How law enforcement cooperates – and what we should do about it

How law enforcement cooperates – and what we should do about it
By Simon Davies

Notice

europe-usa-eu-flags.preview_0

In the second part of a two-part series, Simon Davies examines the ongoing controversy over arrangements for exchange of information and judicial process between nations.

Last week, the European Parliament approved a new Umbrella Agreement to protect personal information that is passed between the law enforcement authorities in the EU and the US. It’s a significant development that goes a long way to plugging a worrying gap in privacy protection of highly sensitive information.

However there is some confusion about whether this initiative will help sort out the ongoing controversy over judicial processes that authorise such arrangements. As I discussed in the first part of this series, these processes are conventionally determined through Mutual Legal Assistance Treaties (MLATs). The umbrella agreement goes only part of the way to resolving this dilemma.

Part of this deficiency rests with a popular view that the agreement is a secondary measure that, as one NGO privately expressed it “is like running health and safety measures in an execution chamber”

This should not detract from the crucial reforms that the Umbrella process has triggered. Important among these is a pending right in US law for overseas citizens to seek redress against agencies in US courts. The new conditions under the umbrella should facilitate a more engaged and collaborative conversation about how to deal with the MLAT situation.

There has been a remarkably low level of criticism expressed in the media about the umbrella agreement, but this of course doesn’t mean there aren’t concerns. Some MEPs have been strongly critical of the arrangement, arguing that it does not comply with basic EU law and does not stand subordinate to its treaties.

At the same time, Civil Society has not acted with its traditional vigour on this process. Part of this deficiency rests with a popular view that the agreement is a secondary measure that, as one NGO privately expressed it “is like running health and safety measures in an execution chamber”. That view is extreme, but it goes to the heart of a general concern that agreement on judicial procedures still has not been fixed. That is, there is still dysfunction between the US and EU models of fair judicial process.

Perhaps the easiest way to imagine this is to see the MLAT process as determining the relationship between various law enforcement authorities, while the umbrella agreement determines how the subsequent data – and individual rights – should be regulated.

It has not escaped civil society that the situation has eerie parallels to the post-Snowden controversy in which President Obama promised post-collection rights for non-US persons, but refused to limit the initial bulk collection of data.

If proof were ever needed of the importance of trust and certainty in such arrangements, it can be found in the umbrella agreement. Bloomberg News, among others, concludes that there was a rush in Brussels to close the umbrella deal before Donald Trump took office. In the same vein, civil society is generally concerned about the haste with which US agencies such as the Department of Justice have been seeking to create short-cuts to US access to data. If that were not foundation enough, Brexit opens up an entirely new dimension of fragility. Without a clear framework of legal rights, there is little certainty that Britain can match the safeguards offered even by the US.

The question still remains; how might it be possible to create a trusted and seamless approach to international law enforcement cooperation? The reality is that at some point very soon civil society, academics, experts and opinion formers need to come together to sort this out.

Without a clear framework of legal rights, there is little certainty that Britain can match the safeguards offered even by the US.

Yes, it is true that on this matter, many of the tenets of rights (participation, consultation, accountability, transparency) have been eroded by the key policy-makers in this field. I recall earlier this year applying to the EU Dutch Presidency to attend a political and security meeting on the very topic of judicial cooperation, only to be told (even with five days notice) that there was “no time to confirm your security clearance”. This was – clearly – utter rubbish, first, because these players attend public meetings on this subject on a regular basis, and second, because any EU presidency that couldn’t achieve security clearance in five days is blatantly incapable of steering public security. In the end, the meeting was engulfed by the usual suspects, with no external involvement apart from some major corporations.

And people wonder why there is little trust among civil society over any proposal for judicial and law enforcement cooperation!

None of this should infer that there is no hope of agreement on the way security and law enforcement organisations can cooperate. What it does suggest is that there needs to be a more open and participatory process.

Last year, the Privacy Surgeon surveyed fifteen NGOs that have been working on MLAT issues. Despite slurs by various governments that they sought to end the cooperation process, all were supportive of reform. Some of the key findings are:

  • All surveyed organisations agree with the practical necessity of some form of MLAT mechanism, and unanimously they believe there is urgent need for reform;

  • All organisations fear that the inefficiencies in the current MLAT regime may induce structural changes that are hostile to privacy;

  • Most of civil society wants to see fundamental reform, particularly in terms of harmonising MLAT processes and creating greater certainty and accountability in both requesting and requested country provisions.

