Stakeholders in Reform of the Global System for Mutual Legal Assistance
Stakeholders in Reform of the Global System for Mutual Legal Assistance
Abstract and Keywords
This chapter briefly explains the reasons that Mutual Legal Assistance Treaties (MLATs) and other forms of trans-border access to electronic data are vital and becoming increasingly more so for law enforcement in this age of globalized evidence. It then presents the goals of key stakeholders in MLAT reform: national governments other than the United States; the US government, both for law enforcement and other goals; technology companies, such as email and social network providers; and civil society, seeking goals including privacy, free speech, and democracy. This chapter is part of a broader research and law reform project on law enforcement access to electronic evidence held in other nations. Our ultimate goal is to propose reforms (or meaningful alternatives) to the Mutual Legal Assistance (MLA) system. Any such reforms, however, will have to be built on an accurate understanding of the incentives and perspectives of the major stakeholders.
This chapter briefly explains the reasons that Mutual Legal Assistance Treaties (MLATs) and other forms of trans-border access to electronic data are vital and becoming increasingly more so for law enforcement in this age of globalized evidence. It then adds to the previous literature by presenting the goals of key stakeholders in MLAT reform: national governments other than the United States; the US government, both for law enforcement and other goals; technology companies, such as email and social network providers; and civil society, seeking goals including privacy, free speech, and democracy. This chapter is part of our broader research and law reform project on law enforcement access to electronic evidence held in other nations.1 Other parts of our ongoing research will delve into the complex procedures and obstacles that characterize international mutual legal assistance today. Our ultimate goal is to propose reforms (or meaningful alternatives) to the Mutual Legal Assistance (p.396) (MLA) system.2 Any such reforms, however, will have to be built on an accurate understanding of the incentives and perspectives of the major stakeholders. This chapter focuses on that task.
II. Brief Introduction to Current MLAT Issues
An example illustrates the rising importance of the MLA process. Suppose there is a burglary in Germany, and the two suspected burglars are both German nationals, living in Germany. The German police learn that the suspects subscribe to an email service and a social networking service, and the police seek the content of those communications. Those records, however, are stored in the United States, where government access to the content is governed by the Fourth Amendment to the US Constitution, generally requiring a search warrant signed by a neutral judge based on probable cause of a crime.3 The content is also governed by the Electronic Communications Privacy Act (ECPA), which makes it illegal for the technology company to turn over the content of communications unless the statutory provisions are met.4
Under ECPA and other current law, the German police would have an office in the German government contact the US Department of Justice, whose Office of International Affairs (OIA) processes requests under a Mutual Legal Assistance Treaty. OIA, working with others in the Department of Justice, would determine whether a legal basis exists for gaining a court order, and then have a prosecutor seek the order. Once granted, the court order would go to the technology company, which would produce the records. Those records would then be reviewed by OIA for compliance with US law, such as no violation of First Amendment (p.397) free speech protections. Eventually, after a delay averaging roughly 10 months,5 the records would be provided to German law enforcement.
One can appreciate the frustration the German police might feel in encountering this cumbersome process. At least two major technology trends contribute to the increased prevalence of such MLAT requests, even for routine local criminal investigations. First, in contrast to traditional paper records, a globalized Internet and pervasive use of cloud technologies mean that records far more often are stored outside the country conducting an investigation. Second, real-time wiretaps on email and other Internet communications are increasingly frustrated because the data flowing between the user and the cloud is often encrypted by default, so a wiretap on the communications link in Germany gathers only encrypted zeros and ones.6 In short, the once-unusual MLAT request becomes the only means of obtaining records that are encrypted in transit and stored on a cloud server in another country. The once-obscure MLAT process becomes a far more prominent part of global law enforcement investigations. Even more broadly, the impediments that the current MLA system poses to evidence sharing across borders become an argument in favor of localizing evidence, potentially with a large impact on the practice of globalized communications, and implicating governance of the Internet itself.
For all these reasons, there is widespread interest in reforming the MLAT system or developing viable alternatives to it. The following interest analysis should inform that process.
