If you think the international mechanisms for cross-border law enforcement requests for information are clear, you’d be wrong.
The Internet is a global creature. A user in Country A can transmit, say, child pornography to an individual in Country B from a server in Country C. So, how does non-US law enforcement bearing non-US court orders for information get what they need from a US company to investigate that?
In the US, there is a cumbersome process that requires a non-US law enforcement entity first to contact the US Department of Justice’s Office of International Affairs (“OIA”). OIA then passes the non-US law enforcement official’s request to a US Attorneys Office. The US Attorneys Office can then apply to a US District Court to be designated as a Special Commissioner who can then act on behalf of the non-US law enforcement entity. In practice, this process can take many weeks or months.
Surely, this is a process that needs to be streamlined. Of course, international negotiations are tedious and slow, but the needs of cross-border law enforcement collaboration are going to increase, so continuing to live with an antiquated mechanism will only become more painful over time.
The other relevant US law, the Electronic Communications Privacy Act, is silent on the ability of US companies to disclose such information directly to non-US law enforcement bearing non-US court orders. Because the law is silent, some companies no doubt have decided to respond directly to non-US law enforcement requests based on non-US court orders. And other companies have no doubt concluded the opposite.
The Internet’s global dimension has vastly out-paced the provincial processes of cross-border law enforcement requests for information. And I assume that means that some of the bad guys aren’t getting caught.