The U.K. Pleads with Congress to Change an Outdated Privacy Law to Help Fight Terrorism

As law enforcement officials scrambled this week to connect the dots after a deadly terrorist attack in Manchester, U.K., the country’s deputy national security advisor traveled to the United States to urge Congress to change a 30-year-old law he says routinely hinders criminal investigations.
Paddy McGuinness—the first sitting U.K. government official ever to testify in Congress—told members of the Senate Judiciary Committee on Wednesday that he came to Washington because Prime Minister Theresa May has “assured the British people that we will take every measure available to us to provide every additional resource we can to the police and security services as they work to protect the public” against future attacks.
McGuinness pleaded with Congress to make a “technical adjustment” to the Electronic Communications Privacy Act (ECPA), which among other things prohibits U.S. technology companies from disclosing stored communications to foreign governments. Instead, foreign law enforcement officials must request that data via the time-consuming Mutual Legal Assistance Treaty process, which can take months.
McGuinness said that since many criminals in the U.K. communicate using products and services made by U.S. companies, this “arbitrary” legal hurdle is causing crimes to go unsolved and criminals unpunished (see “Why Congress Can’t Seem to Fix This 30-Year-Old Law Governing Your Electronic Data”).
Changing ECPA would open the door for a bilateral law-enforcement data-sharing agreement between the U.S. and U.K, said McGuinness, appealing to the special relationship between the two countries. He assured lawmakers that such an agreement would not allow the U.K. to target U.S. citizens or anyone in the U.S.
American companies dominate the global marketplace for social media and cloud services, and a number of countries in addition to Britain are growing frustrated at their inability to access data during investigations.
Last year, Brazilian law enforcement arrested Facebook’s regional vice president after the company refused to turn over WhatsApp messages during a criminal investigation. Some countries are responding by passing laws that force companies to keep a copy of their citizens’ communications within their borders. If Congress doesn’t change ECPA, governments may also resort to surreptitious methods to access data, like hacking, Jennifer Daskal, a professor at American University Washington College of Law, warned the committee.
U.S. investigators could also benefit from revising the law. Last summer, a federal appeals court ruled that a search warrant issued under ECPA did not extend to data stored outside the U.S.—in that case, Ireland. New legislation could extend that warrant authority beyond U.S. borders. Congress “should resist the false promise of any simplistic or quick fix, however, argued Microsoft president and chief legal officer Brad Smith in his own testimony. “Our laws can no longer ignore the technological progress made over the past three decades,” and failure to enact a comprehensive new framework “will ultimately undermine U.S. interests,” Smith said.
Keep Reading
Most Popular
This new data poisoning tool lets artists fight back against generative AI
The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models.
The Biggest Questions: What is death?
New neuroscience is challenging our understanding of the dying process—bringing opportunities for the living.
Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist
An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.
How to fix the internet
If we want online discourse to improve, we need to move beyond the big platforms.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.