Search for:

DOWNLOAD ALERT

On 3 October 2019, the United Kingdom and the United States signed a first-of-its-kind Bilateral Data Access Agreement (the “Agreement”), which is expected to reduce the time it takes UK and US law enforcement agencies to access electronic evidence held by technology companies located in each other’s territory. A link to the Agreement can be found below.1

The issue of ready access to electronic data stored abroad has become increasingly acute in recent years. This has particularly been the case for UK law enforcement agencies, since the evidence needed to further their investigations and support subsequent prosecutions is often stored by technology companies headquartered in the US.

Under pre-existing arrangements between the UK, the US and other jurisdictions, law enforcement agencies are able to request information held by a company abroad through Mutual Legal Assistance Treaties (“MLAT”). Under these MLAT processes, law enforcement agencies submit information requests to the government of the country in which the data-holding company is based. The government in turn reviews the request, obtains and serves an order as needed locally, collects the data and ultimately returns it to the requesting country’s law enforcement agency. This is a multi-stage process that can take months or even years to obtain the relevant data from abroad.

The Agreement will expedite the process, by allowing law enforcement agencies to ask a domestic court to issue a production order for electronic data (such as emails, texts and instant messages) to be issued directly against a communication service provider (“CSP”) located in the other country. As a result, following authorization from the court in their home country, law enforcement agencies will be able to serve that order for production of electronic data directly on a CSP in the other country, without that request having to be routed through the MLAT processes. The CSPs which are required to comply with production orders issued pursuant to the Agreement include email providers, mobile phone networks, social media companies and cloud storage services. Prosecutors hope that this process will mean that relevant evidential data can be obtained abroad in a matter of days or weeks, rather than months or years.

However, it is important to note that the Agreement will not:

  • allow law enforcement agencies to access data to which they would not otherwise have had a right to access under existing domestic legislation and Constitutional protections. Accordingly the standard of proof and the jurisdictional requirements for the issuance of an order or warrant to access data remain unchanged;
  • apply to circumstances in which the data subject is a resident of the country from which the evidence is requested (i.e., UK authorities may not request data related to US residents, and vice versa); and
  • require CSPs to provide law enforcement agencies with a means of decrypting data (e.g., from encrypted messaging apps).

The Agreement was facilitated by complementing pieces of legislation recently passed in the UK and the US: the Crime (Overseas Production Orders) Act 2019 in the UK,2 and the Clarifying Lawful Overseas Use of Data Act (CLOUD) Act enacted in 2018 in the US.3 Both Acts anticipate that agreements of this type would be entered into with countries with equivalent levels of due process, privacy and the rule of law; the UK-US Agreement is the first. More agreements of this type are anticipated. In September, 2019 the US and EU released a joint statement that they had commenced negotiating a data access agreement,4 and in October 2019, a similar announcement was made by the US and Australia.5

In the US, the CLOUD Act also had an important secondary objective of clarifying that the 1986 Stored Communications Act (“SCA”)6 does require disclosure of data subject to a search warrant that is stored abroad by companies subject to US jurisdiction. That question had caused some controversy after a 2016 Second Circuit decision in Microsoft v. United States7 held that the SCA did not require Microsoft to disclose information in its custody and control that it had stored on a server in Ireland.

The Microsoft case was on appeal to the US Supreme Court at the point that the CLOUD Act was passed and was therefore determined to be mooted.

What does the Agreement mean for you?

If you are a CSP, the Agreement, and any subsequent agreements entered into pursuant to the Crime (Overseas Production Orders) Act and the CLOUD Act, will allow foreign law enforcement agencies to serve upon you orders requiring the production of electronic data directly to the enforcement agency. The relative ease of their issuance, and the reduced timeframe, is likely to increase the volume of such international requests and accordingly increase the burden on CSPs in receiving, coordinating, and responding to them.

