European authorities are seeking new powers to allow police and intelligence agencies to directly obtain user data stored on the continent by US tech companies.
The move comes in the wake of an uptick in terrorist attacks, including several attacks in Britain and France, among others across the bloc. Tech companies have been asked to do more to help law enforcement, while police have long argued the process for gathering data overseas is slow and cumbersome.
The bloc’s justice commissioner, Vera Jourová, presented several plans to a meeting of justice ministers in Luxembourg on Thursday to speed up access for EU police forces to obtain evidence — including one proposal to allow police to obtain data “directly” from the cloud servers of US tech companies in urgent cases.
The news, first reported by Reuters, was confirmed by ZDNet.
“Commissioner Jourová presented at the Justice Council three legislative options to improve access to e-evidence,” said Christian Wiga, an EU spokesperson, in an email. “Based on the discussion between justice ministers, the Commission will now prepare a legislative proposal,” he added.
Discussions are thought to have included what kind of data could be made available, ranging from geolocation data to the contents of private messages.
Such powers would only be used in “emergency” situations, said Jourová, adding that safeguards would require police to ensure that each request is “necessary” and “proportionate.”
The proposals are understood to affect police access to data stored in datacenters in EU member states, such as Ireland, but specific details of the plans are not known.
A proposal is expected to be put forward by the end of the year.
It would mark a sharp reversal in long-standing policy by the Europeans, who have long praised the use of the so-called mutual legal assistance treaties — the formal process of asking a foreign government for citizen data to help with an active law enforcement investigation. A European country, for example, will have to make a formal request through another country’s justice ministry — which more often than not is the US, where many tech giants are located. However, not all nations have treaties with other states, and some treaties exclude potential evidence from tax-related matters, for example.
While US tech companies are obliged to respond to foreign police, their requests are often delayed by a slow and bureaucratic government process.
Tech giants sometimes break process by proactively responding in the midst of a crisis.
During the Charlie Hebdo terror attack in Paris in 2015, Microsoft turned over relevant data on the alleged attackers within an hour of an FBI request. Apple chief executive Tim Cook said this week that the iPhone maker had helped the UK government in the aftermath of the recent terror attacks.
But news of authorities gaining “direct” access to the servers of tech giants is reminiscent of the disclosure of the PRISM surveillance program by Edward Snowden in 2013.
Facebook, Google, and Microsoft were among those named as “partners” of the clandestine surveillance program, which allegedly gave the National Security Agency “direct access” to a total of nine tech firm’s servers — a claim that later largely unraveled.
Facebook declined to comment. When reached, Microsoft did not provide comment at the time of writing, and a Google spokesperson did not respond to a request for comment.