Washington — Alphabet’s Google will press US legislators on Thursday to update laws on how governments access customer data stored on servers located in other countries, hoping to address a mounting concern for both law enforcement officials and Silicon Valley.
The push comes amid growing legal uncertainty, both in the US and across the globe, about how technology firms must comply with government requests for foreign-held data. This has raised alarm that criminal and terrorism investigations are being hindered by outdated laws that make the current process for sharing information slow and burdensome.
Kent Walker, Google’s senior vice-president and general counsel, will announce the company’s framework during a speech in Washington, DC, at the Heritage Foundation, a conservative think tank that wields influence in the Trump White House and Republican-controlled congress.
The speech will urge congress to update a decades-old electronic communications law and follows similar efforts by Microsoft. Both companies have previously objected in court to US law enforcement efforts using domestic search warrants for data held overseas because the practice could erode user privacy. But the tech industry and privacy advocates have also admitted the current rules for appropriate cross-border data requests are untenable.
The California-based company calls for allowing countries that commit to baseline privacy, human rights and due process principles to directly request data from US providers without the need to consult the US government as an intermediary. It is intended to be reciprocal.
Countries that do not adhere to the standards, such as an oppressive regime, would not be eligible.
Google did not detail specific baseline principles in its framework. “This couldn’t be a more urgent set of issues,” Walker said in an interview, noting that recent acts of terrorism in Europe underscored the need to move quickly.
Current agreements that allow law enforcement access to data stored overseas, known as mutual legal assistance treaties, involve a formal diplomatic request for data and require the host country to obtain a warrant on behalf of the requesting country. This can often take several months.
In January, a divided federal appeals court refused to reconsider its decision from last year that said the US government could not force Microsoft or other companies to hand over customer data stored abroad under a domestic warrant.
The US justice department has until midnight on Friday to appeal the decision in the supreme court. It did not respond to a request for comment. US judges have ruled against Google in similar recent cases, however, elevating the potential for supreme court review.
Companies, privacy advocates and judges themselves have urged congress to address the problem rather than leave it to courts. Google will also ask congress to codify warrant requirements for data requests that involve content, such as the actual message found within an e-mail.
Chris Calabrese, vice-president of policy at the Centre for Democracy & Technology, said Google’s framework was “broadly correct” but urged caution about the process for letting countries make direct requests to providers: “We need to make sure the people in the club are the right people.”