UK Investigative Agencies Want To Be Able To Send Warrants To US Companies
from the lots-of-'solutions,'-all-of-them-terrible-in-different-ways dept
Because citizens are localized but their data isn’t, things aren’t going to get any less weird as time progresses. Or any less legally troublesome. Ellen Nakashima and Andrea Petersen of the Washington Post have seen a copy of a draft negotiating document between UK and US representatives that would allow MI5 (and presumably other agencies) to access data and communications held on US servers.
The transatlantic allies have quietly begun negotiations this month on an agreement that would enable the British government to serve wiretap orders directly on U.S. communication firms for live intercepts in criminal and national security investigations involving its own citizens. Britain would also be able to serve orders to obtain stored data, such as emails.
UK agencies would still be locked out of obtaining information or data on US persons and it would take legislation to actually make this access a reality, but it’s apparently being considered, as UK officials feel this issue is standing in the way of investigations/counterterrorism efforts.
As it stands now, UK agencies must make formal diplomatic requests which rely on a Mutual Legal Assistance Treaty — a process that can take months. That’s not good enough, apparently. Everyone wants instant access, including UK agencies, and a strong streak of entitlement (the same entitlement guiding FBI director James Comey’s one-sided “debate” on encryption) runs through the arguments for this expansion of the UK’s legal powers.
“Why should they have to do that?” said the administration official. “Why can’t they investigate crimes in the U.K., involving U.K. nationals under their own laws, regardless of the fact that the data happens to be on a server overseas?”
Why indeed? Why comply with existing laws or territorial restrictions? After all, the FBI is working toward the same end, pushing for the right to hack servers located anywhere in the world when pursuing criminals.
Several issues need to be addressed before UK agencies can be granted permission to demand communications and data from US companies. For one thing, a warrant issued in the UK is not exactly the same thing as a warrant issued in the US. The legal standards may be similar, but they’re still a long ways from identical.
The negotiating text was silent on the legal standard the British government must meet to obtain a wiretap order or a search warrant for stored data. Its system does not require a judge to approve search and wiretap warrants for surveillance based on probable cause, as is done in the United States. Instead, the home secretary, who oversees police and internal affairs, approves the warrant if that cabinet member finds that it is “necessary” for national security or to prevent serious crime and that it is “proportionate” to the intrusion.
Note the “silence” on the differences between the legal standards. It appears no one involved in this discussion is interested in digging into these disparities.
A second administration official said that U.S. officials have concluded that Britain “already [has] strong substantive and procedural protections for privacy.” He added: “They may not be word for word exactly what ours are, but they are equivalent in the sense of being robust protections.”
As a result, he said, Britain’s legal standards are not at issue in the talks. “We are not weighing into legal process standards in the U.K., no more than we would want the U.K. to weigh in on what our orders look like,” he said.
That’s great. Both countries won’t examine each other’s legal standards because they don’t want to upset the reciprocity implicit in the draft agreement. The UK can ask for stuff from US companies and vice versa, with neither country playing by the other country’s rules. In between all of this are citizens of each respective countries, whose data and communications might be subjected to varying legal standards — not based on where the data is held, but who’s asking for it.
Of course, the alternatives are just as problematic. If an agreement like this fails to cohere, overseas governments will likely demand data and communications generated by their citizens be stored locally, where they would be subject only to local standards.
Then there’s the question of what information these agencies already have access to, thanks to the surveillance partnership between the NSA and GCHQ. Although neither agency is supposed to be focused on domestic surveillance (although both participate in this to some extent), the NSA is allowed to “tip” domestic data to the FBI for law enforcement purposes. Presumably, GCHQ can do the same with MI5. The tipped info may not be as comprehensive as what could be obtained by approaching a provider directly, but it’s certainly more than the black hole the current situation is being portrayed as. (Especially considering GCHQ already has permission to break into any computer system located anywhere in the world…)
No matter what conclusion the parties come to, legislation addressing it is likely still several months away, if it ever coheres at all. Congress — despite its occasional lapses into terrorist-related idiocy — is likely not interested in subjecting US companies to foreign laws, no matter the stated reason for doing so. But if it doesn’t oblige the UK (and others who will jump on the all-access bandwagon), it’s safe to assume the British government will move towards forcing US companies to set up local servers and segregating communications and data by country of origin.
Filed Under: surveillance, uk, us, warrants
Comments on “UK Investigative Agencies Want To Be Able To Send Warrants To US Companies”
Have warrant, will snoop.
Treaty for the mutual violation of citizen's rights
This reads like a successor to EO12333: GCHQ `accidentally’ find stuff on US citizens and relay this to the NSA, vice versa. All legal under this treaty.
Re: Treaty for the mutual violation of citizen's rights
You can pretty much bet this was already going on out from sight of the public. That it’s being pushed now most likely means someone either intends or already has a court case in the works over it.
