On October 3, 2019, the United States and United Kingdom concluded the first ever CLOUD Act Agreement. It will permit U.S. and British law enforcement agencies, with appropriate authorization, to demand electronic data concerning serious crime, including terrorism, child sexual abuse, and cybercrime, directly from tech companies based in the other country, without legal barriers. Simultaneously, both governments and Australia’s Minister for Home Affairs published an open letter to Facebook, asking it to stop plans to implement end-to-end encryption across its messaging services
The CLOUD Act Agreement
The agreement will broadly remove restrictions for a wide category of investigations, not targeting residents of the other country, and assure providers that disclosures through the Agreement are compatible with data protection laws. Each signatory commits to obtain permission from the other before using data gained through the agreement in prosecutions concerning a Party’s essential interest – specifically, death penalty prosecutions by the U.S. and U.K. cases implicating freedom of speech.
The agreement will accelerate investigations by removing legal barriers to timely and effective collection of electronic evidence. The Agreement allows law enforcement, when armed with appropriate court authorization, to directly compel tech companies based in the other country to give access to their electronic data, rather than going through governments, which can take many months and even years.
The agreement will accelerate dozens of complete investigations into suspected terrorists and pedophiles.
The U.S. will have reciprocal access, under a U.S. court order, to data from U.K. communication service providers. All requests for access to data will be subject to independent judicial authorization or oversight.
In March 2018, Congress passed the CLOUD Act, authorizing the U.S. to conclude bilateral executive agreements with rights-respecting partners that remove each party’s legal barriers to the other party’s access to electronic data for certain criminal investigations. The enactment in the U.K. of the Crime (Overseas Production Orders) Act 2019, which received Royal Assent in February of this year, authorized the U.K. to conclude the agreement
U.K. and U.S. Ask Facebook to Stop Plans to Encrypt Messaging Services
The U.K. Home Secretary Priti Patel, U.S. Attorney General William P. Barr, Acting U.S. Homeland Security Secretary Kevin McAleenan, and Australia’s Minister for Home Affairs Peter Dutton sent an open letter to Facebook, expressing serious concerns with Facebook’s plans to implement end-to-end encryption across its messaging services.
The letter asks Facebook to stop the proposals, unless the company can give assurances that no reduction will occur in Facebook’s ability to keep its users safe and enable law enforcement access to content in exceptional circumstances in order to protect the public.
Analysis
The U.K.-U.S. CLOUD Act Agreement opens the door for the U.S. and the European Union to conclude a CLOUD Act Agreement. The two parties are currently negotiating such an agreement.
The current issue of the IELR will have more information on the U.S.-UK Agreement and the open letter to Facebook.