III. The Perspective of Non-US Governments
We begin by examining the concerns of countries outside of the United States. Non-US governments, which for ease of exposition we call “foreign” governments, face particular frustrations with the current MLAT process, because a great deal of electronic evidence is housed in the United States, which has relatively strict legal requirements for turning over the evidence.
Some steps to address transborder sharing of electronic evidence were taken in the Council of Europe Cybercrime Convention, often called the “Budapest Convention,” issued in 2001. The Budapest Convention sought to facilitate international criminal investigations of cybercrimes such as hacking and more broadly to facilitate international cooperation in cases involving electronic evidence.7 To achieve this, the Convention sought to assure that a lawful basis would exist to transfer evidence between nations, notably by requiring (p.398) signatories to cooperate with each other in criminal investigations when seeking to search and seize computers, compel disclosure of data stored in computers, and carry out real-time interceptions in other countries. However, the treaty did not address in any detail the more granular question of ensuring that such cross-border cooperation occurs in a timely fashion.
The example of the German burglary shows that MLAT requests now apply far beyond cybercrimes and can include any traditional local crime with digitized evidence, often stored on a server in another country. To the extent that foreign law enforcement agencies seek to use MLATs, they must learn the unfamiliar and relatively strict substantive US legal standards, such as what a US magistrate will agree is “probable cause” of a crime under the US Fourth Amendment. They must also learn how to overcome procedural obstacles, including how to send a proper request from the correct officials in their own country to the correct officials in the United States.
Compared with gaining evidence from local providers under well-understood local rules, seeking evidence through the MLAT process can thus seem slow, confusing, and burdensome to foreign law enforcement. In response, foreign governments understandably have reason to seek faster access to evidence held in the United States, under procedures that are more streamlined and more transparent to the requesting government. Foreign governments thus would support reforms such as greater funding for OIA to respond to requests and a reduction in bureaucratic obstacles to obtaining the evidence.
These governments also face incentives to take measures to address the technological changes mentioned above—the storage of evidence in other countries and the increased prevalence of encryption. One way to respond to these trends is to enact data localization requirements, such as Russia has done and other countries have considered.8 In the wake of the Snowden revelations, there are a number of possible motives for such localization requirements, including: (1) concern about how records of their citizens will be treated in the United States; (2) protectionist support for local cloud providers and other technology companies, which would reduce the market share of US providers; and (3) use of localization proposals as a way to highlight concerns about US intelligence activities and to create leverage for possible changes in US policy.9 In this setting, foreign (p.399) frustrations with the MLAT process provide an additional rationale for localization initiatives: making the data more readily available to local authorities. We believe there are compelling arguments against data localization of this sort, as explained for instance by President Obama’s Review Group on Intelligence and Communications Technologies.10 Nonetheless, any failure to address MLAT issues can contribute to the incentives that countries have to consider measures to localize evidence for law enforcement purposes.
Non-US governments also could take measures to reduce the effectiveness of encryption used in sending information from their country to servers in the United States or elsewhere. UK prime minister Cameron, for instance, has proposed requiring technology companies to design their products and services to ensure government access to encrypted communications, which might enable wiretaps within the UK rather than requiring access to servers located in other countries.11 As with localization proposals, there are numerous and compelling reasons to object to such proposals.12 In addition, as discussed below, effective MLAT reform could provide a useful alternative to mandates against effective encryption.
Even more broadly, problems with MLAT requests could be used as a reason to support changes in Internet governance itself. In general, the United States has promoted an open, interoperable, secure, and reliable information and communication structure. In the debates over Internet governance, to achieve these goals, the United States along with allies such as the European Union has strongly supported an inclusive multi-stakeholder model of Internet governance. As the Review Group wrote:
A competing model, favored by Russia and a number of other countries, would place Internet governance under the auspices of the United Nations (p.400) and the International Telecommunications Union (ITU). This model would enhance the influence of governments at the expense of other stakeholders in Internet governance decisions, and it could legitimize greater state control over Internet content and communications.13
To the extent non-US governments experience frustrations in obtaining electronic evidence from the United States through MLATs, there is a risk they may shift support to approaches that offer “greater state control over Internet content and communications.”
