UK Investigative Agencies Want To Be Able To Send Warrants To US Companies
from the lots-of-'solutions,'-all-of-them-terrible-in-different-ways dept
Because citizens are localized but their data isn't, things aren't going to get any less weird as time progresses. Or any less legally troublesome. Ellen Nakashima and Andrea Petersen of the Washington Post have seen a copy of a draft negotiating document between UK and US representatives that would allow MI5 (and presumably other agencies) to access data and communications held on US servers.
The transatlantic allies have quietly begun negotiations this month on an agreement that would enable the British government to serve wiretap orders directly on U.S. communication firms for live intercepts in criminal and national security investigations involving its own citizens. Britain would also be able to serve orders to obtain stored data, such as emails.UK agencies would still be locked out of obtaining information or data on US persons and it would take legislation to actually make this access a reality, but it's apparently being considered, as UK officials feel this issue is standing in the way of investigations/counterterrorism efforts.
As it stands now, UK agencies must make formal diplomatic requests which rely on a Mutual Legal Assistance Treaty -- a process that can take months. That's not good enough, apparently. Everyone wants instant access, including UK agencies, and a strong streak of entitlement (the same entitlement guiding FBI director James Comey's one-sided "debate" on encryption) runs through the arguments for this expansion of the UK's legal powers.
“Why should they have to do that?” said the administration official. “Why can’t they investigate crimes in the U.K., involving U.K. nationals under their own laws, regardless of the fact that the data happens to be on a server overseas?”Why indeed? Why comply with existing laws or territorial restrictions? After all, the FBI is working toward the same end, pushing for the right to hack servers located anywhere in the world when pursuing criminals.
Several issues need to be addressed before UK agencies can be granted permission to demand communications and data from US companies. For one thing, a warrant issued in the UK is not exactly the same thing as a warrant issued in the US. The legal standards may be similar, but they're still a long ways from identical.
The negotiating text was silent on the legal standard the British government must meet to obtain a wiretap order or a search warrant for stored data. Its system does not require a judge to approve search and wiretap warrants for surveillance based on probable cause, as is done in the United States. Instead, the home secretary, who oversees police and internal affairs, approves the warrant if that cabinet member finds that it is “necessary” for national security or to prevent serious crime and that it is “proportionate” to the intrusion.Note the "silence" on the differences between the legal standards. It appears no one involved in this discussion is interested in digging into these disparities.
A second administration official said that U.S. officials have concluded that Britain “already [has] strong substantive and procedural protections for privacy.” He added: “They may not be word for word exactly what ours are, but they are equivalent in the sense of being robust protections.”That's great. Both countries won't examine each other's legal standards because they don't want to upset the reciprocity implicit in the draft agreement. The UK can ask for stuff from US companies and vice versa, with neither country playing by the other country's rules. In between all of this are citizens of each respective countries, whose data and communications might be subjected to varying legal standards -- not based on where the data is held, but who's asking for it.
As a result, he said, Britain’s legal standards are not at issue in the talks. “We are not weighing into legal process standards in the U.K., no more than we would want the U.K. to weigh in on what our orders look like,” he said.
Of course, the alternatives are just as problematic. If an agreement like this fails to cohere, overseas governments will likely demand data and communications generated by their citizens be stored locally, where they would be subject only to local standards.
Then there's the question of what information these agencies already have access to, thanks to the surveillance partnership between the NSA and GCHQ. Although neither agency is supposed to be focused on domestic surveillance (although both participate in this to some extent), the NSA is allowed to "tip" domestic data to the FBI for law enforcement purposes. Presumably, GCHQ can do the same with MI5. The tipped info may not be as comprehensive as what could be obtained by approaching a provider directly, but it's certainly more than the black hole the current situation is being portrayed as. (Especially considering GCHQ already has permission to break into any computer system located anywhere in the world...)
