“Shining a light through the CLOUD: Facebook’s end to end encryption announcement is a direct challenge to US CLOUD Act and UK Crime Overseas Production Orders Act 2019”
The news that Facebook announced this morning should surprise no one in its timing. The announcement, that Facebook are looking to provide end to end encryption for communications between its users, comes just when law enforcement in the US and UK are on the cusp of a significant enhancement of their data gathering capability.
The DoJ in the US through the CLOUD Act, and all national Police forces, SFO, HMRC and FCA (among others) in the UK through the CoPO Act, will soon be able to secure orders in their home courts that will be enforceable in the other’s jurisdiction to require bigtech to hand over data to assist criminal enforcement investigations. The agreement between the US and UK is designed to speed up the traditionally slow Mutual Legal Assistance process, which can take months if not years.
But if Facebook allows its users to conduct conversations using end to end encryption the result for US and UK law enforcement could be data that is worthless. The clash between bigtech’s desire to protect user privacy and US & UK criminal enforcement agencies’ need to enhance their investigative capability has been renewed.
Given Congress will not finish its line by line scrutiny of the US/UK data sharing agreement until the spring of next year (and until it gives approval CLOUD & CoPO orders will not be available) this is a bold move by Facebook. Mark Zuckerberg may be dusting off that suit for further appearances before both US and UK law makers in the near future.