Most of the 5 eyes have a thing where other foreign countries are fair game. Swapping data back and forth without admitting how it was gotten has been pretty standard. It’s made it all the way down to the local cop level in many cases as has been shown here at Techdirt. Misdirection on how the evidence was obtained runs far more common than any LEO office or branch wants to admit.
Re: Re: Treaty for the mutual violation of citizen's rights
thank you, exactly what i was going to point out: this is ALL about skirting the laws, UK spies on US citizens ‘legally’ (does anyone even bother to discuss what is MORAL?), then passes that on to US spooks; US spooks spy on UK citizens ‘legally’ then passes that on to UK spooks…
one hand washes the other, as mafia types say (and the spooks are nothing but ‘legalized’ kriminal syndicates…)
All working toward a one world government
The push toward a one world government is getting stronger and stronger. Unfortunately, it is only due to the governments need to control the people; the people are not asking for this.
This will open up the system to all kinds of abuses. How will an American company know or vet that the UK is asking for info on a British citizen and not a US citizen? They will be forced to comply and unable to verify the citizenship of the people being spied upon.
Re: All working toward a one world government
The problem with all large organizations is that the larger they get the bigger the psychopath in charge, and the worse the inter department fighting gets.
Foriegn Laws
Congress — despite its occasional lapses into terrorist-related idiocy — is likely not interested in subjecting US companies to foreign laws
Although perfectly happy to subject foriegn companies to US laws.
Re: Foriegn Laws
Congress — despite its occasional lapses into terrorist-related idiocy — is likely not interested in subjecting US companies to foreign laws
This is not entirely true. It is my understanding that there are toll roads in Canada that work from license plate readers. Several states have agreed to provide info to Canada so they can bill US drivers who travel those toll roads. Though it is apparently states working this out with Canada and not congress. But still, I cannot imagine why the sheeple would allow this?
Re: Re: Foriegn Laws
I cannot imagine why the sheeple would allow this?
Because without it there would have to be toll booths and so your journey would also be interrupted and you would have to pay more!
Do you think it would be a good idea if Americans could walk into any shop in Canada and just take stuff for free?
(Disclaimer – I don’t think toll road are a good idea – however the fee is collected – but if you have them you may as well collect the fee int he most appropriate way)
Re: Re: Re: Foriegn Laws
Do you think it would be a good idea if Americans could walk into any shop in Canada and just take stuff for free?
Sure, if those shops were setting transportation infrastructure provided by the government. With US tax dollars, we pay for lot of roads that Canadians are allowed to drive on. Non-toll roads in Canada are “taken” for free when we drive on those. Because someone decided on a rather dumb plan to collect these taxes does not make it any more appropriate to shift a tax burden on a neighboring country.
Also, Canadians should be driving in the EZPass lane in the US and not paying the bill.
Re: Re: Re: Foriegn Laws
Do you think it would be a good idea if Americans could walk into any shop in Canada and just take stuff for free?
So completely not the same thing. If they want foreigners to pay a toll, then they should setup a way to collect it while they are in Canada. For the US or state governments to allow a foreign country to identify American drivers and send them a bill is crazy.
Re: Re: Re:2 Foriegn Laws
You and MIchael should both read the whole of my comment – your points are already answered.
Re: Foriegn Laws
three words…T. P. P.
Re: Re: Foriegn Laws
Wrong treaty – the UK is nowhere near the Pacific.
Re: Re: Re: Foriegn Laws
I think he’s pointing out that Congress is subjecting us citizens and companies to foreign laws because of trade agreements like the tpp
Is there still such a thing as a U.S. company?
Is there still such a thing as a U.S. company? It seems like they are all multi-national corporations now days. OK there are a lot of little firms are still U.S. owned, I know.
as long as its to protect the economic interests of the few chidlrens and temorisms thats fine by me
There’s only one problem with this move. No U.S. court would ever allow this. Countries cannot server any kind of warrants on another country simply because each country is sovereign.
If Germany wants to serve a warrant on an American country, they simply cannot because they lack jurisdiction to do so. The only way this would be possible is if Congress passes a law that allows foreign countries to server warrants on American companies and the current state of our political system will never allow that to happen.
The European Union is over-reaching. Unless they also allow American warrants to be served on European Union companies (something they have always been reticent to do), I just don’t see this happening.
Additionally, a world government? Unifying the entire planet under one government will never happen because of the TSA, borders, laws in different countries. It would take hundreds of years for this to happen and with such conflicts as the one between Israel and the formation of the Palestinian State, this is unlikely to happen. Israel doesn’t want a unified state and does anyone think that something like this will ever happen?
It just isn’t going to happen in our lifetime, our children’s lifetime nor even our children’s grandchildren’s lifetime.
Re: Re:
Ask Kim Dotcom just how true that is, as all his assets in various countries have been seized VIA US issued warants.
Limits on globalization?
This sounds like another case of “Globalization for me, but not for thee!”, right along with “region coding” for DVDs, the copyright parts of TPP, offshoring jobs, and the like.
