Our borderless Internet

University of Kentucky law professor Andrew Keane Woods, in a recent New York Times op-ed ("Dark Clouds Over the Internet"), puts forth some unfortunate ideas about the proper response to what is becoming a serious problem in international law enforcement: the difficulty (or sometimes the virtual impossibility) that local law enforcement officials face when trying to obtain information that is relevant to an ongoing investigation but "located" in electronic form in another jurisdiction (email messages, Facebook page contents, etc.).

Woods illustrates the problem by hypothesizing about "a British cop [who] is investigating a murder in London, and [who] has good reason to believe that Google or Facebook has evidence about the crime." The request for the evidence "often go[es] nowhere because America's 1986 Electronic Communications Privacy Act (ECPA) only allows technology firms to release American-held data in response to orders from an American judge." So the British cop "must satisfy an American judge using an American constitutional standard to obtain the evidence." This cross-border process is, Woods notes, "notoriously slow"; requests "take an average of 10 months—an eon in a criminal investigation—and many languish for years." And "because American law has made it nearly impossible to obtain digital evidence through legitimate channels, foreign police are turning to illegitimate ones. … Making it harder for the police to get criminal evidence lawfully may actually incentivize them to seek that data by snooping."

What is to be done? We need, Woods suggests,

"… to mak[e] it easier for foreign governments to get data when that access is justified and harder when it is not.

International agreements are one solution, and America and Britain are rumored to be negotiating such a deal. In the meantime, American technology companies should be free to comply directly with foreign government requests for data, as long as that access is warranted and meets international standards of due process and human rights."

Not so fast, please. The problem for our hypothetical British cop is not just that the existing processes for obtaining the information are slow and inefficient; that can and should be corrected and streamlined, to be sure. But those ECPA requirements are there for a good reason: We don't think that government law enforcement officers—including those from our own government—should have access to this information without first persuading a neutral magistrate that there is probable cause to believe that criminal activity is being undertaken and that a judicial warrant should be issued. Many countries— including those that meet "international standards of due process and human rights"—have a much lower threshold for allowing law enforcement access to information like this. By suggesting that "American technology companies should be free to comply directly with foreign government requests for data," Woods is either suggesting that we should allow foreign governments freer access to that information than we allow our own government—which would surely be bizarre—or that we should abandon those ECPA protections entirely, for U.S. and foreign governments alike, which is a terrible idea. The addition of the qualifier—that compliance with the request should be limited to cases in which "that access is warranted"—begs the question completely. That's what we do now—we place the request before a judge, who decides whether the access is warranted under the ECPA (and the Fourth Amendment). Asking Facebook, Google, Twitter, etc., to make those determinations seems like a step decidedly in the wrong direction.

[And just as an aside, Woods's article also illustrates an infuriatingly wrongheaded idea—or, more precisely, a rhetorical posture—that has come to dominate the rapidly expanding world of Internet law and policy. He begins his article this way:

"The Internet is routinely described as borderless, and that is often how it feels. Tweet a photo or post a comment, and it is instantly viewable in nearly every country in the world. But a global Internet unbounded by territorial limits is pure fantasy."

The idea that those who describe the Internet as borderless are engaging in "pure fantasy" seems to be a way, these days, that commentators signal how hard-headed and realistic they are: "See, I'm not one of those starry-eyed cyber-utopians who still talk about the 'borderless' Internet." It's particularly infuriating in an article dealing with a problem caused by precisely the borderless nature of the Internet—the fact that a business in Brazil, or a terrorist cell in Denmark, or a bank robber in Australia, or a social club in Singapore, can all store their communications information anywhere on the borderless Internet and yet still have instantaneous access to it. The very problem on which Woods is focused arises out of the conflict between the borderless Internet and the bordered world of international law. It's a tough, tough problem to solve—and it won't help to deny the very things that are making it a problem.]