RightsCon Toronto 2018

Law enforcement investigations increasingly rely on data stored outside the
jurisdiction of the country that is investigating a crime. The current system of law enforcement requests made under mutual legal assistance treaties (MLATs) has not been able to keep up with the growing quantity of these requests. Requests often are not processed on a timely basis, which can result in criminals evading prosecution and law enforcement’s inability to interdict some crimes. The need for this data has spurred some governments to demand that their users' data be stored locally, and has spurred others to issue surveillance demands that purport to have extraterritorial effect.

In response, at least three processes are underway to develop mechanisms that address the problem: (i) the E-Evidence initiative of the European Union; (ii) bi-lateral agreements – such as those envisioned in the U.S. CLOUD Act -- to permit direct demands on communications service providers made by particular countries in which they have no physical presence; and (iii) a negotiated protocol to the Budapest Cybercrime Convention that would enable signatories to the protocol to make direct demands on providers in other signatory nations.

This roundtable is designed to explore the human rights criteria that should be built into these new mechanisms. For example, must a signatory to the planned protocol to the Budapest convention have a legal system that requires judicial authorization of data demands? Must a signatory to a bilateral agreement agree to give notice (or delayed notice) to the subject of its data demand? Is it realistic to expect that countries will change the processes by which they obtain access to Internet users’ data so the country can participate in one of these new mechanisms and get a speedy response?