Policy brief

System Upgrade: Improving Cross-Border Access to Electronic Evidence

Barnett Hohmann 2018 System Upgrade
Source: NASA / Unsplash
Sophie Barnett, Mirko Hohmann
21 Jan 2019

Over the past decades, criminals have picked up on new technologies to organize, plan and carry out illegal activity online. Unfortunately, law enforcement officers and the legal frameworks in which they operate have struggled to keep up with these changes. Increasingly, those working in law enforcement find themselves in jurisdictions different to those in which the electronic evidence they need is located, with no effective way to seek cross-border access to the data. 

The current system of mutual legal assistance (MLA) – which predates the rise of the Internet – is not built for and thus currently fails to address these challenges, mainly because it is slow, cumbersome and asymmetric. Given that data is increasingly central to 21st century criminal investigations, governments from around the world are growing more and more frustrated with the existing regime. Without MLA reform, states will likely move ahead with their own national initiatives to access user data, including measures like forced data localization or government-sponsored hacking. Such approaches can threaten user rights and hurt businesses.

Recently, both American and European lawmakers have responded to this problem by passing (in the case of the US) or proposing (in the case of Europe) new legislation: the CLOUD Act and the E‑Evidence Initiative, respectively. Remarkably, both of the initiatives deviate from the principle of territoriality, the long-standing doctrine that the physical location in which data is stored should determine the jurisdiction over it that has guided cross-border access to information for decades. Instead, they suggest that – in specific cases – law enforcement officers in one jurisdiction should be able to directly access data from a company located in another jurisdiction. Neither of the two initiatives seeks to upend the MLA system, but both propose to add a mechanism for quicker access among a small selection of trusted states. 

We argue that these efforts are a positive step in the right direction, but the current MLA system – on which all states will continue to rely – should remain the starting point for reform. To reform the MLA system, it is necessary to:

  • Increase the funding available to agents handling MLA requests; 
  • Educate staff;
  • Digitalize the submission process;
  • Establish clear guidelines for both the private sector and states issuing requests; 
  • Improve transparency.

Concurrently, when establishing a system of direct access among trusted states, policymakers in the United States and the European Union should:

  • Ensure high substantive as well as procedural standards;
  • Be restrictive regarding the number of trusted states; 
  • Establish a clear nexus of the crimes that qualify as triggers for direct access; 
  • Provide companies holding sought-after data with the ability to challenge requests;
  • Ensure that high transparency standards are embedded within the system.

The full policy brief is available for download.