How do African law enforcement authorities access African data held by US companies for the purpose of legitimate criminal investigations? How―and to what extent― can African countries benefit from the cross-border data access reform initiatives emerging in Europe and the US? How should African stakeholders approach the internet’s increasing cross-border legal challenges? These are some of the questions raised at one of the sessions of the recent virtual conference hosted by the Internet & Jurisdiction Policy Network (I&J) in partnership with the African Union Commission (AUC).[1] The conference brought more than 130 participants of key regional stakeholders together to discuss a range of transnational and regional challenges in cyberspace, including cross-border access to electronic evidence.

The world’s first cybercrime treaty is undergoing an update.  When the Budapest Convention was drafted approximately 20 years ago, the treaty focused on harmonizing laws and increasing cooperation across borders so that a range of cybercrime, such as a denial of service attack or the release of a computer virus, could be prosecuted in the multiple countries affected.  It was written before the exponential growth in Internet usage, the development of cloud computing, and the digitalization of just about every kind of interaction.  These changes have made electronic evidence important to just about every crime—effectively turning almost all crime into cybercrime.  And they have also created enormous challenges for law enforcement given, among other reasons, the global nature of the Internet.  Increasingly, a range of electronic evidence relevant to and critical to the investigation and prosecution of crime – everything from basic subscriber information used to identify particular perpetrators to the content of emails – is stored in a different country from the one where the crime occurred or is being investigated.  This globalization of criminal evidence is creating significant hurdles for law enforcement.[1]

The U.S. and Australia are currently negotiating an executive agreement under the U.S. CLOUD Act. The pending Australian ‘Telecommunications Legislation Amendment (International Production Orders) Bill 2020’ (the ‘Bill’) is designed – amongst other things – to bring Australian law in line with the U.S. CLOUD Act’s requirements and to provide a legal basis for an executive agreement to enter into effect. Such an executive agreement is anticipated to be similar to the one which has already been agreed between the U.K. and the U.S.

The 2019 international agreement between the United Kingdom and the United States[1] on access to electronic evidence has attracted wide attention as a new tool of international assistance in criminal matters.[2]  Historically, countries have conducted such cooperation pursuant to mutual legal assistance treaties (MLATs). The UK-US CLOUD Agreement, however, is the first international instrument putting in place a new mechanism providing that law enforcement authorities can request e-evidence directly from a cloud service provider, without going through MLAT procedures.

Peter Swire and Justin Hemmings’ article Overcoming Constitutional Objections to the CLOUD Act assesses potential facial and as-applied constitutional challenges to the CLOUD Act under the Fourth Amendment. The authors argue that - without a strong fact pattern for plaintiffs - it would appear difficult to overturn the CLOUD Act on Fourth Amendment grounds.

Prof. Peter Swire’s Lawfare Blog article “Foreign Intelligence and Other Issues in the Initial Opinion in Schrems II,” reviews the Dec. 19 initial opinion from Advocate General Henrik Saugmandsgaard Øe. In his article, Swire provides background on the Schrems litigation and a brief summary of the “holdings” of the Advocate General’s opinion. While the Advocate General’s opinion is not a binding decision of law; it is generally considered an important prediction of the full Court of Justice of the European Union’s (CJEU’s) decision, which is expected in the first quarter of 2020.