This article appeared in The Roanoke Times on July 19, 2015
It’s clear now more than ever that the government is incapable of protecting private information. In recent weeks it’s been revealed that multiple breaches have compromised personal data on millions of federal employees, including sensitive information on security clearances and background checks that threatens to compromise national security.
When the government cannot even be counted on to protect information critical to defending the nation, it becomes all the more important to consider the privacy implications of any policy involving collection of information from private citizens.
One obvious area of concern was revealed when the Justice Department decided to try to extend its jurisdiction over every byte of digital data, even that stored entirely overseas by U.S. companies. Its overreach has produced calls to reform the outdated Electronic Communications Privacy Act, which is now more than 30 years old and has failed to keep pace with modern technology and new threats to privacy.
The LEADS Act, short for Law Enforcement Access to Data Stored Abroad (H.R. 1174), would modernize ECPA and provide better protection for the privacy of individuals and the companies entrusted with their data, while also streamlining the process for international cooperation between enforcement agencies.
Exemplifying the need for LEADS is the Justice Department’s recent pursuit of data on Microsoft servers relating to an Irish citizen and held entirely on servers in Ireland. Ordinarily, such information would be pursued through mutual legal assistance treaties, which enable governments to work together to pursue criminals while also respecting domestic due process protections. So the U.S. government would have to ask Ireland to obtain a warrant on its behalf, allowing them the opportunity to ensure that the request meets their own standards for due process.
But in this case the Justice Department insists that it needs only the blessing of an American judge to compel Microsoft to hand over data held overseas about a foreign citizen. Its end run around international cooperation risks retaliation against U.S. citizens and undermines the competitiveness of American-owned businesses.
A U.S.-based company expanding into foreign markets must follow the domestic privacy laws of that jurisdiction as well as convince customers that they are trustworthy stewards of their sensitive data. The actions of the Justice Department make that task exponentially more difficult and disadvantage American companies compared to those headquartered in more reasonable nations.
The dangers similarly posed to American citizens may not be as obvious, but are nonetheless significant. Should the government’s case hold up through ongoing legal challenges and be allowed to set precedence, other nations will likely follow the lead of the Justice Department and seek the private data of American citizens held entirely within the United States if they can find any legal nexus connecting that company to their own nation. With an increasingly interconnected global economy, that’s not often hard to do.
To protect Americans from retaliatory attacks and other data grabs inspired by the Justice Department’s overreach, LEADS bolsters ECPA protections by clarifying that a warrant may be used to require disclosure of data held overseas only if the target is a U.S. person and if the disclosure does not violate local privacy laws. At the same time, it streamlines the mutual legal assistance treaty process to ensure that it provides the necessary tools for cooperation between law enforcement agencies, while also preserving individual protections.
Virginia’s own Rep. Bob Goodlatte (R) is the Chairman of the House Judiciary Committee, the traffic cop on this legislation. Goodlatte could have a tremendous impact on limiting the broad overreach of the Obama Justice Department by passing the LEADS bill through his committee and the House of Representatives.
As bad as the U.S. government has proven to be at protecting private information, other governments are likely to be even worse. To avoid a free-for-all on American information, the Department of Justice must be reined in and real protections put in place to prevent similar abuses from spreading. Protecting data storage centers from abusive governmental demands protects the rights of individual Americans and helps ensure the competitiveness of U.S. businesses.