IV. US Government Goals
As a general matter, with respect to MLA, agencies across the US government share the goal of promoting good relations with other countries by responding quickly and positively where possible to their requests for information. Beyond that, our discussion of US government goals distinguishes between the law enforcement perspective and other governmental goals. Roughly speaking, law enforcement agencies such as the DOJ and FBI have a stake in making law enforcement information sharing more efficient and cost-effective. Other parts of the US government are more concerned with broader economic and diplomatic implications, including reducing other countries’ incentives to mandate localization of data. Both sets of goals are shaped by the fact that US-based companies currently provide a large share of online services globally, and consequently hold an important fraction of the world’s electronic data within the United States and therefore governed by US law. At least for the near future, the United States is a primary exporter of electronic evidence—many more requests for mutual legal assistance for electronic evidence are made of the US government than by the US government.14
A. Law Enforcement Goals
US law enforcement goals concern: (1) export of electronic evidence, (2) import of electronic evidence, and (3) the role of MLA in addressing encryption. For export of evidence, the US government has treaty obligations to respond to legitimate MLAT requests. In 2013, President Obama’s Review Group on Intelligence and Communications Technologies recommended substantial funding increases for OIA to respond to the rising number of MLAT requests. The administration has included such funding in its proposed budgets,15 but Congress has not yet (p.401) agreed to the increases.16 Funding increases, reforming the MLAT process, or both would be a sign that the United States is addressing the MLA problems, and could ease relations with foreign law enforcement partners increasingly frustrated by the inefficiencies of the current process. Ensuring good relations with foreign partners is critical not just for maintaining beneficial relationships in the present, but also for cooperation when US law enforcement seeks to import evidence, as is likely to happen more often as US-based investigations encounter evidence held in other nations.
In ways that have not been widely appreciated to date, MLA reform can also provide a response to the concerns expressed by FBI Director James Comey and others about increasingly prevalent encryption by technology companies.17 Director Comey has expressed particular concern about encrypted devices such as smartphones. MLA reform would not affect use of that encryption. However, prompt and effective use of MLA would in many cases provide detailed information useful to law enforcement, even if a device is encrypted and communications are encrypted in transit between the user and the cloud. For instance, many smartphone users retain photos, emails, and a vast array of other content to the cloud, where, as of now, service providers can often access the plain text of records when served with a court order. In addition, transborder requests can obtain access to the abundant metadata typically associated with a smartphone, such as the time and duration of calls and location of the phone, which is also available to service providers when served with a court order.18
B. Other US Government Goals
Addressing foreign concerns about today’s MLA process implicates other important goals of US policy, such as economic growth, the competitiveness of US industry, the protection of free speech and other human rights, and governance of the Internet itself. Localization laws, such as the recent Russian law, affect all (p.402) of these goals.19 These laws can serve as a protectionist barrier to trade, creating an economic burden on technology companies, such as requiring them to spend resources to create expensive new server facilities or making it too expensive to enter a foreign market. Localization rules create security risks, as company-managed flows of data come under the supervision of national authorities who may themselves conduct surveillance on those records, or may access records and not retain them in a secure fashion. They also can reduce human rights protections, when the country with the localization laws can access all data, in contrast to the screening done by the US Department of Justice to ensure protection of free speech and other human rights when responding to MLA requests.
For countries that object to strict rules concerning access to data in the United States, frustration with the MLA process can also be used as a rationale for shifting power to the International Telecommunications Union or some other mechanism for legally requiring greater access. The US government has opposed such proposals, believing instead that top-down Internet governance by nation-states would threaten the “open, interoperable, secure, and reliable information and communications infrastructure that supports international trade and commerce, strengthens international security, and fosters free expression and innovation.”20
V. Goals of Technology Companies
The companies most involved in current MLA debates are US-based email, social network, and other companies that provide online consumer services in numerous countries.21 These companies have been driving the two trends affecting the current MLAT process: the offering of services in one country with the data being stored on cloud servers in another country (often the United States) and expanding the use of encryption for communications that previously were subject to local wiretaps.