No matter what conclusion the parties come to, legislation addressing it is likely still several months away, if it ever coheres at all. Congress -- despite its occasional lapses into terrorist-related idiocy -- is likely not interested in subjecting US companies to foreign laws, no matter the stated reason for doing so. But if it doesn't oblige the UK (and others who will jump on the all-access bandwagon), it's safe to assume the British government will move towards forcing US companies to set up local servers and segregating communications and data by country of origin.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: surveillance, uk, us, warrants
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Treaty for the mutual violation of citizen's rights
[ link to this | view in chronology ]
Re: Treaty for the mutual violation of citizen's rights
Most of the 5 eyes have a thing where other foreign countries are fair game. Swapping data back and forth without admitting how it was gotten has been pretty standard. It's made it all the way down to the local cop level in many cases as has been shown here at Techdirt. Misdirection on how the evidence was obtained runs far more common than any LEO office or branch wants to admit.
[ link to this | view in chronology ]
Re: Re: Treaty for the mutual violation of citizen's rights
one hand washes the other, as mafia types say (and the spooks are nothing but 'legalized' kriminal syndicates...)
[ link to this | view in chronology ]
All working toward a one world government
This will open up the system to all kinds of abuses. How will an American company know or vet that the UK is asking for info on a British citizen and not a US citizen? They will be forced to comply and unable to verify the citizenship of the people being spied upon.
[ link to this | view in chronology ]
Re: All working toward a one world government
The problem with all large organizations is that the larger they get the bigger the psychopath in charge, and the worse the inter department fighting gets.
[ link to this | view in chronology ]
Foriegn Laws
Although perfectly happy to subject foriegn companies to US laws.
[ link to this | view in chronology ]
Re: Foriegn Laws
This is not entirely true. It is my understanding that there are toll roads in Canada that work from license plate readers. Several states have agreed to provide info to Canada so they can bill US drivers who travel those toll roads. Though it is apparently states working this out with Canada and not congress. But still, I cannot imagine why the sheeple would allow this?
[ link to this | view in chronology ]
Re: Re: Foriegn Laws
Because without it there would have to be toll booths and so your journey would also be interrupted and you would have to pay more!
Do you think it would be a good idea if Americans could walk into any shop in Canada and just take stuff for free?
(Disclaimer - I don't think toll road are a good idea - however the fee is collected - but if you have them you may as well collect the fee int he most appropriate way)
[ link to this | view in chronology ]
Re: Re: Re: Foriegn Laws
Sure, if those shops were setting transportation infrastructure provided by the government. With US tax dollars, we pay for lot of roads that Canadians are allowed to drive on. Non-toll roads in Canada are "taken" for free when we drive on those. Because someone decided on a rather dumb plan to collect these taxes does not make it any more appropriate to shift a tax burden on a neighboring country.
Also, Canadians should be driving in the EZPass lane in the US and not paying the bill.
[ link to this | view in chronology ]
Re: Re: Re: Foriegn Laws
So completely not the same thing. If they want foreigners to pay a toll, then they should setup a way to collect it while they are in Canada. For the US or state governments to allow a foreign country to identify American drivers and send them a bill is crazy.
[ link to this | view in chronology ]
Re: Re: Re: Re: Foriegn Laws
[ link to this | view in chronology ]
Re: Foriegn Laws
[ link to this | view in chronology ]
Re: Re: Foriegn Laws
[ link to this | view in chronology ]
Re: Re: Re: Foriegn Laws
[ link to this | view in chronology ]
Is there still such a thing as a U.S. company?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
If Germany wants to serve a warrant on an American country, they simply cannot because they lack jurisdiction to do so. The only way this would be possible is if Congress passes a law that allows foreign countries to server warrants on American companies and the current state of our political system will never allow that to happen.
The European Union is over-reaching. Unless they also allow American warrants to be served on European Union companies (something they have always been reticent to do), I just don't see this happening.
Additionally, a world government? Unifying the entire planet under one government will never happen because of the TSA, borders, laws in different countries. It would take hundreds of years for this to happen and with such conflicts as the one between Israel and the formation of the Palestinian State, this is unlikely to happen. Israel doesn't want a unified state and does anyone think that something like this will ever happen?
