Congress needs to balance privacy and security

For years, Congress has been struggling to find a way to balance privacy in the digital age with the needs of law enforcement to do their job.  That problem becomes more complex when American data is stored overseas.  Finding a way to balance the rights of citizens, the role of information technology companies, and the justice system is difficult.  But it has been done.  Now Congress needs to act.

It should pass the Law Enforcement Access of Stored Data Abroad (LEADS) Act, introduced in the Senate by Sens. Orrin Hatch (R-Utah), Chris Coons (D-Del.), and Dean Heller (R-Nev.) and in the House by Reps. Tom Marino (R-Pa.) and Suzan DelBene (D-Wash.).  This broad congressional coalition has come together to bring accountability and predictability to situations in which American data is stored overseas and require American law enforcement to have a warrant to get access to this data. 

{mosads}The ability of the federal government to get custody of data it wants is governed by the Electronic Communications Privacy Act (ECPA), according to American law enforcement.  ECPA is outdated and not at all suited to today’s technology.  It was enacted in 1986, and it did not anticipate the revolution in data volume and storage that would take place decades later.  Data now often exists in the cloud, and can be stored anywhere in the world.  This is a far cry from the times of phone and wire records in which ECPA was drafted and became law. 

Congressional inability to evolve the law in this area could harm the American technology sector, which is a world leader, a source of American jobs, and an engine driving future innovation and economic success.  Under current practice, the United States government claims that it can use American law to get data stored by American companies wherever it is, even overseas.  The government stands by that claim even when American law enforcement capturing that data would violate the law of the country in which the data is located. 

American companies are being forced, by their government, into the position of breaking American law by not complying with U.S. law enforcement demands, or breaking the law of the country in which they are doing business and in which the data is located.  For the sake of justice, legal and business predictability, and cooperation with other nations, the current American practice cannot continue.

The LEADS Act would remedy the situation.  As Hatch explained, the legislation provides,

 “that the U.S. government cannot compel the disclosure of data from U.S. providers stored abroad if (1) accessing that data would violate the laws of the country where it is stored or (2) the data is not associated with a U.S. person—that is, a citizen or lawful permanent resident of the United States, or a company incorporated in the United States.”

That is narrowly tailored legislation which will respect the laws of other countries, make sure that the data surrendered has a direct connection to a legal American person.  It would also protect data that is more than 180 days old, since the legislation “would require law enforcement agencies to get court-ordered warrants to search data that’s been stored on Web-based or cloud-based services for more than 180 days.”  That is a needed reform that reflects the changing nature of data from the days of sending snail mail to the realities of data sharing today.

The bill also strengthens the Mutual Legal Assistance Treaty process in regard to data requests.  MLATs are agreements among countries to assist one another “on criminal legal matters.”  As an article in Harvard Law School’s National Security Journal explained, MLAT requests have increased, become more complicated, and “do not effectively address fundamental issues like notions of privacy versus law enforcement’s need for evidence.”  The LEADS Act makes progress in the area of MLAT requests through the creation of a form that can be used by other governments making MLAT requests, creating an online method to facilitate MLAT requests, and recording the number of MLAT requests by the American government and governments overseas. 

The Republican House sponsor of the legislation, Rep. Marino, observed that, “[i]f we cannot accomplish the act of passing this reasonable legislation, U.S. companies will find it increasingly difficult to compete overseas and online user privacy will diminish.”  He is right.  The LEADS Act should become law because without it, the legal and commercial problems posed by the globalization of data will only increase.  The needs of an ordered society based on liberty and respect for commerce, and the necessity of international legal cooperation, require nothing less.

Siefring is president of Hilltop Advocacy, LLC, and a former Republican House staffer.  Follow Neil on Twitter @NeilSiefring