From a prosecutorial perspective, once in force, UK law enforcement agencies, including the Serious Fraud Office (“SFO”), should find that they have much quicker access to data stored by CSPs in the US, as will their US counterparts to data stored by CSPs in the UK. This should, for example, speed up SFO investigations, which are often hampered by the lengthy MLAT process, reduce the amount of SFO investigations that have on occasion been abandoned due to an inability to access data and evidence overseas, and potentially speed up the process of eliminating suspects from enquiries.

Since many of the major global CSPs are located in the US (rather than the UK), the effects of the Agreement in facilitating investigations are likely to be more pronounced for UK enforcement agencies than they will be for their US counterparts, who already have more immediate access to data held by domestic CSPs. However, since the US currently receives many more MLAT requests than it issues, the Agreement, and others like it, should diminish the burden on US law enforcement and its diplomatic apparatus currently handling them.

More broadly, the Agreement is another manifestation of global law enforcement cooperation. Evidence and information are more freely flowing across borders as seen by the ever increasing number of multijurisdictional prosecutions and investigations. This trend can only increase as governments continue to develop mechanisms to share information in global criminal matters.

Finally, of course, the Agreement will not impact the MLAT arrangements currently in place with other jurisdictions and those processes will still need to be followed with those counties until such time as similar data access agreements can be negotiated.

What should you do?

In anticipation of the Agreement’s ratification, CSPs in the US and the UK should familiarise themselves with the new regime and implement the necessary processes and procedures to respond to electronic data production orders from foreign agencies, within the relatively short timeframes anticipated.

Other companies and individuals, potentially subject to investigation in either the US or the UK, should be aware that law enforcement agencies in each country will have more ready and speedy access to electronic data abroad believed to be relevant to their enquiries. This may in turn impact those agencies’ expectations when assessing a company’s own cooperation and voluntary document production.


1 See https://www.gov.uk/government/publications/ukusa-agreement-on-access-to-electronic-data-for-the-purpose-ofcountering-serious-crime-cs-usa-no62019
2 For more information on the Crime (Overseas Production Orders) Act 2019, please read our publication from June.
3 For more information on the CLOUD Act, see the US Department of Justice’s recent White Paper and FAQs at: https://www.justice.gov/opa/press-release/file/1153446/download
4 See https://www.justice.gov/opa/pr/joint-us-eu-statement-electronic-evidence-sharing-negotiations.
5 See https://www.justice.gov/opa/pr/joint-statement-announcing-united-states-and-australian-negotiation-cloud-actagreement-us.
6 18 U.S.C. Chapter 121 §§ 2701–2712
7 829 F.3d 197 (2d Cir. 2016)

Author

Charles Thomson is a partner and solicitor advocate in Baker McKenzie’s Dispute Resolution Practice Group in London. He co-manages the Business Crime Unit, and is part of the Financial Institutions Disputes, Contentious Trusts and Compliance and Investigations Groups. Charles joined the Firm as a trainee in 2002, and concurrently spent three months on secondment as a judicial assistant at the Royal Courts of Justice in the Civil Appeals Division. A solicitor advocate since 2007, Charles appears as an advocate in all Higher Courts in England and Wales. Chambers and Legal 500 both commend Charles for his legal practice. Charles is also listed as a Rising Star in Litigation by Legal Week.

Author

Joanna Ludlam is a partner in the Dispute Resolution team in Baker McKenzie's London office, where she leads the market-leading Regulatory, Public & Media law team and also co-leads the office's Compliance & Investigations Practice Group. At an international level, she co-chairs the Firm's Global Compliance & Investigations Steering Committee. In 2016, Joanna was named as one of The Lawyer’s “Hot 100” for her practice, and is recognised by Legal 500 and Chambers & Partners.

