This morning, Kent Walker, Senior Vice-President and General Counsel of Google, gave a speech to a packed audience at the Heritage Foundation, laying out the need for new laws to address law enforcement’s need for data that happens to be held across territorial borders. (Video is here; Paul Rosenzweig ably moderated.)
The news is less what was said, then the fact that he said it, particularly given that his company is currently litigating some of the issues in the courts. He thus joins number of other prominent individuals – including Brad Smith, President and Chief Legal Officer of Microsoft – urging U.S. Congress to modernize our laws in a way that better accounts for the way data moves around the globe. The audience was notably packed.
I don’t agree with everything Walker said. (In particular, I am not particularly fond of last Congress’s version of the International Communications Privacy Act, which effectively gives Russia veto power over U.S. law enforcement ability to access data overseas.) But I strongly agree with the gist of his message: the importance of addressing the cross-border access problems in ways that both ensure law enforcement can access data in the legitimate investigation of criminal activity and protect privacy and due process rights; the dangers of doing nothing; and the need for Congress to act.
Notably, Walker’s speech follows on the heels of two Congressional hearings (one in the Senate and one in the House) where a wide range of stakeholders all agreed on these same basic points. Of course, there are some key differences of opinion that remain. Yet, there is general consensus as to the following:
- The current system doesn’t work;
- The dangers of doing nothing – to our security, privacy, economy, and future development of the Internet – are significant;
- The rule generated from the Second Circuit’s Microsoft Ireland decision, pursuant to which law enforcement’s ability to access data pursuant to a warrant is limited to data that happens to be held within the territorial-boundaries of the United States, is troubling for a host of practical, normative, and security reasons;
- Any solution should ensure that U.S. law enforcement’s ability to access data pursuant to a warrant based on probable cause turns on factors other than location of data;
- The interests of foreign governments with respect to the data of their own nationals located outside the United States should be taken into account, whether via a comity analysis, reciprocal notice requirements, or other diplomatic arrangement;
- US law should permit, in certain limited circumstances, foreign law enforcement to directly access communications content from U.S. based providers, pursuant to baseline due process and privacy standards;
- The United States has a unique opportunity to help raise due process and privacy standards in the process of permitting this kind of direct access by foreign governments; doing so will inure to the benefit as all.
Of course, there are disagreements as to the details. (And perhaps not everyone will agree even with these basic principles.) But I am increasing optimistic that there is enough of an emerging consensus to see a piece of sensible legislation move. The key parties are showing themselves willing to come to the table. The points of agreement way outweigh the points of disagreement. And the costs of doing nothing are too high.
Photo: Chris Jackson/Getty