The Investigatory Powers Commissioner (IPC), Sir Brian Leveson, has been appointed to oversee the new UK-US deal set to allow law enforcement to tap tech companies directly for users’ data.
Due to be introduced later this year, the agreement will allow UK public authorities, including police, to request electronic information from US telecoms firms through a warrant, ostensibly to help assist investigation and prosecution of “serious criminals”.
“My priority is to give law enforcement the powers they need to go after criminals and better protect victims,” said home secretary Priti Patel of the decision. “This landmark Agreement will dramatically speed up the investigation and prosecution of the most serious offenders.
“I am grateful to the Investigatory Powers Commissioner for providing this essential independent oversight of the UK’s use of the Agreement.”
Before this, UK bodies had to go through pre-existing MLA (Mutual Legal Assistance) processes, which could take months or even years to return the desired data. The new system will allow them to get their hands on data much faster by sidestepping government involvement and approaching the likes of Facebook and Google directly.
The UK and the US signed the bilateral Agreement in October 2019. It was brokered by home secretary Priti Patel and US Attorney General William Barr, who are both rabidly anti-encryption and ardent champions of the Five Eyes spying alliance. (They’ve both loudly demanded Facebook backtrack on its plans to introduce end-to-end encryption across its services – something a Facebook representative said was still on the cards in a recent parliamentary committee).
The way for the new Agreement was paved by two pieces of legislation recently passed in the UK and the US: the Crime (Overseas Production Orders) Act 2019 in the UK and the Clarifying Lawful Overseas Use of Data Act (CLOUD) Act in 2018 in the US. These laid the groundwork for different countries sharing data in this manner. The UK-US deal is the first, but US-EU and US-Australia agreements have also been mooted.
Sign up to Emerging Threats, our weekly cyber security newsletter
In addition to the new Agreement, the IPC oversees how the UK’s Investigatory Powers Act (or Snooper’s Charter) is being deployed. The act allows a baffling array of UK public bodies – the Gambling Commission and Pensions Watchdog included – to spy on civilians by requesting electronic communication information and internet search histories from telecoms providers.
Last year, the IPC pronounced a clean bill for how the Snooper’s Charter was being wielded by public bodies – except in the case of MI5, which apparently let more people access personal data than was legally permitted.