The views of these companies with relation to MLA are complex, because multiple goals of these companies and their employees are affected. For instance, the companies wish to provide high-quality services to customers. While doing so, leaders of these companies have a sincere belief in fostering human rights and protecting free speech on the Internet; they also have a sincere desire to cooperate with lawful requests for prosecution of dangerous criminals. Based on extensive interviews, we have identified six goals, which we present here in order of (p.403) expositional clarity, and not from most to least important: (1) avoiding conflicting legal rules, (2) opposing data localization requirements, (3) cooperating with appropriate requests from law enforcement, (4) acting consistently with human rights goals, (5) retaining access to as many markets as feasible, and (6) developing practices that enhance the company’s reputation, especially for trustworthy stewardship of emails, social networking, and other records.
A first concern is to avoid conflicting legal rules, notably where the United States prohibits release of records under the Electronic Communications Privacy Act but another country requires release of those same records. Companies have faced credible threats from foreign countries that local employees would be jailed or otherwise punished if the company did not comply with local demands for evidence. Companies, facing these threats, understandably would like to support an MLA system that provides clear rules for when records should be produced, in ways that comply with the laws of all relevant countries.
A second understandable concern of global technology companies is to minimize the burdens they face from data localization laws. The United Nations has nearly two hundred Member States.22 By contrast, Google lists 14 data centers as of September 2015,23 and a single Microsoft data center in Virginia cost $1 billion.24 The mismatch between number of countries and number of data centers led the Review Group to write: “Global inter-operability has been a fundamental technical feature of the Internet; bits flow from one user to the next based on technical considerations rather than national boundaries. National efforts to tamper with this architecture would require pervasive technical changes and be costly in economic terms.”25
Third, companies would like to comply with legitimate law enforcement records requests, for reasons including the business benefits of cooperating with governments as well as a sincere desire to assist in deterring and punishing criminal conduct. Major technology companies today employ former prosecutors and law enforcement agents, who often have special sympathy for and insight about the law enforcement mission.
Fourth, the reasons to assist each nation’s law enforcement, by providing ready access to records, can be in tension with the companies’ desire to act consistently with human rights goals such as promotion of privacy, democracy, and free speech. Google, Microsoft, and Yahoo! were the founding corporate members of the Global Network Initiative, dedicated to “protecting and advancing freedom (p.404) of expression and privacy in information and communication technologies.”26 Such companies, and many people employed by them, have strong ties to civil society organizations in the Digital Due Process Coalition, which supports stricter rules for US government access to records under ECPA.27
Fifth, the companies for business reasons would like to retain access to as many national markets as feasible. The business benefits of expanding to all countries are balanced by the risks of doing business in certain markets, such as potential punishments of employees if records are not produced from the United States, employees’ opposition to support for dictators or violations of human rights, and reputational harm resulting from any such support. An improved MLA system would clarify which nations are following procedures consistent with a company’s policies about which national markets to participate in.
Sixth, in the post-Snowden era, major companies wish to assure customers that the companies will provide trustworthy stewardship of communications. Both within and outside of the United States, the companies have an incentive to demonstrate that use of their services is not tantamount to providing access to the NSA. Clarity in the MLA process helps the companies show that they comply with appropriate requests for government access, but that consumers can fundamentally expect careful handling of communication records.
Smaller companies also face negative consequences from localization requirements. Such firms lack the economies of scale to construct multiple data centers and face obstacles to competing with local companies while paying the costs of relying on local data centers. Although smaller companies could choose not to comply with data localization laws, doing so would require them to hold no assets in a territory with a data localization law, and employees traveling to those territories could face the risk of arrest.28
In sum, these six goals show the complex considerations that major technology companies face with respect to MLAT reform. Reconciling these considerations will by no means be a simple task, but clarifying the multiple goals will assist in crafting a thoughtful and sustainable overall strategy.