Author

Jonathan chairs the firm's Financial Institutions Global Industry Group and is a partner in the London Dispute Resolution practice. Jonathan has deep experience in advising boards, executive teams and individuals dealing with issues of market integrity, ethics, brand and reputation impact, conduct risk, whistleblowing, market misconduct, systems and controls failings and remediation, public statements and investor relations, financial crime, fraud, regulatory investigation and enforcement, public policy, public law and civil and criminal litigation. Jonathan's substantial in-house experience delivers a highly strategic and commercial focus aimed at re-establishing confidence in the brand and individuals. Jonathan joined Baker McKenzie from Barclays Bank PLC. Spanning a decade of unique pressure in the financial sector amidst the global financial crisis, he led the global litigation, investigations and enforcement function and established the bank's financial crime legal team. Jonathan was responsible for a series of high-profile regulatory and criminal investigations in EMEA, the US and Asia Pacific regions and led a significant portfolio of wholesale and retail litigation. Supporting the bank's risk and compliance functions, he implemented and improved systems and controls in respect of money laundering, bribery and corruption, fraud and international sanctions. Jonathan worked with UK and US law enforcement and government intelligence agencies on counter-terrorism, organised crime and other domestic and international security initiatives. Jonathan is the contributing author to a number of leading legal and sector publications, including: Banks and Financial Crime: International Law of Tainted Money (Oxford University Press 2008, 2016); Global Investigations Review - The Evolution of Risk Management in Global Investigations (GIR 2016, 2017, 2018); and Risk.net's annual Top 10 Operational Risks (2018-2022).

Author

Tristan Grimmer is a partner in Baker McKenzie's London office and the UK Head of the International Trade Practice Group. He is also a member of the Compliance & Investigations and the International Trade and Competition practice groups. Tristan joined Baker McKenzie as a trainee in March 2004, qualifying in March 2006. He has advised on parallel investigations by authorities in the United States, Switzerland, Brazil and Japan, and has spent time working in Baker McKenzie's Chicago office. Tristan is named as a "Leading Individual" for EU And Competition: Trade, WTO Anti-Dumping and Customs in the UK Legal 500 2023 directory.

Author

Henry Garfield is a senior associate in Baker McKenzie's Dispute Resolution department based in London. Henry's practice focuses on fraud, asset tracing, internal investigations and business crime. He also undertakes general commercial litigation. Henry has just completed an 11 month secondment to the Serious Fraud Office, during which he was the Case Lawyer on an investigation into a £60 million fraud. The investigation involved unravelling trust and company structures in several offshore jurisdictions and has recently resulted in two individuals being charged with fraud and forgery offences.

Author

Yindi is a partner in the Baker McKenzie Dispute Resolution team based in London, and a member of the Compliance and Investigations group. Yindi’s practice includes a broad spectrum of complex and high-value international and domestic commercial litigation for multinational clients, with specialist expertise in anti-bribery and corruption investigations, compliance and trust disputes.

Author

Widge Devaney is a partner in the Firm's North America Litigation group in New York, Chair of the North American Government Enforcement Practice and Co-Chair of the Global Compliance and Investigations Group. Since 2011, Mr. Devaney has been listed in New York Metro Super Lawyers in the Criminal Defense: White Collar category. Mr. Devaney is co-chair of the ABA's Transnational Crime Subcommittee, and an officer of the IBA's Business Crime Committee. He previously served on the Criminal Justice Act Panel for the Southern District of New York, representing indigent clients in federal criminal matters. Mr. Devaney served as law clerk to the Honorable Oliver Gasch on the US District Court for the District of Columbia from 1993 to 1994.

Author

Geoff Martin is a Senior Associate at Baker McKenzie's Litigation and Government Enforcement practice group in Washington, DC. Geoff started his career in Baker McKenzie's London office in 2007 and moved to Washington DC in 2012. Geoff represents clients in matters before the federal government arising out of anti-corruption, trade sanctions, fraud, anti-money laundering, national security, and related enforcement actions. He also represents clients in civil and criminal matters in federal court. Geoff has extensive experience conducting internal investigations relating to such matters around the world.