Skip to Content

The U.K. Pleads with Congress to Change an Outdated Privacy Law to Help Fight Terrorism

Updating the Electronic Communications Privacy Act, which governs law enforcement access to data, would also help U.S. investigators.
Senators Lindsey Graham (left foreground) and Mike Lee (center) confer with staffers during a break in a meeting of the Senate Judiciary Committee.

As law enforcement officials scrambled this week to connect the dots after a deadly terrorist attack in Manchester, U.K., the country’s deputy national security advisor traveled to the United States to urge Congress to change a 30-year-old law he says routinely hinders criminal investigations.

Paddy McGuinness—the first sitting U.K. government official ever to testify in Congress—told members of the Senate Judiciary Committee on Wednesday that he came to Washington because Prime Minister Theresa May has “assured the British people that we will take every measure available to us to provide every additional resource we can to the police and security services as they work to protect the public” against future attacks.

McGuinness pleaded with Congress to make a “technical adjustment” to the Electronic Communications Privacy Act (ECPA), which among other things prohibits U.S. technology companies from disclosing stored communications to foreign governments. Instead, foreign law enforcement officials must request that data via the time-consuming Mutual Legal Assistance Treaty process, which can take months.

McGuinness said that since many criminals in the U.K. communicate using products and services made by U.S. companies, this “arbitrary” legal hurdle is causing crimes to go unsolved and criminals unpunished (see “Why Congress Can’t Seem to Fix This 30-Year-Old Law Governing Your Electronic Data”).

Changing ECPA would open the door for a bilateral law-enforcement data-sharing agreement between the U.S. and U.K, said McGuinness, appealing to the special relationship between the two countries. He assured lawmakers that such an agreement would not allow the U.K. to target U.S. citizens or anyone in the U.S.

American companies dominate the global marketplace for social media and cloud services, and a number of countries in addition to Britain are growing frustrated at their inability to access data during investigations.

Last year, Brazilian law enforcement arrested Facebook’s regional vice president after the company refused to turn over WhatsApp messages during a criminal investigation. Some countries are responding by passing laws that force companies to keep a copy of their citizens’ communications within their borders. If Congress doesn’t change ECPA, governments may also resort to surreptitious methods to access data, like hacking, Jennifer Daskal, a professor at American University Washington College of Law, warned the committee.

U.S. investigators could also benefit from revising the law. Last summer, a federal appeals court ruled that a search warrant issued under ECPA did not extend to data stored outside the U.S.—in that case, Ireland. New legislation could extend that warrant authority beyond U.S. borders. Congress “should resist the false promise of any simplistic or quick fix, however, argued Microsoft president and chief legal officer Brad Smith in his own testimony. “Our laws can no longer ignore the technological progress made over the past three decades,” and failure to enact a comprehensive new framework “will ultimately undermine U.S. interests,” Smith said.

Keep Reading

Most Popular

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.