Last week, Senators Hatch, Coons and Heller introduced the Law Enforcement Access to Data Stored Abroad (LEADS) Act which seeks to clarify the powers that warrants issued by the U.S. courts have on data stored abroad. The LEADS Act also focuses on reforming the Mutual Legal Assistance Treaty (MLAT) process, which are agreements designed for law enforcement agencies to receive and provide assistance to their counterparts in other countries. If enacted, this law could have both immediate effects on a current court case, and far-reaching effects on international agreements for cross-border access to data for law enforcement purposes.
Until now, the U.S. government has argued that it could use the powers granted to it under the Electronic Communications Privacy Act (ECPA) to gain lawful access to data stored abroad if the company storing it had a presence on U.S. soil. The LEADS Act would clarify ECPA, stating specifically that the U.S. government cannot compel the disclosure of data from U.S. providers stored abroad if accessing that data violates the laws of the country where it is stored or if the data is not associated with a U.S. person—a citizen or lawful permanent resident of the United States, or company incorporated in the United States.
The LEADS Act would also seek to improve the federal government’s MLAT process. It would increase accessibility and transparency by requiring an online intake form and docketing system where foreign governments could both submit MLAT requests electronically and track the status of those requests. Under the Act, the Department of Justice (DOJ) would also be required to notify providers that requests it receives are pursuant to an MLAT. Additionally, it would seek to provide accountability by requiring the DOJ to annually publish statistics on the number of MLAT requests it receives and completes, as well as their average processing time. These improvements are designed to increase the efficiency of the DOJ’s handling of foreign MLAT requests, which often languish due to lack of adequate resources. The hope here is while the U.S. government cannot do much to improve other governments’ MLAT processes, it can streamline its own and contend that others should do likewise.
Finally, the Act provides a sense of Congress that data localization imposed by foreign governments is incompatible with the borderless nature of the Internet, an impediment to online innovation, and unnecessary to meet the needs of law enforcement. This proclamation is aimed at potential criticism of this proposal: that foreign governments may store their data within their borders to keep it away from the prying eyes of the U.S. government.
The need for this law is reflected in a current court case between Microsoft and the U.S. government. Last year, as part of a drug investigation, an as yet unidentified U.S. law enforcement agency obtained a warrant compelling Microsoft to surrender data from an unknown person’s email account stored in a data center in Dublin, Ireland. Microsoft refused, arguing that the U.S. government cannot force a private party to conduct a search and seizure operation on foreign soil. Microsoft lost its first challenge in April and its first appeal in July, and has signaled its intention to appeal the case further.
In a recent op-ed, Daniel Castro and I argued that the Microsoft Ireland case could lead to several unintended consequences and strengthening the MLAT process was the best alternative. The LEADS Act takes that approach, and we commend Senators Hatch, Coons, and Heller for starting this discussion. Congress should move expediently to take up the LEADS Act. With Microsoft’s appeal hearing expected sometime next year and other countries looking to U.S. actions as a template for their own laws, this conversation cannot wait.
Photo Credit: Tom Blackwell