link to page 6 link to page 9 link to page 12 link to page 8 link to page 4 link to page 1 link to page 10
Access Now comments on the Commission’s Progress Report
following the Conclusions of the Council of the European
Union on Improving Criminal Justice in Cyberspace
May 2017
Table of content
Key recommendations
1.1 Expert process
2.1 Cooperation with service providers
2.2 Mutual Legal Assistance and Mutual Recognition Proceedings
2.3 Enforcing jurisdiction in cyberspace
3. Avenues for Further exploration
Conclusion
Key recommendations
■ There is a need for systematic reform and modernization of the MLAT process;
■ Prioritizing the reform of the MLAT process over direct cooperation;
■ A human rights impact assessment must precede any new legislation in this matter;
■ An evaluation of the European Investigation Order should be mandatory prior to the
legislative action tied to this investigation;
■ There must be an evidence-based approach to cross-border legal cooperation.
Introduction
Access Now is an international organisation that defends and extends the digital rights of
users at risk around the world.1 By combining innovative policy, user engagement, and
direct technical support, we fight for open and secure communications for al . Based in
Brussels since 2
010, our E
uropean t eam f ocuses on a
b
road range o
f i ssues a
t t he E
U level,
including privacy and data protection, surveil ance and cybersecurity, privatised
enforcement, trade agreements, and Net Neutrality. The protection of digital rights is an
important issue worldwide, but because the EU is a
g
lobal standard s
etter, f urthering these
rights in Europe is critical for people in al parts of the world. Access Now’s unique
positioning in Europe reflects a regional y focused expertise combined with a global vision
brought a
bout through close c
ooperation with c
ol eagues based i n I ndia, Tunisia, t he United
States of America, Argentina, Costa Rica, and the Philippines.
At Access Now we care deeply about the right t o p
rivacy a
nd a
dvancing d
igital s
ecurity for
users. As a part of that process we have extensively covered various areas of i nternational
law and their application to the digital sphere. Central to this have been Mutual Legal
Assistance Treaties (MLATs), which are key to the international framework that al ows law
enforcement in one country to get access to information stored i n a
nother country. Access
Now has repeatedly cal ed for improvements to the MLAT process in order to address its
known inadequacies; the process is t oo s
low for u
rgent law enforcement i nvestigations and
is often under-resourced and confusing.2
While the need for reform is dire, this must not come at the expense of the established
democratic integrity of our legislative frameworks. Increasingly, we are seeing a rise in
government's attempts to streamline cross border access to data by attempting to
circumvent the established MLAT process. The frustration with the analog MLAT s
ystem is
leading to an increase in direct cooperation between governments and industry, a
process
fraught with disregard for fundamental rights of users, transparency, accountability and
redress. The MLAT process, however, ensures safeguards which must be present in any
cross-border cooperation, regardless of whether the evidence is electronic or not, and
therefore should be updated and maintained to ensure the integrity of our legal process;
established protections must not conveniently disappear in the electronic ecosystem.
The overarching legal requirement for any EU or member s
tate level s
olutions for a
ccess of
the competent national authorities to data is laid down by the Court of Justice of the
European Union. The Charter of Fundamental Rights of the European Union and the
relevant jurisprudence m
ust b
e r espected e
ither in the MLA r eform o
r t he d
irect cooperation
approach.
We welcome the effort by the HOME and JUST Commission Services in facilitating a
multistakeholder platform to d
iscuss t he current i nvestigation i nto i mproving c
riminal j ustice
in cyberspace. We welcome the effort made at transparency and the frequency of
1 Access Now,
https://www.accessnow.org/
2 Access Now, https://www.accessnow.org/the-urgent-needs-for-mlat-reform/
consultation with civil society groups. This d
ocument i s our r eflection o
f t he c
urrent s
tate o
f
play of cross-border a
ccess t o i nformation, and s
eeks to provide h
elpful c
ommentary t o t he
Commission’s investigation.
In our feedback
we followed the structure and numbering of the Commission’s report.
1.1 Expert process The approach taken by the Commission in consulting a number of stakeholders in this
process has been thorough and inclusive. The M
ember S
tate questionnaire on c
ross-border
access to electronic evidence provides a detailed overview of national-level problems and
approaches currently faced by law enforcement a
nd p
aints t he m
ost s
uitable b
ackground f or
this investigation; that there is no common approach t o o
btain c
ross-border access t o d
igital
evidence. While the overview in the report is helpful, it would be immensely useful for
academia and civil society to be able to access the individual responses to scrutinize the
situation on national levels.3
1.2.1. Direct cooperation, in particular when the service provider is outside the
domestic jurisdiction
There are two causes for c
oncern r
egarding t he s
tate r
esponses to t his question. First, i s t he
discrepancy with which member states view applicability of their requests in regards to the
receiving company; the fact that 8 Member States already have agreements with foreign
service providers seems t o warrant i ts o
wn i nvestigation by t he C
ommission, if only t o review
the compatibility of these agreements with E
U l egal standards, in particular with Article 48 o
f
the Charter of Fundamental Rights of the European Union (the Charter).
Such an evaluation must be a part of a comprehensive human rights impact assessment
which should precede any further steps of the Commission’s investigation into this matter.
Second, the disparity between categories of data by the various member states is cause to
worry regarding the compatibility of domestic regimes with the incoming General Data
Protection Regulation4, the Police Directive, and the current e-Privacy Directive and its n
ew
proposal. Regardless of the exact scope of application of the different legal regimes, A
rticle
7 and 8 of Charter on the fundamental r
ights t o p
rivacy a
nd d
ata p
rotection a
pply. G
iven the
inconsistency of the terminology used by the member states it is extremely difficult t o j udge
the effectiveness of existing cross-border legal cooperation.
Recital 2 of the Police Directive lays down that “[t]he principles of, and rules on the
protection of natural persons with regard to the processing of their personal data should,
whatever their nationality or residence, respect their fundamental rights and freedoms, in
particular their right to the protection of personal data.” Fol owing from the obligations to
respect fundamental rights, this principle should be taken into account for the definition of
connecting factors.
3 There is a pending freedom of information request for the national-level responses to the
questionnaire, which was filed in December 2016 and remains unanswered to date;
https://www.asktheeu.org/en/request/responses_to_the_questionnaire_o#outgoing-7890
4 Regulation (EU) 2016/679, http://eur-lex.europa.eu/eli/reg/2016/679/oj
1.2.2. Mutual Legal Assistance (MLA) with third countries
Many of the problems highlighted by member states in this category are among known
issues endemic to the current MLA set-up.5 The issue of insecure and inadequate
communications channels is appropriately highlighted by the Commission. Member States
have national as wel as EU-level obligations to respect individuals’ rights to protection of
personal data (Article 8
o
f t he C
harter) and c
onfidentiality. T
ransmitting any c
ategory o
f data
relevant to an investigation must be properly secured and should be adequately tracked;
contrary to what the member state responses suggest.
1.2.3. Enforcement of jurisdiction in cyberspace
There are multiple issues for concern in this s
ection, b
ut n
one m
ore s
o than t he s
uggestion
that if t he e
xistence of evidence, or its location i s unclear, the member s
tates p
roceed t o f ile
MLA requests on multiple fronts in a broad search for one which may potential y receive a
response. While we respect the frustration that not knowing the location of potential
evidence can cause to an investigation, the state response to this question needs to be in
line with the criteria set out in the Necessary and P
roportionate P
rinciples which s
tate t hat,
“Al agreements for the international transfer of Protected Information must include human
rights safeguards. States should only initiate and maintain ful cooperation relationships
with States whose justice systems adequately protect human rights. States should ensure
that any request for User Data complies with international law and policies and human
rights.”6 The practical application of the safeguards o
utlined i n t he P
rinciples c
an f urther b
e
examined through the Access Now Universal Implementation Guide for the International
Principles on the Application of Human Rights to Communications Surveil ance.7 See our
comments for unknown locations also at section 2.3.3.
Summary
There are s
everal relevant issues r
aised b
y t he member s
tates r
egarding the dysfunctionality
of the existing MLA system and issues of current cross-border cooperation. However, as
demonstrated above, there are several instances where the Commission should have
increased cause for concern over the gaping disparity between existing national-level
approaches. In line with the Commission’s commitment to better regulation as wel as the
REFIT platform, a thorough human rights impact assessment must precede any further
investigation into the matter of improving criminal justice in cyberspace.8
5 Similar issues and more have been identified by our own study into Mutual Legal Assistance
Treaties, including the failure to properly protect user information and privacy. More at:
https://www.accessnow.org/the-urgent-needs-for-mlat-reform/
6 13 International Principles on the Application of Human Rights to Communications Surveil ance;
https://en.necessaryandproportionate.org/
7 Access Now implementation guide of the Necessary and Proportionate Principles:
https://necessaryandproportionate.org/files/2016/04/01/implementation_guide_international_principles
_2015.pdf
8 The Commission has repeatedly committed itself to improve legislation through evidence-based law
making and thorough impact assessments of considered legislation;
https://ec.europa.eu/info/law/law-making-process/better-regulation-why-and-how_en
2.1 Cooperation with service providers In the progress report, the Commission correctly identifies a number of issues which stem
from direct cooperation between a member c
ountry a
nd a
service p
rovider, o
ften l ocated i n
a third party outside the EU legal framework. The identified issues of transparency,
accountability, attribution, reliability and authenticity are key concerns for al stakeholders
involved. As the C
ommission r ightful y p
oints o
ut, t here a
re s
evere o
bstacles w
hen i t comes
to enforcement in remote jurisdictions -- an issue which is entirely unpatchable t hrough a
n
informal extrajudicial direct cooperation agreement between a government and industry.
The progress report makes it appear that the variance in percentage figures regarding
complying with requests is a problem at the platform level. This ignores the fact that
agencies across different states may be sending wrongful, improper requests, resulting in
legal y justified pushback from companies.9
These democratic deficiencies of direct cooperation cannot be overcome outside the
framework of rule of law, and based on its own analysis, the Commission should t herefore
focus on creating a functional legal framework; updating and re-negotiating the MLAT
infrastructure to better r espond t o the f ast-paced needs o
f l aw e
nforcement; n
ot a
ttempting
to circumvent it. U
nder MLATs, i ndividuals r etain the s
ame r ights and l egal s
tandards w
hich
they would in a purely domestic investigation. It is essential that for the sake of
transparency, accountability and redress, there is a functional legal mechanism in place
rather than an ad-hoc agreement with little traceability.
Problems with direct cooperation; UK - US case
Having identified the same issues as the Commission -- t he fact t hat most tech companies
are resident t o t he U
.S., a
nd under U
.S. law cooperation with l aw e
nforcement in t his m
atter
is voluntary or prohibited depending on the type of data -- in July 2016, the U.S.
government p
roposed a
n
ew piece o
f legislation w
hich w
ould e
mpower the U
.S. to r each a
n
agreement with other governments, starting with the UK, to al ow direct requests for u
sers’
data from any tech company within the U.S. It would also grant the U.S. government
reciprocity to make direct requests to companies in the countries where agreements are
reached. While this has been identified as a great opportunity “if done right”, the current
agreement fails to adequately safeguard individuals and their privacy.10
This proposed agreement would let a court —
o
r, i n s
ome c
ases, a
l aw e
nforcement o
fficial
— in one country issue a legal y binding order on a company in another country. This can
significantly undermine legal protections and harm human rights. Law enforcement in the
UK and elsewhere need to conduct valid investigations, and there should be appropriate
tools to access data. But we cannot al ow privacy safeguards to deteriorate, and,
unfortunately, the proposed legislation does not guarantee that a partner country wil
9 Access Now Transparency Reporting Index, available at:
https://www.accessnow.org/transparency-reporting-index/
10 Analysis of the proposal by Jennifer Daskal, Associate Professor at American University
Washington Col ege of Law,
https://www.justsecurity.org/29203/british-searches-america-tremendous-opportunity
respect human rights standards. Nor does it offer much-needed improvements for the
existing MLAT system, rather, it circumvents the system entirely.11
In our analysis of the UK-US direct cooperation agreement, we have concluded there are
four significant deficiencies in language and p
rotections w
hich would i nherently t ranslate t o
any similar agreements within other EU countries;
1. The vague nod t o “
adhere t o a
pplicable international h
uman r ights s
tandards” s
ets a
low standard and enables agreements with countries who have poor human rights
records.
2. The inclusion of communications interception with immediate transmission (live
wiretaps) has not been given the necessary heightened protections, as guaranteed
under most national legislative frameworks.12
3. Direct cooperation which supersedes the established legislative framework wil only
broaden state level surveil ance, which is increasingly causing concern throughout
the EU.
4. This agreement does not address the issues endemic within the MLAT system, but
rather places temporary fixes to the process.
When questioned by the Washington Post in February 2016, two members of the US
administration admitted to this loose standard with matter-of-fact tone saying t hat “
[British
privacy protections] may not be word for word exactly what ours are, but they are
equivalent in the sense of being robust protections.” The official further c
larified t hat i t w
as
not the intent of the agreement to establish a standard for legal process in the other
country, stating that it would be undesirable for either party to start dictating a specific
standard of protections.13
Summary
While direct cooperation with providers has been resorted to as a reaction to the
malfunctioning MLAT system, it should n
ot be a
dopted a
s a
long t erm -
o
r i deal -
s
olution t o
the issue of cross-border access to e-evidence. The simplicity which comes from such
simplified processes is the same simplicity which places human rights standards on the
line, and displaces legal certainty for individuals.
11 Access Now,
https://www.accessnow.org/four-ways-new-proposal-bypassing-mlats-fails-human-rights/
12 As demonstrated under the ‘Initiative for a Directive of the European Parliament and of the Council
regarding the European Investigation Order in criminal matters.’ Answers to the questionnaire on
interception of telecommunications:
http://www.statewatch.org/news/2011/may/eu-council-eio-quest-interception-14591-rev1-10.pdf
13 Washington Post: The British want to come to America — with wiretap orders and search warrants,
By El en Nakashima & Andrea Peterson, Published February 4, 2016;
https://wpo.st/CKEe2
2.2 Mutual Legal Assistance and Mutual Recognition Proceedings
The Commission’s assessment of the current issues with MLATs identifies three central
issues. The requests take too long to be processed, the process is resource-heavy and
complicated, and it lacks transparency. These issues have been repeatedly raised during
MLAT reviews as wel as having been voiced by civil s
ociety.14 T
here i s a c
lear need f or t he
standardization of process between cooperating countries, as wel as an increase in
capacity and funding for the bodies processing the r equests; b
oth k
ey issues w
hich should
be the focus of the Commission’s MLAT reform process.
The European Investigation Order
This section of the r eport a
lso focuses o
n t he E
uropean I nvestigation Order ( EIO), w
hich w
il
replace the Convention on Mutual Assistance in Criminal Matters between the Member
States of the European Union. The report concludes that the EIO “provides for deadlines,
standardised forms, and a limited possibility to r efuse t he e
xecution o
f r equests.” W
hile t he
EIO is likely to streamline cooperation within the EU (stil a hypothetical assertion at this
time), as the Commission rightful y points out, it was not designed as an instrument to
address the issues currently experienced under the MLATs.
In 2010, the Commission submitted comments to a draft of the EIO, stating that, “There i s
neither a proper i mpact assessment n
or a
n e
xplanatory m
emorandum that p
rovides e
nough
material to state that the draft Directive respects the Charter and the ECHR.”15 In this
commentary, the Commission further asserted that the detailed statement which was
provided in June 2010 is insufficient and misunderstands the provisions in the C
harter and
therefore “fails to identify and assess the more important fundamental rights potential y
affected by this [EIO] proposal.16 The absence of safeguards was also criticized by the
European Data Protection Supervisor who noted the lack of any reference to data
protection i nstruments in the E
IO a
nd s
aid this “
once a
gain raise[s] t he f undamental i ssue o
f
the incomplete and inconsistent application of data protection principles in the field of
judicial cooperation in criminal matters”.17 Based on this feedback, the wording of the
respect for fundamental rights a
s wel a
s t he C
harter was c
hanged in t he final version o
f the
EIO, but no further satisfaction for the impact assessment, extension of safeguards or
detailed direction was provided.
Based on the fact that there is no evidence of the functionality or efficiency o
f t he E
IO, n
or
its compatibility with EU standards for fundamental rights protections, it is an inaccurate
expectation to say that the EIO wil improve any of these problems with certainty - the
Directive is meant to be ful y transposed only in May 2017 with an evaluation to b
e carried
14 Access Now, https://www.accessnow.org/the-urgent-needs-for-mlat-reform/
15 JUST/B/1/AA-et D(2010) 6815;
http://ec.europa.eu/justice/news/intro/doc/comment_2010_08_24_en.pdf
16 Refers to Council doc. 9288/10 ADD 2, Published in 23 June 2010
17 European Data Protection Supervisor opinion on European Investigation Order, 18 October 2010,
Para 28
out in May 2
019.18 There i s a
g
reat d
anger to fundamental rights’ standards if - as t he r eport
asserts - the EIO is to be used as a blueprint for c
ooperation w
ith third c
ountries/providers
at this stage.
2.3 Enforcing jurisdiction in cyberspace
The issue of jurisdiction in cyberspace is a lively cause for debate among academics and
policymakers alike. The two key arenas of debate (if somewhat Euro-centric); the
Convention Committee of the Budapest Convention on Cybercrime (T-CY) plenary efforts
mentioned in the report, as wel as the Tal inn Manual 2nd ed., have provided little comfort
or certainty on how to approach the issue.19 The Commission’s report points out that
certain cases should not merit the involvement of a third country if the case does not
pertain t o a
n individual under t heir jurisdiction, which i s a
s
eemingly r easonable a
rgument to
make based on the evidence. H
owever, no c
lear a
nd uniform b
asis f or jurisdiction h
as b
een
established. Addressing this issue must n
ot create legal uncertainty for i ndividuals a
nd their
right to privacy, which the temporary n
ational-level s
olutions h
ave o
ften d
one. F
urthermore,
as the Tal inn Manual 2.0 points o
ut, “
two or more S
tates [may] o
ften e
njoy jurisdiction over
the same person or object in respect to the same event.”
2.3.3. The loss of location
This section focuses on one of the most contentious current issues of the digital s
phere -
-
the issue of attribution.20 While t here s
eems t o b
e a
lot o
f b
uzz a
round attribution in t erms of
e-evidence and cyber crime, attribution as a problem applies t o a
ny type o
f i nvestigation i n
the analog world as wel , and the same protections for individuals must apply in both of
those instances. Far too often, is the chase for perfect attribution a reason to steamrol
individual’s rights to privacy, freedom of expression, and presumption of innocence which
is the cornerstone of the fundamental rights recognized in the Charter within the area of
criminal justice. A
ttacking anonymization o
r e
ncryption t ools, a
t actic w
itnessed i ncreasingly
often both within and outside of the EU, creates far more r isks for i ndividuals t han it b
rings
solutions.
While the issue of attribution is a serious obstacle for investigations, the solution must not
pose a risk to anonymity, encryption or other digital security tools currently under use.
