After more than two years in effect, the U.K.-U.S. Data Access Agreement (an “e-evidence agreement” enabled by the U.S. Clarifying Lawful Overseas Use of Data (CLOUD) Act) has proved a game-changer for the United Kingdom’s law enforcement agencies, which have made tens of thousands of real-time intercept requests directly to U.S. service providers. U.S. law enforcement agencies have made much more limited use of the agreement, primarily because little of the investigative data they need is held by U.K. providers. The U.S. Department of Justice also has expressed muted disappointment with aspects of U.K. implementation.
This article, by U.S. and U.K. ex-government officials, explores the reasons behind this initial experience. It also explores the potential impact on the agreement of an alleged U.K. order directed at Apple, purportedly compelling the company to produce data in unencrypted form for use by U.K. agencies. A U.S. House of Representatives Judiciary Committee sub-committee, and elements of the U.S. Executive Branch, regard as unacceptable any use of the agreement to obtain e-evidence from a U.S. provider pursuant to a U.K. decryption order. The U.S. Department of Justice and U.K. Home Office likely will need to address the dispute.
The authors also consider lessons from the U.K.-U.S. agreement for the ongoing e-evidence negotiation between the United States and the European Union.
To read the full article on Lawfare, click here.
* * *
These statements are attributable only to the authors, and their publication here does not necessarily reflect the view of the Cross-Border Data Forum or any participating individuals or organizations.
