wsj.com U.S. to Allow Foreigners to Serve Warrants on U.S. Internet Firms Devlin Barrett and Jay Greene Updated July 15, 2016 8:00 p.m. ET
http://www.wsj.com/articles/obama-administration-negotiating-international-data-sharing-agreements-1468619305 The Obama administration is working on a series of agreements with foreign governments that would allow them for the first time to serve U.S. technology companies with warrants for email searches and wiretaps—a move that is already stirring debates over privacy, security, crime and terrorism. Brad Wiegmann, a senior official at the Justice Department, discussed the administration’s efforts during a public forum on Friday at a congressional office building in Washington, D.C. The first such agreement is being assembled with the U.K., he said. Word of the plans came one day after a federal appeals court ruled that federal warrants couldn’t be used to search data held overseas by Microsoft Corp. MSFT -0.07 % , dealing the agency a major legal defeat. The court’s decision in favor of Microsoft could prove to be a major barrier to the Obama administration’s proposed new rules to share data with other nations in criminal and terrorism probes, which would be sharply at odds with the ruling. It might lead some companies to reconfigure their networks to route customer data away from the U.S., putting it out of the reach of federal investigators if the administration’s plan fails. The Justice Department has indicated it is considering appealing the Microsoft ruling to the Supreme Court. Meanwhile, Justice Department officials are pressing ahead with their own plan for cross-border data searches. Under the proposed agreements described by Mr. Wiegmann, foreign investigators would be able to serve a warrant directly on a U.S. firm to see a suspect’s stored emails or intercept their messages in real time, as long as the surveillance didn’t involve U.S. citizens or residents. Such deals would also give U.S. investigators reciprocal authority to search data in other countries. “They wouldn’t be going to the U.S. government, they’d be going directly to the providers,’’ said Mr. Wiegmann. Any such arrangement would require that Congress pass new legislation, and lawmakers have been slow to update electronic privacy laws. That U.K. agreement, which must be approved by the legislatures of both countries, could become a template for similar deals with other countries, U.S. officials said. Mr. Wiegmann said the U.S. would strike such deals only with nations that have clear civil liberties protections to ensure that the search orders aren’t abused. “These agreements will not be for everyone. There will be countries that don’t meet the standards,’’ he said. Greg Nojeim, a privacy advocate at the Center for Democracy and Technology, criticized the plan. He said it would be “swapping out the U.S. law for foreign law’’ and argued that U.K. search warrants have less stringent judicial protections than U.S. law. British diplomat Kevin Adams disputed that, saying the proposal calls for careful judicial scrutiny of such warrants. Privacy concerns over creating new legal authorities are overblown, he added. “What is really unprecedented is that law enforcement is not able to access the data they need,’’ Mr. Adams said. The ability to monitor a suspect’s communications in real time “is really an absolutely vital tool to protect the public.’’ While Thursday’s court decision represented a victory for Microsoft, which strives to keep data physically near its customers, it may not be viewed as a positive development for all internet companies, said University of Kentucky law professor Andrew Woods. Yahoo Inc., YHOO -0.63 % Facebook Inc. FB -0.37 % and Alphabet Inc. GOOGL -0.02 % ’s Google operate more centralized systems. They didn’t file briefs in support of Microsoft’s position in the case, he noted. Mr. Woods warned that increased localization of data could have the unintended consequence of encouraging governments to become more intrusive. “If you erect barriers needlessly to states getting data in which they have a legitimate interest, you make this problem worse,’’ he said. “You increase the pressure that states feel to introduce backdoors into encryption.” Microsoft President and Chief Legal Officer Brad Smith said the company shares concerns about the “unintended consequences” of excessive data localization requirements. “But rather than worry about the problem, we should simply solve it” through legislation, Mr. Smith said. Microsoft supports the proposed International Communications Privacy Act. That legislation would, among other provisions, create a framework for law enforcement to obtain data from U.S. citizens, regardless of where the person or data was located. Companies and governments generally agree that the current legal framework for cross-border data searches is far too slow and cumbersome. Though major tech firms don’t always agree on the particular changes they would like to see, the industry has long sought to get clearer rules from the U.S. and other governments about what their legal obligations are. A coalition of the country’s largest tech companies, including Microsoft, Facebook and Google, created a group called Reform Government Surveillance that is pushing for updating data-protection laws. The group has said it was “encouraged by discussions between the U.S. and the U.K.” Thursday’s ruling could lead some Microsoft rivals that offer email, document storage, and other data storage services, but which haven’t designed systems to store data locally, to alter their networks, said Michael Overly, a technology lawyer at Foley & Lardner in Los Angeles. Google, for example, stores user data across data centers around the world, with attention on efficiency and security rather than where the data is physically stored. A given email message, for instance, may be stored in several data centers far from the user’s location, and an attachment to the message could be stored in several other data centers. The locations of the message, the attachment and copies of the files may change from day to day. “[Internet companies] themselves can’t tell where the data is minute from minute because it’s moving dynamically,” Mr. Overly said. The ruling could encourage tech companies to redesign their systems so that the data, as it courses through networks, never hits America servers. A person familiar with Google’s networks said that such a move wouldn’t be easy for the company. —Jack Nicas contributed to this article. Write to Devlin Barrett at devlin.barr...@wsj.com and Jay Greene at jay.gre...@wsj.com -- It's better to burn out than fade away. _______________________________________________ Infowarrior mailing list Infowarrior@attrition.org https://attrition.org/mailman/listinfo/infowarrior
