by Chris Calabrese, Vice President, Policy, Center for Democracy & Technology
Last week in United States vs. Microsoft, the Department of Justice (DOJ) petitioned the Supreme Court to decide the reach of the U.S. government when compelling U.S. companies to turn over data stored outside the U.S. Courts are divided on the issue. The Second Circuit Court of Appeals held that the Electronic Communications Privacy Act (ECPA) cannot reach extraterritorially. Magistrates in other circuits have disagreed, interpreting the search as occurring where a company discloses data, not where the data is seized. However, what no one disputes is that as the number of requests skyrockets, the system for accessing data across borders is deeply in need of reform and that courts are ill-suited to tackle the complicated equities at stake.
The current system uses Mutual Legal Assistance Treaties (MLATs) to allow foreign law enforcement to pass requests to their domestic counterparts, who in turn serve them on specific providers. The process is slow and sometimes frustrating for law enforcement. U.S. service providers are frequently caught in the middle – they are not only worried about violating the privacy rules of a particular country, but also about thwarting legitimate investigations. At the same time, privacy advocates rightly note that U.S. law – undergirded in many cases by the protections of the Fourth Amendment – is particularly strong and should not be abandoned.
While there are no perfect solutions to this problem, at the Center for Democracy & Technology we have argued that significant progress can made through a package of reforms focused in four areas: