This article first appeared on Law360 on October 28, 2019.
The UK and the US signed a new data-sharing agreement on 3 October designed to facilitate the exchange of evidence and enhance co-operation between the two countries and their respective investigatory authorities.1 The first of its kind in the world, the US-UK Bilateral Data Access Agreement (the “Agreement”) has been heralded on both sides of the Atlantic as an historic agreement which will radically speed up investigations by removing barriers that currently impede the collection of electronic evidence located abroad.
Background to the Agreement
Although the full Agreement has not yet been released, it allows law enforcement to obtain court authorisation to directly approach technology companies in the other country that are holding electronic evidence relevant to an investigation. While previously obtaining this sort of data would usually require undergoing the cumbersome and time-consuming Mutual Legal Assistance (“MLA”) process, it is hoped that providing a more direct route for evidence gathering will allow investigations to flow more smoothly.
The recent announcements by the UK and US governments have framed the Agreement as predominantly targeting fast-moving international crime – for example, terrorism and cybercrime – where getting key evidence, such as messaging data, as quickly as possible, is critical. What is not yet clear is the extent to which the Agreement might have broader application across the full spectrum of US-UK criminal investigations and, in particular, whether the UK’s Serious Fraud Office (“SFO”) may use the new tool to short-circuit the current MLA process.
Why is the Agreement useful to law enforcement?
Clearly, the core of the Agreement is designed to facilitate efficient and effective access to data. This, at its most basic, can only be a boon for the swift investigation and prosecution of serious crime. With threats developing by the day, authorities must do all they can to keep apace with the ever-changing landscape; the ability to obtain evidence quickly is, of course, key to early detection and proper investigation. This is particularly critical in relation to offences such as cybercrime, whose perpetrators can easily manipulate invisible jurisdictional lines to cover their tracks and put evidence out of reach.
Additionally, assurances have been given that any transfers made under the Agreement will be compatible with the relevant data protection laws. This, notably, could prevent companies from using strict laws, such as the EU’s General Data Protection Regulation, as a blanket excuse for refusing to provide potentially crucial evidence. While the details of the protections afforded to personal data under the Agreement are still hazy, such a structure would remove another formidable obstacle to international transfers of evidence.
It should be noted, however, that the Agreement does not – and should not – disregard fundamental privacy rights. The independent judicial oversight baked into the procedure should go some way to ensuring that authorities are not automatically provided with data which should otherwise be protected. Furthermore, the Agreement will not stop companies from encrypting data and places no obligation on them to break that encryption when evidence is provided to an investigator.
What impact might this new Agreement have on the work of the SFO?
The relationship between the SFO and its US counterparts is one with deep roots and a strong track record of co-operation. Cross-border investigations and resolutions (such as the ongoing investigation into Airbus and the Rolls-Royce Deferred Prosecution Agreement) are already commonplace, and will likely become ever more so with Lisa Osofsky, a dual US-UK citizen, at the helm of the SFO. However, while the new Agreement is being touted as a landmark pact that will radically speed up some investigations, its impact on the SFO’s work may, in practice, not be quite as dramatic.
The current state of white-collar investigations means that it may not be desirable, or even necessary, for the SFO to turn to the new Agreement as a method of obtaining evidence from the US. Indeed, it is likely that in many SFO and other white-collar investigations – for example, international insider dealing investigations – parallel investigations will have already been opened in both jurisdictions, with discussions being had and voluntary disclosures being made by co-operating organisations to both sets of agencies. Clearly, in cases requiring the acquisition of individuals’ electronic data where there is unlikely to be any such corporate co-operation, such as in terrorism investigations, the utility of the Agreement is more obvious. However, the extent of proactive disclosure in financial crime investigations could render the Agreement superfluous.
Adding another layer of doubt to the usefulness of the Agreement is the current position regarding the SFO’s power to compel foreign companies to produce documents held outside the jurisdiction under section 2 of the Criminal Justice Act 2003. Following a judicial review brought by KBR Inc. last year, the High Court held that section 2 notices can have extra-territorial application provided that there is a “sufficient connection” to the UK; it is very possible that, in circumstances where the SFO is already investigating potential misconduct, such a link can be easily established. Given that the issuance of section 2 notices is a well-trodden path, it may well be that this becomes the default position for obtaining US evidence. Again, the Agreement could fall by the wayside in favour of tried and tested methods of evidence gathering.
Finally, and perhaps most obviously, the new Agreement will not assist the SFO in cases where there is simply no US evidence to be obtained, or where that evidence does not lie with technology companies. Although much emphasis has been placed on the increasing globalisation of crime, the SFO’s current caseload is heavily focused on historic bribery and corruption cases, the evidence of which does not lie with technology platforms but within the records of the companies themselves. The fact remains that the agency is struggling to secure convictions even where there is no US element and no data out of reach. High-profile cases such as the failure to convict any individuals on the back of DPAs with Tesco and Sarclad cannot be chalked up to difficulties in obtaining evidence from technology companies located overseas.
That said, the Agreement represents a further potentially useful tool in the fight against global crime and will continue to strengthen the relationship between US and UK law enforcement. Its usefulness in individual cases which do not already involve high levels of co-operation is plain to see. However, whether it will dramatically speed up investigations relating to financial crime is doubtful, and it will not aid the SFO’s lagging conviction rate in cases where there is no US evidence to be obtained. Perhaps then, at least where the SFO is concerned, the Agreement is more of a warning shot: a signal to criminals worldwide that the US and UK will continue to work closely together and do everything in their power to detect, investigate and prosecute the most serious crimes. That, in itself, could prove a valuable deterrent.
1 Press release, “UK and US sign landmark data access agreement”, 4 October 2019: https://www.gov.uk/government/news/uk-and-us-sign-landmark-data-access-agreement