According to a report f rom t he U
nited Nations s
pecial r apporteur on f reedom o
f e
xpression,
David Kaye, encryption and anonymity on the internet are necessary for the advancement
of human rights.21 In his report, he a
sserts that p
rivacy i s a “
gateway f or freedom o
f o
pinion
and expression,” and therefore encryption and anonymity “deserve strong protection”
because they “enable individuals to exercise their rights to freedom of opinion and
18 DIRECTIVE 2014/41/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL;
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014L0041&from=EN
19 Lawfare Blog: The Tal inn Manual 2.0, Sovereignty 1.0, Andrew Keane Woods;
https://www.lawfareblog.com/tal inn-manual-20-sovereignty-10
20 See coverage by WIRED: https://www.wired.com/2016/12/hacker-lexicon-attribution-problem/
21David Kaye, Report on encryption, anonymity and the human rights framework, Published May 2015
http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/Cal ForSubmission.aspx
expression in the digital age.” Kaye specifical y advises that states should not restrict
encryption and anonymity through blanket prohibitions which fail the necessary and
proportionate test.22 He further advises against state u
se o
f m
easures which w
ould weaken
the security individuals may enjoy online, such as through backdoors, weak encryption
standards and key escrows.
The loss of location in investigations, cannot be solved by arbitrarily de-anonymizing or
de-stabilizing the internet's architecture. The report hints that several member states have
taken to “alternative measures” which include “accessing an information system remotely.”
While, government hacking has been repeatedly cited as the new age solution to secure
infrastructure and systems, there are stil human rights standards which must be respected
and safeguards which must be implemented for this i nvestigation tools t o f al w
ithin the lines
of rule of law.23
It must be acknowledged, that al government hacking substantial y interferes with human
rights, including the right to privacy and freedom of expression. While in many ways this
interference may be similar to more traditional government activity, the nature of hacking
creates new threats to human rights that are greater in both scale and scope. Hacking can
provide access to protected information, both stored or in transit, or even while it is being
created or drafted. Exploits used in operations c
an act u
npredictably, d
amaging hardware o
r
software or infecting non-targets a
nd c
ompromising their i nformation. E
ven w
hen a
p
articular
hack is narrowly designed, it can have unexpected and unforeseen impact. Based on our
analysis of human rights law, we conclude that there must be a presumptive prohibition on
al government hacking. In addition, we reason that more information about the history and
the extent of government hacking is necessary to determine the ful ramifications of the
activity. The Commission should consider these adverse impacts of member states current
practices and take care not to expand, but rather limit, their breadth.24
3. Avenues for Further exploration 3.1. Practical Improvements
The Council’s request for the streamlining of mutual recognition procedures fits i n l ine w
ith
the general need to update the MLAT mechanism. The use of e-CODEX, and existing
secure system for the exchange of legislative documents (and ease of cross-border legal
procedures), is a good way to create this interoperability and streamline communication
within Europe. However, both the e-CODEX as wel as the EIO are not appropriate
22 13 International Principles on the Application of Human Rights to Communications Surveil ance;
https://en.necessaryandproportionate.org/
23Access Now, A Human Rights Response to Government Hacking;
https://www.accessnow.org/cms/assets/uploads/2016/09/GovernmentHackingDoc.pdf
24Access Now, A Human Rights Response to Government Hacking;
https://www.accessnow.org/cms/assets/uploads/2016/09/GovernmentHackingDoc.pdf
mechanisms to address the issue of cooperation with third countries and companies with
seats in foreign countries. Both of those tools were created for a much more limited use
and should not be repurposed without adequate impact considerations and due
safeguards.
As mentioned in our comments on section 2
.2., several questions a
round the a
pplication of
the EIO remain; its potential as an enabler of mass scale surveil ance as wel as broader
human rights considerations - or lack thereof - have remained unaddressed by the
Commission for several years.25 It is therefore inappropriate, to begin considering
repurposing an untested framework to a much broader scale, which, as suggested in the
report, could include cooperation with third countries and possibly direct cooperation with
service providers. The implications of this broad authority under the EIO could have
detrimental impacts on individual’s rights -- a concern which cannot be disregarded until a
proper impact assessment on the application of the EIO to these broader uses is
conducted. It is the Commission’s responsibility and obligation to create evidence-based
legislation, something which would be entirely absent in this broad repurposing of the EIO
framework.
