Greg Nojeim, Director of the Freedom, Security and Technology Project at the Center for Democracy & Technology.
*This post is part of ACSblog’s symposium examining proposed reforms to the Electronic Communications Privacy Act (ECPA).
As more and more data flows across state borders, the ability of law enforcement agencies to access information stored outside their jurisdiction or managed by a foreign company becomes increasingly complex. What country’s laws should apply to data requests? How quickly should access be granted and to whom? Should there be different standards for different countries? Mutual Legal Assistance (MLA) processes have been one way to address these questions.
MLA processes are those that law enforcement officials in one country trigger in another country to gain access to information over which the 2nd country has jurisdiction. The information sought may range from witness testimony to communications content and metadata. For example, if an investigating official in France needs communications content of a Gmail user in France to investigate a crime, she does not make the request directly to Google, but rather approaches a central authority in France which makes a request for mutual legal assistance of the US Department of Justice (DOJ), which can provide that assistance by applying for a warrant to serve on Google to compel disclosure of this information.
It is widely perceived that MLA processes are too slow for law enforcement investigations in the digital era and that they are not up to the task of dealing with the volume of cross-border demands for data that law enforcement agencies need to make. A number of ideas are being put forth to address this problem and its many complexities. This post is an attempt by the Center for Democracy & Technology (CDT) to spur public debate on one such idea and to solicit input that would inform a solid MLAT reform proposal.