It just isn't going to happen in our lifetime, our children's lifetime nor even our children's grandchildren's lifetime.
[ link to this | view in chronology ]
Re:
Ask Kim Dotcom just how true that is, as all his assets in various countries have been seized VIA US issued warants.
[ link to this | view in chronology ]
Limits on globalization?
Only Law Enforcement, spies, and the rich get to benefit from globalization. Everyone else gets the raw end of it.
[ link to this | view in chronology ]
What goes around, comes around
I'm sure the UK authorities frequently ask the same question about the FBI.
[ link to this | view in chronology ]
Sweden, Spain, France, United Kingdom, Denmark, Germany, Greece and so on ... if any of these countries tried serving a warrant on an American company, they would be laughed out of the court because unless the matter involved international law, these countries and their warrants would be dismissed purely on a lack of jurisdiction.
I just don't see the European Union successfully presenting a warrant to an American company. There are simply too many obstacles standing in the way and they wouldn't even be binding, not even in an international court.
In regards to copyright law, that is different, since copyright law is recognized by the international community and the international courts. The E.U. has a lot of hurdles in their way and I simply do not see them succeeding.
Not only that, but this is all being done secretly. They want to be able to issue these warrants but they don't want anyone else to know what they're doing. Kind of reminds of congress passing all of that warrantless surveillance until the NSA started scooping up the data of congress and then congress started complaining.
It was a situation where 'spy on everyone but don't spy on me'. These types of things have the habit of backfiring.
[ link to this | view in chronology ]
Correction
https://www.washingtonpost.com/people/andrea-peterson
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The problem with making 'It's good enough for our jurisdiction, so it should be good enough for yours' an acceptable legal idea is that it allows the country/government with the weakest legal protections to benefit the most, and 'export' in a sense their weaker laws and apply them to other countries.
If the requirements for a UK warrant don't meet the requirements for a US warrant for example, they shouldn't be able to say 'Oh well, it's valid anyway' and force US companies to comply with it. They want the information from a US company, make a request through the US courts.
[ link to this | view in chronology ]
Should read: warrants to U.S. SMALL Companies.
Doing this sort of thing at the state level (U.S. state) would be unconstitutional due to the articles restricting treaties with foreign governments. So it could ONLY be handled through the fed.
I have a hard time seeing how that would work:
U.K. calls some company, company says "no". U.K. calls the fed. Fed jackboots company. State gets pissed off. (not likely to end well) Perhaps that's the point?
The other big issue is warrants against personal data of intelligence value. MI5 could call AT&T and request a tap on on U.S. military contractor for example. AT&T would have no way of knowing that the data base of intelligence value before compliance. And why should MI5 get a discount? If they want U.S. Military secrets, they can just buy them from the Chinese like everybody else.
[ link to this | view in chronology ]
DoJ trying to access MS servers in Ireland
If a EU prosecutor can subpoena records of a US company, what's next.
Also, EU data retention statues are shorter than the US. That will have to be normalized also.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Old excuses
[ link to this | view in chronology ]
Constitutional warrant requirements
Without probable cause, there is only a general warrant, which is unconstitutional. We have no business assisting in enforcing legal standards that differ from our own and which we abandoned as inferior.
[ link to this | view in chronology ]
There are serious jurisdictional problems that are at play here which UKIA doesn't address. First, it would require that new laws be passed in each country/government where these warrants would be presented. Simply getting people in your country to say 'we're gonna do this' doesn't make it legally binding.
Second, while extradiction warrants are widely recognized by most countries as long as they are properly filed with established courts (along with safeguards preventing their abuse), this is different compared to what the EU wants to accomplish.
This is nothing more than the EU telling Americans "we don't care about your rights, we just want to collect all of your data'. There are simply major problems with this, even if they manage to scam and con other countries into accepting this.
[ link to this | view in chronology ]