference between U.S. and U.K. legal standards. Unlike their American counterparts, British agencies do not need judicial approval to issue warrants. Independent judicial authorization for search and interception powers is a bedrock principle of U.S. surveillance law, enshrined in the Fourth Amendment.
A Justice Department official told the Daily Dot that the U.S. was satisfied with British legal protections.
“We believe that the U.K.. has strong substantive and procedural protections for privacy,” the official said in an email. “The protections may not be word-for-word what we have in the United States, but they are robust protections that we understand well and believe are strong.”
In a nearly identical comment to the Post, a senior administration official said that U.S. and U.K. protections were “equivalent in the sense of being robust protections.” The Justice Department official declined to answer whether the Obama administration considered ministerial warrant approval in the U.K. to be “equivalent” to judicial approval in the U.S.
The proposal has already drawn sharp criticism from privacy advocates, who were quick to raise concerns about differing legal standards between the two countries.
Ross Schulman, senior policy counsel at New America’s Open Technology Institute, said it was “hard to conceive of a situation in which Congress would give a foreign power unprecedented access to U.S. companies while demanding a lesser level of protections than our own Constitution requires.”
“This agreement in its present form marks a striking departure from current practice and seems completely unconcerned with international human rights or civil liberties,” he said in an email. “Congress should, and I think will, be skeptical of any proposal that fails to address those issues.”
Kevin Bankston, the director of New America’s Open Technology Institute, called the plan “a horrible betrayal of our constitutional principles.”
“This deal as reported would not require the U.K. to heighten its standards to meet ours in the U.S., or even to meet the basic requirements of human rights law,” Bankston said in a statement. “We call on lawmakers who care about privacy—both from the left and the right—to tell the Obama Administration that they will not stand for it.”
Amie Stepanovich, U.S. policy manager at the global Internet-rights group Access, said in an email that “clear deficiencies” with mutual legal assistance treaties were “a reason to invest in better, faster processes, not to undermine the very heart of the system.”
She added that the new agreement, if finalized and approved, would “lower the human rights protections for accessing private information of Internet users and give the U.K. unprecedented new authority to act extraterritorially without adequate oversight.”