The remainder of this section is dedicated to very tangible policy improvements for law
enforcement communication with service providers; al of which should be encouraged,
although not in order to circumvent MLATs, b
ut rather t o s
upplement o
r i mprove t hem. T
he
broader introduction of a direct point of contact, standardized and unified approaches as
wel as training for law enforcement are al very tangible ways in which to improve the
functionality of the MLAT system as a whole while maintaining the legal certainty these
treaties guarantee.
While companies whose data are subject to information requests can play a significant role
by clarifying their own jurisdictional requirements and by taking clear positions on the
standards they believe govern the transfer of data, Access Now has previously suggested
that governments undergo a number of complementary means of fixing the MLAT problem;26
● Protect users through adequate human rights s
afeguards b
y r
equiring t he r
equesting
state to certify that it has adequate human rights protections in place, creating clear
guidelines for handling emergency cases, and using a dual criminality standard;
● Reduce legal uncertainty and inconsistency by making clear which laws apply in
which situations and applying higher standards for more sensitive information;
● Remove inefficiency and delays by improving resources, using electronic request
forms, and designating a single agency as a point of contact;
● Create transparency through publicizing clear, easily accessible i nformation c
overing
the way in which online records are shared with foreign law enforcement and by
providing notification of access;
● Establish accountability, remedies, authentication, and oversight;
25 Statewatch Analysis, The proposed European Investigation Order: Assault on human rights and
national sovereignty. By Steve Peers, Professor of Law, University of Essex. Published May 2010
http://www.statewatch.org/analyses/no-96-european-investigation-order.pdf
26 https://www.accessnow.org/the-urgent-needs-for-mlat-reform/
● Provide accessibility for defendants by permitting governments to seek records on
their behalf;
● Promote comprehensive geographical coverage; and
● Keep up with technological changes.
We encourage the Commission’s focus on these improvements, and the integration of
these suggestions into the MLAT update process rather than seek to circumvent them.
3.2. Middle- to long-term solutions
Given the clean-cut solutions proposed in the previous section on improving cooperation,
the strategies explored in 3.2. seem both disproportionate and unnecessary. While the
increase in funding is a lucrative reason to expand a program, these resources can be
directed at executing the aforementioned improvements and streamlining the underfunded
MLATs in general - thus improving an existing program rather than re-inventing the wheel.
The Commission’s proposal in this report t o f urther pursue t he i dea o
f u
nmediated f orms of
cross-border access to electronic evidence - as defined in the report - is entirely
unacceptable from a human rights perspective.
Conclusion There are real problems with the c
urrent M
LAT p
rocess. B
ilateral a
greements c
ould h
elp u
s
address the inconsistency, inefficiency, and lack of support that law enforcement faces in
current systems for data access. Better systems would reduce the incentive for data
localization laws, encryption mandates, and overuse of national security authorities.
However, if we don’t do it right, these agreements could also do irreparable damage to
global human rights. They could e
nd up lowering l egal s
tandards, d
ecreasing t ransparency,
and blocking avenues for access to remedy. A better process could be created, and if
properly targeted and robustly implemented, could help law enforcement get expedited
access to important data in the most urgent criminal cases. However, such a framework
must guarantee human rights protections. The simple fact that evidence is electronic does
not do away with due process guaranteed under the Charter. It is essential that the
Commission focuses its efforts on strengthening the MLAT process rather than creating
alternate extrajudicial avenues with predetermined expiration dates.
There is a need to shift this investigation from a questionnaire-based inquiry to an
evidence-based policy project; this requires the inclusion of robust human rights impact
assessments and evaluations of current smal er frameworks - such as the EIO. Simply
settling for the fact that there is no conclusive statistic to support whether a framework
functions or not is no basis for furthering its scope and reach; it does not do justice t o t he
human rights commitments the EU has signed up to.
We wil be looking forward to the comprehensive options paper which is meant to be
delivered by June 2017, as wel as further meetings and opportunities to discuss this
complex issue with al interested parties.
**********************************
For more information, please contact:
Lucie Krahulcová
EU Policy Associate
xxxxx@xxxxxxxxx.xxx
-or-
Fanny Hidvégi
European Policy Manager
xxxxx@xxxxxxxxx.xxx