VI. Goals of Civil Society
Civil society groups support international institutions, including MLATs, that protect privacy and free speech, and promote democracy and democratic dissent. (p.405) The current system already has many positive features from the civil society perspective, and reforms might result in an even more positive system. On the other hand, civil society groups may differ in the priorities they set on protections that apply in the United States, in Europe and other democratic countries, and in repressive regimes. Failure to update the MLAT process also risks data localization and other measures that could strengthen the position of non-democratic governments in Internet governance.
The positive features of the current MLA system derive from the strong US protections for both privacy and free speech. Under current law, foreign governments seeking communications stored in the United States generally must show probable cause of a crime, as found by a neutral US magistrate, before the contents of those communications can be shared to the requesting country. In contrast to other areas of privacy law, the United States is often stricter than European and other countries when it comes to the standard for law enforcement access to communications data.29 In addition, before sending evidence to the requesting country, OIA reviews communications to ensure compliance with the First Amendment, which is an important protection for free speech and democratic dissent. A broad array of civil society groups in general favor these sorts of privacy and free speech protections.
Civil society groups may have somewhat different priorities in the MLA reform process, depending on the extent to which they focus on the rules that apply in the United States, in making disclosures to Europe and other democratic countries, and when information is shared with repressive regimes. US-based groups have supported stricter standards for US government access to communications information, some of which were enacted in 2015 in the USA Freedom Act, which among other provisions created new privacy protections limiting bulk collection for foreign intelligence purposes.30 US-based civil society groups hope to achieve comparable reform for law enforcement purposes under ECPA, most prominently through the campaign of the Digital Due Process Coalition. In summary, the Coalition seeks: (1) communication contents and location information only with a probable cause warrant, (2) to/from and other metadata under stricter standards than today, and (3) no bulk collection by subpoena.31 These reforms would heighten the standards within the United States for law enforcement access.
(p.406) EU civil society groups have reason to place a priority on the protections that apply to communications made in or from the EU. For these groups, the MLA process presents an opportunity to advocate for stricter rules for access in EU countries. For instance, EU groups could favor having the United States stand firm on the requirement for a neutral magistrate, as a way to push for a judicial role for access requests in the EU.
In considering MLAT reform, civil society groups focused on protecting human rights in repressive regimes have a similar incentive to favor maintaining the current US rules. Notably, the free speech protections in current US law generally bar release of evidence from the United States for “political” crimes that constitute protected speech under the US First Amendment. These groups would be wary of any proposal that reduced the US Department of Justice scrutiny of evidence under the First Amendment.
Possible tensions could exist among these priorities of different civil society groups. For instance, consider the example of the German burglary, with German suspects, but with evidence in the United States. Some reform proposals would apply German law to such requests, so that US companies could provide the evidence under German procedural rules, even where ECPA would otherwise require a probable cause warrant. That approach could be disappointing for EU-based civil society groups, because of the lost opportunity for strengthening EU law. The approach, however, might be more tempting for US-based civil society groups if it were part of a package that created other reforms supported by the Digital Due Process Coalition. This example is not given to take a position on such a reform proposal; instead, the point is that different civil society groups may understandably have different priorities, while generally wishing to strengthen civil liberties protections.
As with other reform efforts, civil society groups can face trade-offs among multiple goals. One goal is to strengthen the standards for law enforcement, such as the Digital Due Process Coalition proposals would do. Another goal is to maintain an open Internet, including skepticism about data localization and a large role for the International Telecommunications Union. ECPA reform would enhance privacy by raising the standards for US government access to records, as well as the standards that non-US requests would have to meet. ECPA reform would also be a model for other nations to follow, and the desire to use MLA to gain evidence could create leverage to encourage other nations to level up to the US procedural standards. On the other hand, stricter US standards for MLA could backfire. If MLA becomes even more unworkable, then non-US countries have stronger reasons to consider localization proposals or other measures to gain records without recourse to the rule-of-law MLA process. More nations could similarly be tempted to look to the ITU or other Internet governance arrangements that grant greater sovereignty to each nation, if such reforms helped nations gain access to the evidence they seek. In short, civil society organizations thus face strategic choices about how to pursue both the US law reform agenda as well as measures that will protect privacy, free speech, and democratic dissent outside of the United States.
