Facebook has recently come under fire in relation to the tragic murder of Lucy McHugh. On Friday, Stephen-Alan Nicholson was charged with a number of offences, amongst them an offence under section 49 of the Regulation of Investigatory Powers Act. For those unfamiliar with the detail, this clause makes it a criminal offence to refuse disclosing a password or other key when compelled by the relevant authorities. In this case Nicholson refused, twice-over, to provide law enforcement with the password to his social media account. The alleged perpetrator’s argument was this would incriminate him in illegal drugs activity. Unfortunately for him, self-incrimination is not a defence accepted by this clause and so he was sentenced to 14 months for the offence.
The consequence of his failure to disclose has meant that Hampshire Police have been forced to go through the Mutual Legal Assistance Treaty (MLAT) process to obtain the evidence (Facebook messages) held in the US that they believe is key to their investigation.
Facebook’s policy is crystal clear – where there is imminent harm to a child, or risk of death or serious physical injury to any person they will give access to law enforcement to aid the investigation. This policy has undoubtedly saved lives and rescued vulnerable individuals through timely interventions. However, for disclosure of account records in all other cases they must act in accordance with the law – which in this case stipulates the need for an MLAT request.
In the aftermath of this trial there has been a clamour for Facebook to break the law and simply hand over the alleged perpetrator’s data. Facebook, like other companies, has been clear they cannot break the law regardless of how distressing the case, so law enforcement agencies and Facebook alike must rely on the MLAT process. A process that has been widely criticised, it can take up to nine months for information to be returned and the process is hugely bureaucratic, this is something that governments in the US, UK and in Europe have all recognised and are looking to change.
In 2015 Nigel Sheinwald, the former British ambassador to Washington, was commissioned to look at this very issue and whilst the full review was never published, the summary document made clear Sheinwald’s recommendation that a new international framework was needed “to allow certain democratic countries - with similar values and high standards of oversight, transparency and privacy protection - to gain access to content in serious crime and counter-terrorism cases through direct requests to the companies” . Since then a great deal of work has been done, and whilst we’ve not yet reached the point of an International Treaty, moves have been made to speed up processes. The US Cloud Act for example has simplified the process of accessing data and the UK and EU are now following suit. In the UK, Parliament is currently discussing the Crime (Overseas Production) Bill, if passed this would mean law enforcement agencies in the UK would no longer need to navigate long foreign legal processes, instead being able to go straight to the holders of the data. To aid Parliament’s discussions, the full report prepared by Sheinwald should be published, there is absolutely no reason for this not to happen.
This drive to speed up processes should be applauded. Of course, it is horrific that justice is being delayed in the case of Lucy McHugh, but these seemingly easy decisions often require the unravelling of decades worth of bureaucracy and legislation – something governments have been notoriously slow to do. We should welcome the fact that in future no parent will be forced to wait so long for justice’s cogs to turn and we should also welcome the fact that businesses follow the law.