On Thursday 3 October, the UK and US governments signed an agreement that will enable British law enforcement to access electronic data related to serious crime directly from US technology companies.
As techUK has called for in the past, international agreements are the only sustainable solution to addressing complex legal barriers to the lawful disclosure of data across jurisdictions. Currently, requests for communications data from law enforcement agencies are submitted via Mutual Legal Assistance Treaties (MLATs), which can often take months and even years to complete.
The UK-US Bilateral Data Access Agreement, signed by the Home Secretary Priti Patel and US Attorney General William Barr, will speed this process up significantly and give technology companies a clear legal framework through which to share data with the security services. This is to be welcomed.
Unhelpfully this announcement, which techUK supports, has been conflated with the publication of an open letter, from the US, UK and Australian governments, to Mark Zuckerberg regarding the separate issue of Facebook’s plans to implement end to end encryption across its messaging services.
The letter outlines the government’s backing for strong encryption and its support for the tech sector’s commitment to protecting user data, but calls for Facebook to end its plans to implement end to end encryption on its messaging platforms.
Strong encryption is vital for ensuring the security of digital services and any limiting of its use will harm efforts to keep people secure online.
The tech industry is committed to working lawfully with both the police and the security services to prevent the misuse of technology and digital services for illegal activity. Tech companies already undertake extensive work to identify and report illegal activity on their platforms, through strictly enforcing community standards and policies, and the use of end-to-end encryption will not stop this vital work.
Bad actors will continue to be investigated through, for example, the use of analysing metadata to detect patterns of activity or identifying IP addresses and contact lists. Investment in this type of work will continue and the sector is committed to working with government, and with each other, to ensure that there is a common global approach to maintaining both privacy and safety as technology evolves.
The announcement of the new UK-US Bilateral Data Access Agreement will help in this regard, speeding up investigations and giving tech companies a clear legal framework with which to work with the security services.
In a world of increasing cyber threats, the ability to have private sensitive calls and messages without the threat of these being hacked is essential to ensuring the security of millions of UK citizens every day.
Although there are no simple answers here, it does not mean that this is an unsolvable problem. Government and industry must continue to work together to find good and effective solutions to law enforcement challenges that do not put millions of innocent users at risk by restricting the use of encryption or implementing so-called back doors.