This chapter, based on extensive interviews to date with relevant stakeholders, has sought to articulate the goals of major stakeholders in the MLAT process. This sort of realistic assessment of the major actors is an essential step, we believe, toward designing and achieving significant reform of the MLAT process. (p.408)
(*) For support of our ongoing MLAT research, the authors wish to thank: the Future of Privacy Forum, the Georgia Tech Institute for Information Security and Privacy, the Georgia Tech Scheller College of Business, and the Hewlett Foundation. In addition, we thank Apple, Facebook, Google, and Microsoft for their research support. The views expressed here are solely those of the authors.
(1.) The other initial article in this research project is Peter Swire and Justin D. Hemmings, “Mutual Legal Assistance in an Era of Globalized Communications: The Analogy to the Visa Waiver Programme,” 71 NYU Annual Survey of American Law 687 (2017), http://ssrn.com/abstract=2728478. One theme of that article is the possibility of enacting a Mutual Legal Assistance statute, rather than treaty, modeled on the statutory basis for the Visa Waiver Programme. Our discussion thus generally applies to Mutual Legal Assistance (MLA) issues, and uses the term “MLAT” where the treaties are directly implicated.
(2.) For discussion of current MLAT issues, see Andrew K. Woods, “Data beyond Borders: Mutual Legal Assistance in the Internet Age,” Global Network Initiative (January 2015) 6–7; Richard A. Clark and others, Liberty and Security in a Changing World: Report and Recommendations of The President’s Review Group on Intelligence and Communications Technologies (December 12, 2013), https://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf. One part of our research project is to analyze how MLAT issues interact with the issues about how cross-border personal data will flow between the European Union and the United States in the aftermath of the Schrems decision that found the EU/US Safe Harbor unlawful. An interesting aspect of that discussion will be that Schrems focused on instances where the European concern has been that data protection rules in the United States are too lax, whereas MLATs involve instances where the concern is that the rules in the United States are too strict. This article, originally written before the Schrems decision, will note the interactions but not focus on that complex topic.
(3.) See United States v Warshak, 631 F 3d 266 (6th Cir, 2010). The holding in Warshak has not been adopted by appellate courts outside the Sixth Circuit, nor has it been addressed by the Supreme Court, leaving the issue unresolved in the rest of the United States. In practice, however, all major companies based in the United States insist that government agencies obtain a warrant to compel disclosure of content, and it now appears to be the practice of all US law enforcement agencies to do so.
(4.) 18 U.S.C. SS 2702(a), 2703(c) (2012).
(6.) Peter Swire, “From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud,” 2 Intl Data Privacy Law 200 (November 2012), http://idpl.oxfordjournals.org/content/2/4/200, http://ssrn.com/abstract=2038871.
(7.) Convention on Cybercrime (entered into force January 7, 2004) CETS No 185, http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm.
(8.) Natalia Gulyaeva and Maria Sedykh, “Russia Enacts Data Localization Requirement; New Rules Restricting Online Content Come into Effect,” Hogan Lovells Chronicle of Data Protection (July 18, 2014), http://www.hldataprotection.com/2014/07/articles/international-eu-privacy/russia-enacts-new-online-data-laws/; Federal Law of 27 Jul. 2006 No 152-FZ “On Personal Data” (Russia); Allison Grande, “Brazil Nixes Data Localization Mandate from Internet Bill,” Law360 (March 2014), http://www.law360.com/articles/520198/brazil-nixes-data-localization-mandate-from-internet-bill.
(9.) All three of these possible motives are implicated in the aftermath of the European Court of Justice decision in Schrems, striking down the Safe Harbor. The Court concluded that personal data about Europeans would not be protected adequately in the United States. At the time of writing, there is uncertainty about whether data protection authorities will make similar inadequacy findings about other lawful bases for transferring data, such as model contracts or Binding Corporate Rules. To the extent lawful bases do not exist or become more difficult to implement, then data localization in the European Union becomes a more important option for businesses. In addition, some writing after the Schrems decision, such as by Europe-based cloud providers, has emphasized the business incentives for companies to hire EU-based cloud providers rather than other global providers, which potentially raises issues of protectionist effects after the Schrems decision.