Perhaps surprisingly, none of the fifteen NGOs surveyed for this paper argued for the complete dismantling of MLATs. Most took the pragmatic view that some form of arrangement needed to be in place, but all feared that future revisions could sidestep already unstable privacy protections in a knee-jerk effort to improve speed and utility for LEA’s.

In the Privacy Surgeon’s survey there was some support for the idea that the MLAT system – at a fundamental level – is not rotten. It forces domestic cooperating law enforcement to use their own legal system and rules to search/seize data from their own citizens.

NGO’s generally accept that the current MLAT arrangements are often seen by authorities as too cumbersome and protracted – particularly for cybercrime cases that required a quick turnaround of data. Three respondents reported that their interactions with LEA officers in organisations such as ICANN indicated that MLATs were being abandoned as a reliable conduit for requests. This, situation, in turn, is viewed by civil society as the potential trigger for overhaul of the MLATs. The question was repeatedly raised about the sensitivity of this process with regard to protection of rights.

However it is also true – as discussed in the first part of this series – that LEA’s and security agencies often create this burden themselves. There is a strong argument that internal reform – such as better communications , training and translation – could go a long way to solving the present challenges.

The outcome of this historical dynamic is that civil society is (generally) taking a pragmatic and constructive approach to MLAT reform, rather than a position of outright opposition. A far more educated NGO sector is now aware that the rule of law and a reliance on an evidence-based approach to data requests is more likely to produce a positive outcome for rights.

This should not imply that views across civil society are uniform. One or two key US groups have been pushing for a reform agenda based on an equivalence of human rights standards across borders. This approach does not sit well with European groups, many of whom believe that surveillance limitations must be agreed before the administration of surveillance is agreed.

In the Privacy Surgeon’s survey there was some support for the idea that the MLAT system – at a fundamental level – is not rotten. It forces domestic cooperating law enforcement to use their own legal system and rules to search/seize data from their own citizens. This perspective makes sense to many NGO’s, since the expectations of affected citizens will generally be that their own domestic rules will be followed.

One widely expressed view was that a key problem with the current system is its ‘optional’ element, meaning that law enforcement can use MLATs when it is convenient, and bypass them when it’s not. This situation presents additional uncertainty and unruliness.

Adding to this, the inefficiency of the MLAT process itself produces a high incentive to avoid such arrangements. That can result in LEA’s relying on their own domestic process to go directly to a multi-national – or even going to them without domestic process, instead seeking ‘voluntary’ or ‘informal’ cooperation. Such an approach can also potentially lead to other less accountable and covert techniques (remote intrusion, etc).

One view which is finding common currency is that fixing this problem would require making the MLAT regime itself mandatory, including new conditions for MLAT arrangements to be more formal/transparent and also finding a way to streamline those arrangements.

Additionally, in the view of many NGO’s, most MLAT regimes lack dual criminality requirements. This is a problem where, for example, an offence that is covered by civil law in the requested country is investigated through a requesting country where that same offence falls under criminal law (thus improperly leveraging the investigative and disclosure mandate of the requested country).

A further issue is that MLATs do not generally cover the foreign intel paradigm. This – as NGO’s well understand – is another level of challenge that must be at least acknowledged.

One popular view among NGO’s is that the MLAT process system is operationally unstable in its current form. At the national level, law and practice with regard to warrants, searches etc are reasonably stable and LEA’s have had plenty of time to understand the requirements and keep up with developments (common law shifts in fairly small increments which regular practitioners are exposed to frequently enough, while statutory reform comes much less often and receives a high enough profile to stimulate adequate investment in training).


The contrast with MLAT procedures is considerable.  MLATs amount to trying to operate a foreign legal system through a proxy, which may not have much incentive to be helpful.  Practitioners have no easy way to study the workings of foreign legal systems, especially where foreign languages are involved; and even when they’re in English, terminology, differences may confuse (consider the US concept of ‘probable cause’, which many EU authorities are not familiar with). Keeping up with changes in foreign legal systems may be hard in itself, but is made harder through infrequent and erratic exposure.

This suggests to civil society that MLAT arrangements may never be simple or straightforward.  One prominent UK NGO legal expert suggested that it might be useful to create single national centres in each country for issuing MLAT requests which over time could build up a decent head of specialist expertise (and foreign language competence). However, that infrastructure would be costly to staff and there may not be adequate motivation to take that route. There may be more effective political value in “low cost whingeing” about foreign companies who refuse to co-operate.

So, in advance of the Microsoft judgement and the many questions that are sparked by Brexit and the Trump ascnendancy, is what do we, as civil society and as the public, do to contribute?

December 6, 2016 at 03:56AM
via The Privacy Surgeon http://ift.tt/2gXVXBS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s