Why State and Local Law Enforcement Should Be Part of the MLAT Reform Process
The terrorist attacks in Paris earlier this year serve as a reminder that the MLAT process needs reform. And state and local law enforcement should be part of the process. Francois Mori / AP Photo
Connecting state and local government leaders
In a guest article, Bryan Cunningham points out the MLAT problem will get worse as cloud storage providers increasingly globalize data storage.
God forbid. You’re an Assistant District Attorney in the midst of a case when gunfire erupts in the offices of a local magazine headquartered in your city which recently satirized ISIS. In “retaliation,” terrorists have executed a dozen magazine employees although most had nothing to do with the offending column. Your top cops and prosecutors are immediately on the trail, but the gunmen disappear into the underworld of Europe. Your citizens demand swift justice and exemplary police work traces your perpetrators to social media accounts housed on servers in France. Time being of the essence, you quickly request vital evidence from the French social media companies before the killers’ trail goes cold.
And then you wait.
Of the French social media companies from which you urgently request assistance, one turns down nearly 90 percent of your requests, one rejects 65 percent, and another nixes 50 percent. The final social media company refuses all your requests, telling you to “use MLAT.”
For that one, you’ll really wait, because the process they demand you follow, using a “Mutual Legal Assistance Treaty” (MLAT) can involve months-long delays, or worse.
If this sounds hypothetical, it’s not. It is a slightly modified retelling of France’s experience with U.S. companies following the Paris massacre earlier this year. The French Minister of the Interior was so frustrated with this process, he took a road trip to Silicon Valley to seek better trans-Atlantic cooperation in exchanging evidence.
French President François Hollande went further, warning “American web giants” that if such companies “are serious about not becoming accomplices of evil, they’ve got to help us.”
Hollande’s comments bring into sharp relief the simple truth that, in the age of instantaneous communication and routine overseas storage or massive amounts of data, the current MLAT process can be inefficient, ineffective and, where speed is decisive, futile. In short, MLAT is broken.
MLATs are formal agreements between countries establishing procedures for requesting evidence stored outside the requesting country’s jurisdiction. Historically, in many time-sensitive cases, law enforcement agencies officials exchanged information informally and private companies cooperated without formal legal process. But with increasing overseas attention to privacy rights and concerns about secret, unilateral data collection by national governments against other countries’ citizens, companies increasingly are refusing to cooperate informally and governments are retaliating for unfair “spying” on their citizens.
State and local law enforcement agencies (LEAs) should care about this problem not only because of its potential impact on the general ability of the U.S. to take down international terror and other criminal organizations, but because, in our increasingly interconnected world, what once could have been treated largely as “local” cases, such as cyber fraud and child pornography now require retrieval of evidence from overseas, and even basic crimes without any obvious cyber component will require evidence stored overseas.
The problem will get worse as cloud storage providers increasingly globalize data storage, in order to: store data close to the account holder for faster service; take advantage of excess capacity; and/or save on infrastructure costs or tax burdens.
There is broad agreement that the current MLAT system has not kept pace with technology and must be reformed to support fast and effective global law enforcement and many countries, especially in Europe, are threatening to cut off U.S. LEAs from some data altogether in retaliation for perceived spying abuses. Unchecked, both trends threaten to damage the ability of state and local LEAs to prosecute many types of crimes. But U.S.-led MLAT reform can stem this dangerous tide. What should state and local law enforcement leaders do about it?
First, stay informed. The Law Enforcement Data Stored Abroad (LEADS) Act, currently under debate in the United States Senate, and a similar measure in the House, aim to begin the process of MLAT reform. A number of law enforcement and civil liberties advocacy groups are tracking such legislation.
Second, be heard. Particular facets of legislation may be more or less acceptable to individual state and local law enforcement agencies but such LEAs shouldn’t let the federal government be the only law enforcement voice in the debate.
Finally, think through the issues carefully. The immediate reaction of many LEAs may be to oppose any congressional “meddling” with the current system, particularly if an LEA has not itself experienced problems. But efforts to streamline and improve U.S. MLAT processing, as the LEADS Act, for example, can benefit state and local LEAs both because such agencies must go through the U.S. government to request foreign-stored evidence and because U.S. efforts may prompt improvement abroad.
Further, shows of U.S. “good faith” may forestall new foreign restrictions on U.S. LEAs access to data stored in their countries.
State and local law enforcement should be part of the MLAT reform process.
Bryan Cunningham is an information security, privacy, and data protection lawyer, and a senior advisor of The Chertoff Group, a global security advisory firm that advises clients on cyber security and cloud computing. Formerly, he was a U.S. civil servant, working for the CIA and serving as Deputy Legal Adviser to National Security Advisor Condoleezza Rice.