Surveillance deal would allow British spies easier US access

WASHINGTON — If US and British negotiators have their way, MI5, the British domestic security service, could one day go directly to American companies like Facebook or Google with a wiretap order for the online chats of British suspects in a counterterrorism investigation.

The trans-Atlantic allies have quietly begun negotiations this month on an agreement that would enable the British government to serve wiretap orders directly on US communication firms for live intercepts in criminal and national security investigations involving its own citizens. Britain would also be able to serve orders to obtain stored data, such as e-mails.

The previously undisclosed talks are driven by what the two sides and tech firms say is an untenable situation in which foreign governments such as Britain cannot quickly obtain data for domestic probes because it happens to be held by companies in the United States. The two countries recently concluded a draft negotiating document, which will serve as the basis for the talks. The text has not been made public, but a copy was reviewed by The Washington Post.


The British government would not be able to directly obtain the records of Americans if a US citizen or resident surfaced in an investigation. And it would still have to follow Britain’s legal rules to obtain warrants.

Get Ground Game in your inbox:
Daily updates and analysis on national politics from James Pindell.
Thank you for signing up! Sign up for more newsletters here

Any final agreement will need congressional action, through amendments to surveillance laws such as the Wiretap Act and the Stored Communications Act.

Senior administration officials say they have concluded that British rules for data requests have ‘‘robust protections’’ for privacy and that they will not seek to amend them. But British and US privacy advocates argue that civil liberties safeguards in Britain are inadequate.

The negotiating text was silent on the legal standard the British government must meet to obtain a wiretap order or a search warrant for stored data. Its system does not require a judge to approve search and wiretap warrants for surveillance based on probable cause, as is done in the United States.

Instead, the home secretary, who oversees police and internal affairs, approves the warrant if that cabinet member finds that it is ‘‘necessary’’ for national security or to prevent serious crime and that it is ‘‘proportionate’’ to the intrusion.


If US officials or Congress do not seek changes in the British standards, ‘‘what it means is they’re going to allow a country that doesn’t require independent judicial authorization before getting a wiretap to continue that practice, which seems to be a pretty fundamental constitutional protection in the United States,’’ said Eric King, a privacy advocate and visiting lecturer in surveillance law at Queen Mary University of London. ‘‘That’s being traded away.’’

Senior administration officials said they are seeking to relieve the pressure on US companies caught in a ‘‘conflict of laws.’’ The United States bars American firms from providing intercepts to anyone but its government after US law enforcement has obtained a court order. Britain wants to directly compel the production of the data and has already passed legislation to make that happen.

To obtain stored e-mails, a foreign government must rely on a mutual legal assistance treaty by which the country makes a formal diplomatic request for the data and the Justice Department then seeks a court order on its behalf — a process that is said to take an average of 10 months.

‘‘This has been an issue with the UK and other countries for a number of years,’’ said one senior administration official, who like several others spoke on the condition of anonymity to discuss the negotiations. ‘‘Because of technological changes, the UK can no longer access data in the UK like they used to be able to, and more and more, UK nationals — including criminals in their country — are using providers like Google, Facebook, Hotmail. The more they are having challenges getting access to the data, the more our US providers are facing a conflict of laws.’’

Administration officials and officials from several tech firms said the stakes are high if no agreement is reached.


They fear that if the trend continues, more foreign governments will force US firms to host their data in those countries, a practice known as ‘‘data localization.’’ They also fear passage of laws, like the one in Britain that has not yet been enforced, requiring foreign firms doing business in their country to comply with their surveillance orders, even if the orders conflict with US law.

‘‘We’re reaching a moment where the status quo is no longer workable,’’ said an official at a major tech firm. ‘‘We’re concerned about the mounting frustration and the inability of foreign governments, including the UK, to receive responsive data in law enforcement investigations in a timely manner.’’

Up to now, he said, US firms have ‘‘held their ground’’ when pressured to turn over data or conduct wiretaps in conflict with US law. ‘‘Increasingly, that’s not something we’ll be able to do,’’ he said.

Last week, the White House gave the State Department the green light to begin the formal negotiations. Officials stressed that they were in the very early stages of the talks, which probably will go on for months. They said they will seek to ensure that any agreement protects civil liberties.

But Gregory Nojeim, senior counsel at the Center for Democracy & Technology, a Washington-based privacy group, said: ‘‘I’m very concerned that this agreement could represent a dumbing down of surveillance standards that have always pertained in the United States. Enabling foreign governments to conduct wiretapping in the United States would be a sea change in current law. I don’t see Congress going down that road.’’

Senior administration officials said the goal is to help a close ally investigate serious crimes, something that the United States has a shared interest in.

One potential example: London police are investigating a murder-for-hire plot, and the suspects are using Hotmail to communicate, and there’s no connection to the United States other than the fact that the suspects’ e-mails are on a Microsoft server in Redmond, Wash. Today, the police would have to use the mutual legal assistance treaty process and wait months.

‘‘Why should they have to do that?’’ said the administration official. ‘‘Why can’t they investigate crimes in the UK, involving UK nationals under their own laws, regardless of the fact that the data happens to be on a server overseas?’’

Jennifer Daskal, a national security law professor at American University and a former Justice Department official, said before US firms are asked to turn over data, they should be assured that the legal standard for the request is sufficiently high. It need not mimic precise US standards, she said, but should at least require that requests be targeted, subject to independent review and privacy protections that weed out irrelevant information. If the requirements are not in the agreement, Congress should mandate them, said Daskal, who is part of a coalition of privacy groups, companies, and academics working on the issue.

A second administration official said US officials have concluded that Britain ‘‘already [has] strong substantive and procedural protections for privacy.’’ He added: ‘‘They may not be word for word exactly what ours are, but they are equivalent in the sense of being robust protections.’’

As a result, he said, Britain’s legal standards are not at issue in the talks. ‘‘We are not weighing into legal process standards in the UK, no more than we would want the UK to weigh in on what our orders look like,’’ he said.

British Home Office officials declined to comment directly on the talks. ‘‘We are clear about the need for law enforcement and the security and intelligence agencies to have the powers they need in the digital age, subject to strict safeguards and world-leading oversight arrangements,’’ a representative said in a statement to the Post.

The agreement is intended to be reciprocal, so that the US government could directly request wiretaps or stored data of a British provider as long as the target is American and not a British citizen.