(11.) Rob Price, “David Cameron Is Going to Try and Ban Encryption in Britain,” Business Insider (July 1, 2015), http://www.businessinsider.com/david-cameron-encryption-back-doors-iphone-whatsapp-2015-7?r=UK&IR=T; James Temperton, “No U-Turn: David Cameron Still Wants to Break Encryption,” Wired (July 15, 2015), http://www.wired.co.uk/news/archive/2015-07/15/cameron-ban-encryption-u-turn.
(12.) Going Dark: Encryption, Technology, and the Balance between Public Safety and Privacy: Hearing Before the S Comm on the Judiciary, 114th Cong (2015) (statement of Peter Swire, Huang Professor of Law and Ethics, Scheller College of Business, Georgia Institute of Technology), http://www.judiciary.senate.gov/meetings/going-dark-encryption-technology-and-the-balance-between-public-safety-and-privacy.
(14.) Factual statements here, such as the position of the United States as a net evidence exporter, are based on the extensive interviews we have conducted to date.
(16.) HR Rep No 113-448 (2015) 43–44, https://www.congress.gov/congressional-report/113/house-report/448.
(17.) Going Dark: Encryption, Technology, and the Balance between Public Safety and Privacy: Hearing Before the S Comm on the Judiciary, 114th Cong (2015) (statement of James Comey, Director, Fed Bureau of Investigation), http://www.judiciary.senate.gov/meetings/going-dark-encryption-technology-and-the-balance-between-public-safety-and-privacy. For one response to Comey’s concerns, see Going Dark: Encryption, Technology, and the Balance between Public Safety and Privacy: Hearing Before the S Comm on the Judiciary, 114th Cong (2015) (statement of Peter Swire, Huang Professor of Law and Ethics, Scheller College of Business, Georgia Institute of Technology), http://www.judiciary.senate.gov/meetings/going-dark-encryption-technology-and-the-balance-between-public-safety-and-privacy.
(18.) Nicholas Weaver, “iPhones, the FBI, and Going Dark,” Lawfare (August 4, 2015), https://www.lawfareblog.com/iphones-fbi-and-going-dark.
(20.) White House, International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World (May 2011).
(21.) As noted in the initial footnote, funding for our ongoing research comes in part from technology companies as well as foundation funding, all of whom have provided such funding in order to advance research and reform on these issues but without overseeing the content of our writing. The views expressed here are solely those of the authors.
(23.) Data Center Locations, Google http://www.google.com/about/datacenters/inside/locations/index.html.
(24.) Rich Miller, “Microsoft’s $1 Billion Data Center,” Data Center Knowledge (January 31, 2013), http://www.datacenterknowledge.com/archives/2013/01/31/microsofts-1-billion-roofless-data-center/.
(26.) Core Commitments, Global Network Initiative http://www.globalnetworkinitiative.org/corecommitments/index.php.
(28.) Notably, previous Russian data protection legislation has specifically applied only to businesses with a legal presence in Russia and that process personal data on Russian soil. It has not yet been determined whether the same limits will apply to the data localization law, but if they do then smaller companies would only need to comply with the law if they sought to open operations within Russia. Gulyaeva and Sedykh, “Russia” (above note 8).
(29.) One part of our research project on MLATs is to explore how the relatively strict US approach to transborder flows for law enforcement intersects with the relatively strict EU approach to other transborder data flows, as shown in the 2015 decision striking down the EU/US Safe Harbor. We are researching a forthcoming article for the Emory Law Journal that addresses that subject.
(30.) Peter Swire, “The USA FREEDOM Act, the President’s Review Group and the Biggest Intelligence Reform in 40 Years,” IAPP Privacy Perspectives (June 8, 2015), https://iapp.org/news/a/the-usa-freedom-act-the-presidents-review-group-and-the-biggest-intelligence-reform-in-40-years.