Only Law Enforcement, spies, and the rich get to benefit from globalization. Everyone else gets the raw end of it.
What goes around, comes around
“Why should they have to do that?” said the administration official. “Why can’t they investigate crimes in the U.K., involving U.K. nationals under their own laws, regardless of the fact that the data happens to be on a server overseas?”
I’m sure the UK authorities frequently ask the same question about the FBI.
The only problem with this is that federal courts in the United States would not grant any of these warrants since there are jurisdictional problems.
Sweden, Spain, France, United Kingdom, Denmark, Germany, Greece and so on … if any of these countries tried serving a warrant on an American company, they would be laughed out of the court because unless the matter involved international law, these countries and their warrants would be dismissed purely on a lack of jurisdiction.
I just don’t see the European Union successfully presenting a warrant to an American company. There are simply too many obstacles standing in the way and they wouldn’t even be binding, not even in an international court.
In regards to copyright law, that is different, since copyright law is recognized by the international community and the international courts. The E.U. has a lot of hurdles in their way and I simply do not see them succeeding.
Not only that, but this is all being done secretly. They want to be able to issue these warrants but they don’t want anyone else to know what they’re doing. Kind of reminds of congress passing all of that warrantless surveillance until the NSA started scooping up the data of congress and then congress started complaining.
It was a situation where ‘spy on everyone but don’t spy on me’. These types of things have the habit of backfiring.
Correction
Pretty sure it’s Andrea Peterson not Petersen, Tim.
https://www.washingtonpost.com/people/andrea-peterson
It shouldn’t be easy for criminals to evade a lawful warrant served by their government merely by hosting their communications in another country.
Re: Re:
‘It makes our job harder’ is not, and never has been, a valid excuse to dodge around limits imposed by the law. Do it according to the applicable laws, or don’t bother.
The problem with making ‘It’s good enough for our jurisdiction, so it should be good enough for yours’ an acceptable legal idea is that it allows the country/government with the weakest legal protections to benefit the most, and ‘export’ in a sense their weaker laws and apply them to other countries.
If the requirements for a UK warrant don’t meet the requirements for a US warrant for example, they shouldn’t be able to say ‘Oh well, it’s valid anyway’ and force US companies to comply with it. They want the information from a US company, make a request through the US courts.
Should read: warrants to U.S. SMALL Companies.
Note that the bigger carriers are multinational, and they can be pressured directly from afar in many cases. This has been true since ITT spied for the allies AND the nazis during WWII. (See: The Sovereign State of ITT)
Doing this sort of thing at the state level (U.S. state) would be unconstitutional due to the articles restricting treaties with foreign governments. So it could ONLY be handled through the fed.
I have a hard time seeing how that would work:
U.K. calls some company, company says “no”. U.K. calls the fed. Fed jackboots company. State gets pissed off. (not likely to end well) Perhaps that’s the point?
The other big issue is warrants against personal data of intelligence value. MI5 could call AT&T and request a tap on on U.S. military contractor for example. AT&T would have no way of knowing that the data base of intelligence value before compliance. And why should MI5 get a discount? If they want U.S. Military secrets, they can just buy them from the Chinese like everybody else.
DoJ trying to access MS servers in Ireland
Another wrinkle, although not directly related, the DoJ has been trying to subpoena records from a MS subsidiary’s servers in Ireland, which MS’ lawyers say are outside of US jurisdiction. DoJ is contending they should have access to any company’s records so long as they have a presence on US soil. This has led some people from using US-based cloud services, opting for EU-based providers because the DoJ doesn’t have jurisdiction over them.
If a EU prosecutor can subpoena records of a US company, what’s next.
Also, EU data retention statues are shorter than the US. That will have to be normalized also.
The red flag is that Mrs May doesn’t trust the police, judges MI5 or anyone else other than the person in her position to serve these warrants. Doesn’t it seem silly to have the 2nd most powerful person in government ok’ing email warrants, She has her own work to do…
Old excuses
Plausible deniability isn’t plausible anymore.
Constitutional warrant requirements
If only we could harness the power from the rotational forces of the founding fathers collectively rolling over in their graves…
Without probable cause, there is only a general warrant, which is unconstitutional. We have no business assisting in enforcing legal standards that differ from our own and which we abandoned as inferior.
The UK Investigative Agencies are missing the point, in my opinion. This may very well be their personal Christmas present to law enforcement but it’s doubtful that any country would adhere to some policy created by another country.
There are serious jurisdictional problems that are at play here which UKIA doesn’t address. First, it would require that new laws be passed in each country/government where these warrants would be presented. Simply getting people in your country to say ‘we’re gonna do this’ doesn’t make it legally binding.
Second, while extradiction warrants are widely recognized by most countries as long as they are properly filed with established courts (along with safeguards preventing their abuse), this is different compared to what the EU wants to accomplish.
This is nothing more than the EU telling Americans “we don’t care about your rights, we just want to collect all of your data’. There are simply major problems with this, even if they manage to scam and con other countries into accepting this.