Cross-Border Requests for Data Project

 

With support from the Hewlett Foundation Cyber Initiative and others, Georgia Tech has become a leading source of research on the increasingly important area of Mutual Legal Assistance (MLA) and cross-border government requests for data.

 


Overview of the Project

Two technological trends are rendering the traditional MLA system obsolete: (1) the globalization of criminal evidence, as webmail, social networks, and other electronic communications are pervasively stored in the cloud, often in a different country; and (2) widespread use of encryption for these communications, so that wiretaps in the local country cannot gain access to the evidence.

Since early 2015, our research team has completed five academic papers, hosted conferences, and worked with global stakeholders to update rules and practices to match the new reality of globalized evidence for criminal cases.

Our research and policy efforts seek to promote four goals:

  1. Fulfill legitimate law enforcement requests, to investigate cybercrimes and other crimes where evidence is held in a different country;
  2. Protect privacy and civil liberties in the United States and globally, by assuring due process before evidence is sent to a different country;
  3. Provide a workable regime for the companies holding the communications records; and
  4. Safeguard the Internet by resisting calls to localize data and splinter the Internet.

 

Why MLA is a Growing Problem

Consider a burglary that takes place in Paris with a French suspect and a French victim. In investigating the crime, French law enforcement finds that the suspect was using a US-based email service, and the emails can only be retrieved from the United States.

Under the current regime, to access the emails, French law enforcement would need to make a mutual legal assistance treaty request from the French Minister of Justice to the U.S. Department of Justice. This request would need to show “probable cause” of a crime (the U.S. legal standard), even though the crime is connected to the U.S. only due to the physical location of the email server.  The average length of time to respond to a request is about 10 months.

The example shows how MLA issues increasingly arise even for routine criminal investigations. The need for MLA requests is even more pervasive for cybercrime, drug smuggling, money laundering, and other crimes where the criminal activity itself often crosses borders.

 

Academic Publications

Stakeholders in Reform in the Global System for Mutual Legal Assistance
Peter Swire & Justin D. Hemmings
Chapter in Systematic Government Access to Private-Sector Data (Oxford University Press 2017)
The chapter identifies the stakeholders in the international MLA regime and their respective incentives and goals for reform. This article examines the interests of the US government, non-US governments, technology companies, and public interest groups both in the US and abroad, to inform debates about what reforms are practical and desirable.

Mutual Legal Assistance in an Era of Globalized Communications: The Analogy to the Visa Waiver Program
Peter Swire & Justin D. Hemmings
71 NYU Annual Survey of American Law 687 (2017).
This article contends that MLATs today are emerging as a key component of multiple legal and policy debates. Drastically improving the mutual legal assistance (MLA) process has become important, not only for accurate adjudication in individual cases, but also for supporting a globally open and inter-operable Internet against calls for data localization and institution of other stricter national controls on the Internet.

A Mutual Legal Assistance Case Study: The United States and France
Peter Swire, Justin D. Hemmings, & Suzanne Vergnolle
34 Wisconsin International Law Journal 323 (2017).
The article examines the substantive rules that apply for MLA requests involving the United States and France, complementing the procedural rules discussed in the previous article. We believe a relatively detailed explanation of the two regimes will be helpful to discussions of MLA reform, because few participants in such debates are experts in both U.S. and French criminal law and procedure.

How Both Europe and the U.S. are "Stricter" than Each Other for the Privacy of Government Requests for Information
Peter Swire & DeBrae Kennedy-Mayo
66 Emory Law Journal 617 (2017).
The article examines ways that the United States and the European Union (EU) each offer stricter privacy protections for government access to data, contrary to the common assumption that EU privacy law is generally stricter than U.S. law. The analysis builds on our French case studies to show broader implications for MLA reform.  The analysis also is highly relevant for current policy debates and lawsuits concerning whether the U.S. has “adequate” safeguards for privacy, a legal condition for many transfers of personal data from the EU to the U.S.

Understanding the French Criminal Justice System as a Tool for Reforming International Legal Cooperation and Cross-Border Data Requests
Suzanne Vergnolle
Chapter in Data Protection, Privacy, and European Regulation in the Digital Age (Helsinki University Press 2016)
This chapter provides a detailed case study of the French system for exchanging criminal evidence with the United States – focusing on the procedural aspects of how France makes or receives MLAT requests. This chapter explains ways that French investigative authorities have broader powers than their American counterparts, as well as safeguards for individuals’ rights during the French criminal investigation process.

Beyond Location: Data Security in the 21st Century
Deven R. Desai
Communications of the ACM, January 2013
This article examines the tensions between desires for data security and integrity and a government’s interest in access to data. It uses cloud computing as a lens to show that modern data management enhances data security and integrity by breaking up and moving data similar to the way power grids are managed. That reality indicates a need to move away from location-based approaches to jurisdiction. It also means that we need to develop a new system that allows those with desired data to respond to legitimate government requests for data.

 

Shorter Publications

Why Cross-Border Government Requests for Data Will Keep Becoming More Important
Peter Swire
Lawfare, May 23, 2017
Technological developments are driving fundamental changes in the importance of cross-border government requests for data. There are multiple institutional mechanisms for possible reform, entirely apart from the traditional approach of Mutual legal Assistance Treaties (MLATs). And the resolution of MLA issues will have broader implications, on whether multiple nations push for strict data localization laws, and for the ongoing debates about government laws to limit strong encryption and to authorize greater government hacking of computers for law enforcement purposes.

A 'Qualified SPOC' Approach for India and Mutual Legal Assistance
Peter Swire & Deven Desai
Lawfare, March 2, 2017
There has been growing legal, policy, and academic attention to the topic of Mutual Legal Assistance (MLA), the mechanisms for evidence held in one country to be provided to a different country for law enforcement purposes. This post summarizes recent developments and proposes a new mechanism for MLA that could be used for the important country of India, and also more generally.

Reforming Mutual Legal Assistance Needs Engagement Beyond the U.S.
Ian Brown, Vivek Krishnamurthy, and Peter Swire
Lawfare, March 1, 2016
In this short post, the three authors – who have each written on the subject of MLA reform and who have each convened meetings on the subject (from Washington to Brussels) – stress the importance of a better understanding of both the strengths and weaknesses of each of the countries involved in MLA to avoid distrust based on misunderstanding.  Most basically, the three advocate for MLA reform in the US as well as in Europe and globally.